2008-11-10 21:21:49 +01:00
|
|
|
/* Copyright 2000-2008 MySQL AB, 2008 Sun Microsystems, Inc.
|
2000-08-21 15:35:27 +04:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
2006-12-23 20:17:15 +01:00
|
|
|
the Free Software Foundation; version 2 of the License.
|
2000-08-21 15:35:27 +04:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
2000-08-21 15:35:27 +04:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
|
|
|
|
|
2000-12-15 13:18:52 +02:00
|
|
|
/* sql_yacc.yy */
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-08-15 19:08:44 +04:00
|
|
|
/**
|
|
|
|
@defgroup Parser Parser
|
|
|
|
@{
|
|
|
|
*/
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
%{
|
2007-08-14 20:31:06 -06:00
|
|
|
/* thd is passed as an argument to yyparse(), and subsequently to yylex().
|
2002-11-30 16:43:53 +01:00
|
|
|
** The type will be void*, so it must be cast to (THD*) when used.
|
|
|
|
** Use the YYTHD macro for this.
|
2002-11-26 14:18:16 +01:00
|
|
|
*/
|
|
|
|
#define YYPARSE_PARAM yythd
|
2002-11-30 16:43:53 +01:00
|
|
|
#define YYLEX_PARAM yythd
|
2002-11-26 14:18:16 +01:00
|
|
|
#define YYTHD ((THD *)yythd)
|
2008-07-14 15:41:30 -06:00
|
|
|
#define YYLIP (& YYTHD->m_parser_state->m_lip)
|
2002-11-26 14:18:16 +01:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
#define MYSQL_YACC
|
|
|
|
#define YYINITDEPTH 100
|
2007-08-24 09:08:11 -06:00
|
|
|
#define YYMAXDEPTH 3200 /* Because of 64K stack */
|
2003-12-19 20:52:13 +03:00
|
|
|
#define Lex (YYTHD->lex)
|
2002-10-30 13:18:52 +02:00
|
|
|
#define Select Lex->current_select
|
2000-07-31 21:29:14 +02:00
|
|
|
#include "mysql_priv.h"
|
2001-10-09 14:53:54 +02:00
|
|
|
#include "slave.h"
|
2000-07-31 21:29:14 +02:00
|
|
|
#include "lex_symbol.h"
|
2002-10-02 13:33:08 +03:00
|
|
|
#include "item_create.h"
|
2004-11-11 19:01:46 -08:00
|
|
|
#include "sp_head.h"
|
|
|
|
#include "sp_pcontext.h"
|
|
|
|
#include "sp_rcontext.h"
|
|
|
|
#include "sp.h"
|
2008-05-09 09:43:02 +02:00
|
|
|
#include "event_parse_data.h"
|
2000-07-31 21:29:14 +02:00
|
|
|
#include <myisam.h>
|
2001-09-22 17:40:57 +03:00
|
|
|
#include <myisammrg.h>
|
2000-08-21 15:35:27 +04:00
|
|
|
|
2009-07-15 16:46:25 +03:00
|
|
|
/* this is to get the bison compilation windows warnings out */
|
|
|
|
#ifdef _MSC_VER
|
|
|
|
/* warning C4065: switch statement contains 'default' but no 'case' labels */
|
|
|
|
#pragma warning (disable : 4065)
|
|
|
|
#endif
|
|
|
|
|
2002-11-30 16:43:53 +01:00
|
|
|
int yylex(void *yylval, void *yythd);
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
const LEX_STRING null_lex_str= {0,0};
|
2005-01-16 13:16:23 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
#define yyoverflow(A,B,C,D,E,F) \
|
|
|
|
{ \
|
|
|
|
ulong val= *(F); \
|
|
|
|
if (my_yyoverflow((B), (D), &val)) \
|
|
|
|
{ \
|
|
|
|
yyerror((char*) (A)); \
|
|
|
|
return 2; \
|
|
|
|
} \
|
|
|
|
else \
|
|
|
|
{ \
|
|
|
|
*(F)= (YYSIZE_T)val; \
|
|
|
|
} \
|
|
|
|
}
|
2000-07-31 21:29:14 +02:00
|
|
|
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
#define MYSQL_YYABORT \
|
|
|
|
do \
|
|
|
|
{ \
|
|
|
|
LEX::cleanup_lex_after_parse_error(YYTHD);\
|
|
|
|
YYABORT; \
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
#define MYSQL_YYABORT_UNLESS(A) \
|
2005-04-04 00:50:05 +02:00
|
|
|
if (!(A)) \
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
{ \
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));\
|
|
|
|
MYSQL_YYABORT; \
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
|
|
|
|
Bug#21029 (Dependencies between sql_yacc.cc and dependent headers not detected)
The build scripts in general, using automake, autoconf, etc, contain several
special commands and work around all related to the way the bison code in the
parser is built, for sql/sql_yacc.yy. These work arounds, accumulated over
time during development, ultimately cause the build scripts to be unstable
and cause build defects by not enforcing dependencies.
This fix simplifies the build process and aligns it with the automake tooling,
which provides native support for bison and *.yy files.
In particular, the following problem have been fixed:
- dependencies with sql_yacc.cc were not honored (Bug 21029), leading to
corrupted builds,
- the work around introduced by Bug 24557, to cleanup the generated files
sql_yacc.h and sql_yacc.cc, has been removed,
- the generated makefile, in a source distribution, used to destroy the files
sql_yacc.h and sql_yacc.cc on a 'make clean' target. This has been fixed:
these files are now removed by make maintainer-clean.
- The root cause of the problem found with gcc 4.1 (see Bug 24619) has been
clearly documented, and the "sed" hack has been replaced by a cleaner
work around, when building the code with bison 1.875.
- Removed the file sql/sql_yacc.yy.bak, added by WL 3031 by accident.
- Removed the unnecessary AM_YFLAG= --debug introduced by WL 3432, since
the compiling option DBUG_OFF takes precedence when setting YYDEBUG.
2007-01-24 14:40:39 -07:00
|
|
|
/*
|
|
|
|
Work around for broken code generated by bison 1.875.
|
|
|
|
|
|
|
|
The code generated by bison 1.875a and later, bison 2.1 and bison 2.2 is ok.
|
|
|
|
With bison 1.875 however, the generated code contains:
|
|
|
|
<pre>
|
|
|
|
yyerrlab1:
|
|
|
|
#if defined (__GNUC_MINOR__) && 2093 <= (__GNUC__ * 1000 + __GNUC_MINOR__)
|
|
|
|
__attribute__ ((__unused__))
|
|
|
|
#endif
|
|
|
|
</pre>
|
|
|
|
This usage of __attribute__ is illegal, so we remove it.
|
|
|
|
See the following references for details:
|
|
|
|
http://lists.gnu.org/archive/html/bug-bison/2004-02/msg00014.html
|
|
|
|
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14273
|
|
|
|
*/
|
|
|
|
|
|
|
|
#if defined (__GNUC_MINOR__) && 2093 <= (__GNUC__ * 1000 + __GNUC_MINOR__)
|
|
|
|
#undef __attribute__
|
|
|
|
#define __attribute__(X)
|
|
|
|
#endif
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2006-08-18 19:16:07 -07:00
|
|
|
#ifndef DBUG_OFF
|
|
|
|
#define YYDEBUG 1
|
|
|
|
#else
|
|
|
|
#define YYDEBUG 0
|
|
|
|
#endif
|
|
|
|
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
/**
|
|
|
|
@brief Push an error message into MySQL error stack with line
|
|
|
|
and position information.
|
|
|
|
|
|
|
|
This function provides semantic action implementers with a way
|
|
|
|
to push the famous "You have a syntax error near..." error
|
|
|
|
message into the error stack, which is normally produced only if
|
|
|
|
a parse error is discovered internally by the Bison generated
|
|
|
|
parser.
|
|
|
|
*/
|
|
|
|
|
|
|
|
void my_parse_error(const char *s)
|
|
|
|
{
|
|
|
|
THD *thd= current_thd;
|
2008-07-14 15:41:30 -06:00
|
|
|
Lex_input_stream *lip= & thd->m_parser_state->m_lip;
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
|
Bug#25411 (trigger code truncated), PART II
Bug 28127 (Some valid identifiers names are not parsed correctly)
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
This patch is the second part of a major cleanup, required to fix
Bug 25411 (trigger code truncated).
The root cause of the issue stems from the function skip_rear_comments,
which was a work around to remove "extra" "*/" characters from the query
text, when parsing a query and reusing the text fragments to represent a
view, trigger, function or stored procedure.
The reason for this work around is that "special comments",
like /*!50002 XXX */, were not parsed properly, so that a query like:
AAA /*!50002 BBB */ CCC
would be seen by the parser as "AAA BBB */ CCC" when the current version
is greater or equal to 5.0.2
The root cause of this stems from how special comments are parsed.
Special comments are really out-of-bound text that appear inside a query,
that affects how the parser behave.
In nature, /*!50002 XXX */ in MySQL is similar to the C concept
of preprocessing :
#if VERSION >= 50002
XXX
#endif
Depending on the current VERSION of the server, either the special comment
should be expanded or it should be ignored, but in all cases the "text" of
the query should be re-written to strip the "/*!50002" and "*/" markers,
which does not belong to the SQL language itself.
Prior to this fix, these markers would leak into :
- the storage format for VIEW,
- the storage format for FUNCTION,
- the storage format for FUNCTION parameters, in mysql.proc (param_list),
- the storage format for PROCEDURE,
- the storage format for PROCEDURE parameters, in mysql.proc (param_list),
- the storage format for TRIGGER,
- the binary log used for replication.
In all cases, not only this cause format corruption, but also provide a vector
for dormant security issues, by allowing to tunnel code that will be activated
after an upgrade.
The proper solution is to deal with special comments strictly during parsing,
when accepting a query from the outside world.
Once a query is parsed and an object is created with a persistant
representation, this object should not arbitrarily mutate after an upgrade.
In short, special comments are a useful but limited feature for MYSQLdump,
when used at an *interface* level to facilitate import/export,
but bloating the server *internal* storage format is *not* the proper way
to deal with configuration management of the user logic.
With this fix:
- the Lex_input_stream class now acts as a comment pre-processor,
and either expands or ignore special comments on the fly.
- MYSQLlex and sql_yacc.yy have been cleaned up to strictly use the
public interface of Lex_input_stream. In particular, how the input stream
accepts or rejects a character is private to Lex_input_stream, and the
internal buffer pointers of that class are strictly private, and should not
be tempered with during parsing.
This caused many changes mostly in sql_lex.cc.
During the code cleanup in case MY_LEX_NUMBER_IDENT,
Bug 28127 (Some valid identifiers names are not parsed correctly)
was found and fixed.
By parsing special comments properly, and removing the function
'skip_rear_comments' [sic],
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
has been fixed as well.
2007-06-12 15:23:58 -06:00
|
|
|
const char *yytext= lip->get_tok_start();
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
/* Push an error into the error stack */
|
|
|
|
my_printf_error(ER_PARSE_ERROR, ER(ER_PARSE_ERROR), MYF(0), s,
|
2007-04-25 21:38:12 -06:00
|
|
|
(yytext ? yytext : ""),
|
|
|
|
lip->yylineno);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
@brief Bison callback to report a syntax/OOM error
|
|
|
|
|
|
|
|
This function is invoked by the bison-generated parser
|
|
|
|
when a syntax error, a parse error or an out-of-memory
|
|
|
|
condition occurs. This function is not invoked when the
|
|
|
|
parser is requested to abort by semantic action code
|
|
|
|
by means of YYABORT or YYACCEPT macros. This is why these
|
|
|
|
macros should not be used (use MYSQL_YYABORT/MYSQL_YYACCEPT
|
|
|
|
instead).
|
|
|
|
|
|
|
|
The parser will abort immediately after invoking this callback.
|
|
|
|
|
|
|
|
This function is not for use in semantic actions and is internal to
|
|
|
|
the parser, as it performs some pre-return cleanup.
|
|
|
|
In semantic actions, please use my_parse_error or my_error to
|
|
|
|
push an error into the error stack and MYSQL_YYABORT
|
|
|
|
to abort from the parser.
|
|
|
|
*/
|
|
|
|
|
|
|
|
void MYSQLerror(const char *s)
|
|
|
|
{
|
|
|
|
THD *thd= current_thd;
|
|
|
|
|
|
|
|
/*
|
|
|
|
Restore the original LEX if it was replaced when parsing
|
|
|
|
a stored procedure. We must ensure that a parsing error
|
|
|
|
does not leave any side effects in the THD.
|
|
|
|
*/
|
|
|
|
LEX::cleanup_lex_after_parse_error(thd);
|
|
|
|
|
|
|
|
/* "parse error" changed into "syntax error" between bison 1.75 and 1.875 */
|
|
|
|
if (strcmp(s,"parse error") == 0 || strcmp(s,"syntax error") == 0)
|
|
|
|
s= ER(ER_SYNTAX_ERROR);
|
|
|
|
my_parse_error(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2006-08-18 19:16:07 -07:00
|
|
|
#ifndef DBUG_OFF
|
|
|
|
void turn_parser_debug_on()
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
MYSQLdebug is in sql/sql_yacc.cc, in bison generated code.
|
|
|
|
Turning this option on is **VERY** verbose, and should be
|
|
|
|
used when investigating a syntax error problem only.
|
|
|
|
|
|
|
|
The syntax to run with bison traces is as follows :
|
|
|
|
- Starting a server manually :
|
|
|
|
mysqld --debug="d,parser_debug" ...
|
|
|
|
- Running a test :
|
|
|
|
mysql-test-run.pl --mysqld="--debug=d,parser_debug" ...
|
|
|
|
|
|
|
|
The result will be in the process stderr (var/log/master.err)
|
|
|
|
*/
|
|
|
|
|
|
|
|
extern int yydebug;
|
|
|
|
yydebug= 1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
Bug#18239 (Possible to overload internal functions with stored functions)
Bug#21025 (misleading error message when creating functions named 'x', or 'y')
Bug#22619 (Spaces considered harmful)
This change contains a fix to report warnings or errors, and multiple tests
cases.
Before this fix, name collisions between:
- Native functions
- User Defined Functions
- Stored Functions
were not systematically reported, leading to confusing behavior.
I) Native / User Defined Function
Before this fix, is was possible to create a UDF named "foo", with the same
name as a native function "foo", but it was impossible to invoke the UDF,
since the syntax "foo()" always refer to the native function.
After this fix, creating a UDF fails with an error if there is a name
collision with a native function.
II) Native / Stored Function
Before this fix, is was possible to create a SF named "db.foo", with the same
name as a native function "foo", but this was confusing since the syntax
"foo()" would refer to the native function. To refer to the Stored Function,
the user had to use the "db.foo()" syntax.
After this fix, creating a Stored Function reports a warning if there is a
name collision with a native function.
III) User Defined Function / Stored Function
Before this fix, creating a User Defined Function "foo" and a Stored Function
"db.foo" are mutually exclusive operations. Whenever the second function is
created, an error is reported. However, the test suite did not cover this
behavior.
After this fix, the behavior is unchanged, and is now covered by test cases.
Note that the code change in this patch depends on the fix for Bug 21114.
2006-11-14 19:34:16 -07:00
|
|
|
static bool is_native_function(THD *thd, const LEX_STRING *name)
|
|
|
|
{
|
|
|
|
if (find_native_function_builder(thd, *name))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
if (is_lex_native_function(name))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
|
|
|
|
/**
|
|
|
|
Helper action for a case statement (entering the CASE).
|
|
|
|
This helper is used for both 'simple' and 'searched' cases.
|
2006-12-11 16:59:02 -07:00
|
|
|
This helper, with the other case_stmt_action_..., is executed when
|
|
|
|
the following SQL code is parsed:
|
|
|
|
<pre>
|
|
|
|
CREATE PROCEDURE proc_19194_simple(i int)
|
|
|
|
BEGIN
|
|
|
|
DECLARE str CHAR(10);
|
|
|
|
|
|
|
|
CASE i
|
|
|
|
WHEN 1 THEN SET str="1";
|
|
|
|
WHEN 2 THEN SET str="2";
|
|
|
|
WHEN 3 THEN SET str="3";
|
|
|
|
ELSE SET str="unknown";
|
|
|
|
END CASE;
|
|
|
|
|
|
|
|
SELECT str;
|
|
|
|
END
|
|
|
|
</pre>
|
|
|
|
The actions are used to generate the following code:
|
|
|
|
<pre>
|
|
|
|
SHOW PROCEDURE CODE proc_19194_simple;
|
|
|
|
Pos Instruction
|
|
|
|
0 set str@1 NULL
|
|
|
|
1 set_case_expr (12) 0 i@0
|
|
|
|
2 jump_if_not 5(12) (case_expr@0 = 1)
|
|
|
|
3 set str@1 _latin1'1'
|
|
|
|
4 jump 12
|
|
|
|
5 jump_if_not 8(12) (case_expr@0 = 2)
|
|
|
|
6 set str@1 _latin1'2'
|
|
|
|
7 jump 12
|
|
|
|
8 jump_if_not 11(12) (case_expr@0 = 3)
|
|
|
|
9 set str@1 _latin1'3'
|
|
|
|
10 jump 12
|
|
|
|
11 set str@1 _latin1'unknown'
|
|
|
|
12 stmt 0 "SELECT str"
|
|
|
|
</pre>
|
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
@param lex the parser lex context
|
|
|
|
*/
|
|
|
|
|
|
|
|
void case_stmt_action_case(LEX *lex)
|
|
|
|
{
|
|
|
|
lex->sphead->new_cont_backpatch(NULL);
|
|
|
|
|
|
|
|
/*
|
|
|
|
BACKPATCH: Creating target label for the jump to
|
|
|
|
"case_stmt_action_end_case"
|
2006-12-11 16:59:02 -07:00
|
|
|
(Instruction 12 in the example)
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
*/
|
|
|
|
|
|
|
|
lex->spcont->push_label((char *)"", lex->sphead->instructions());
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Helper action for a case expression statement (the expr in 'CASE expr').
|
|
|
|
This helper is used for 'searched' cases only.
|
|
|
|
@param lex the parser lex context
|
|
|
|
@param expr the parsed expression
|
|
|
|
@return 0 on success
|
|
|
|
*/
|
|
|
|
|
|
|
|
int case_stmt_action_expr(LEX *lex, Item* expr)
|
|
|
|
{
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *parsing_ctx= lex->spcont;
|
|
|
|
int case_expr_id= parsing_ctx->register_case_expr();
|
|
|
|
sp_instr_set_case_expr *i;
|
|
|
|
|
|
|
|
if (parsing_ctx->push_case_expr_id(case_expr_id))
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
i= new sp_instr_set_case_expr(sp->instructions(),
|
|
|
|
parsing_ctx, case_expr_id, expr, lex);
|
|
|
|
|
|
|
|
sp->add_cont_backpatch(i);
|
2008-11-21 17:38:42 +04:00
|
|
|
return sp->add_instr(i);
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Helper action for a case when condition.
|
|
|
|
This helper is used for both 'simple' and 'searched' cases.
|
|
|
|
@param lex the parser lex context
|
|
|
|
@param when the parsed expression for the WHEN clause
|
|
|
|
@param simple true for simple cases, false for searched cases
|
|
|
|
*/
|
|
|
|
|
2008-11-21 17:38:42 +04:00
|
|
|
int case_stmt_action_when(LEX *lex, Item *when, bool simple)
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
{
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
uint ip= sp->instructions();
|
|
|
|
sp_instr_jump_if_not *i;
|
|
|
|
Item_case_expr *var;
|
|
|
|
Item *expr;
|
|
|
|
|
|
|
|
if (simple)
|
|
|
|
{
|
|
|
|
var= new Item_case_expr(ctx->get_current_case_expr_id());
|
|
|
|
|
|
|
|
#ifndef DBUG_OFF
|
|
|
|
if (var)
|
|
|
|
{
|
|
|
|
var->m_sp= sp;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
expr= new Item_func_eq(var, when);
|
|
|
|
i= new sp_instr_jump_if_not(ip, ctx, expr, lex);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
i= new sp_instr_jump_if_not(ip, ctx, when, lex);
|
|
|
|
|
|
|
|
/*
|
|
|
|
BACKPATCH: Registering forward jump from
|
|
|
|
"case_stmt_action_when" to "case_stmt_action_then"
|
2006-12-11 16:59:02 -07:00
|
|
|
(jump_if_not from instruction 2 to 5, 5 to 8 ... in the example)
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
*/
|
|
|
|
|
2008-11-21 17:38:42 +04:00
|
|
|
return !test(i) ||
|
|
|
|
sp->push_backpatch(i, ctx->push_label((char *)"", 0)) ||
|
|
|
|
sp->add_cont_backpatch(i) ||
|
|
|
|
sp->add_instr(i);
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Helper action for a case then statements.
|
|
|
|
This helper is used for both 'simple' and 'searched' cases.
|
|
|
|
@param lex the parser lex context
|
|
|
|
*/
|
|
|
|
|
2008-11-21 17:38:42 +04:00
|
|
|
int case_stmt_action_then(LEX *lex)
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
{
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
uint ip= sp->instructions();
|
|
|
|
sp_instr_jump *i = new sp_instr_jump(ip, ctx);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (!test(i) || sp->add_instr(i))
|
|
|
|
return 1;
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
BACKPATCH: Resolving forward jump from
|
|
|
|
"case_stmt_action_when" to "case_stmt_action_then"
|
2006-12-11 16:59:02 -07:00
|
|
|
(jump_if_not from instruction 2 to 5, 5 to 8 ... in the example)
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
*/
|
|
|
|
|
|
|
|
sp->backpatch(ctx->pop_label());
|
|
|
|
|
|
|
|
/*
|
|
|
|
BACKPATCH: Registering forward jump from
|
2006-12-11 16:59:02 -07:00
|
|
|
"case_stmt_action_then" to "case_stmt_action_end_case"
|
|
|
|
(jump from instruction 4 to 12, 7 to 12 ... in the example)
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
*/
|
|
|
|
|
2008-11-21 17:38:42 +04:00
|
|
|
return sp->push_backpatch(i, ctx->last_label());
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Helper action for an end case.
|
|
|
|
This helper is used for both 'simple' and 'searched' cases.
|
|
|
|
@param lex the parser lex context
|
|
|
|
@param simple true for simple cases, false for searched cases
|
|
|
|
*/
|
|
|
|
|
|
|
|
void case_stmt_action_end_case(LEX *lex, bool simple)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
BACKPATCH: Resolving forward jump from
|
|
|
|
"case_stmt_action_then" to "case_stmt_action_end_case"
|
2006-12-11 16:59:02 -07:00
|
|
|
(jump from instruction 4 to 12, 7 to 12 ... in the example)
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
*/
|
|
|
|
lex->sphead->backpatch(lex->spcont->pop_label());
|
|
|
|
|
|
|
|
if (simple)
|
|
|
|
lex->spcont->pop_case_expr_id();
|
|
|
|
|
|
|
|
lex->sphead->do_cont_backpatch();
|
|
|
|
}
|
|
|
|
|
2007-01-29 17:32:52 -07:00
|
|
|
/**
|
|
|
|
Helper to resolve the SQL:2003 Syntax exception 1) in <in predicate>.
|
|
|
|
See SQL:2003, Part 2, section 8.4 <in predicate>, Note 184, page 383.
|
|
|
|
This function returns the proper item for the SQL expression
|
|
|
|
<code>left [NOT] IN ( expr )</code>
|
|
|
|
@param thd the current thread
|
|
|
|
@param left the in predicand
|
|
|
|
@param equal true for IN predicates, false for NOT IN predicates
|
|
|
|
@param expr first and only expression of the in value list
|
|
|
|
@return an expression representing the IN predicate.
|
|
|
|
*/
|
|
|
|
Item* handle_sql2003_note184_exception(THD *thd, Item* left, bool equal,
|
|
|
|
Item *expr)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
Relevant references for this issue:
|
|
|
|
- SQL:2003, Part 2, section 8.4 <in predicate>, page 383,
|
|
|
|
- SQL:2003, Part 2, section 7.2 <row value expression>, page 296,
|
|
|
|
- SQL:2003, Part 2, section 6.3 <value expression primary>, page 174,
|
|
|
|
- SQL:2003, Part 2, section 7.15 <subquery>, page 370,
|
|
|
|
- SQL:2003 Feature F561, "Full value expressions".
|
|
|
|
|
|
|
|
The exception in SQL:2003 Note 184 means:
|
|
|
|
Item_singlerow_subselect, which corresponds to a <scalar subquery>,
|
|
|
|
should be re-interpreted as an Item_in_subselect, which corresponds
|
|
|
|
to a <table subquery> when used inside an <in predicate>.
|
|
|
|
|
|
|
|
Our reading of Note 184 is reccursive, so that all:
|
|
|
|
- IN (( <subquery> ))
|
|
|
|
- IN ((( <subquery> )))
|
|
|
|
- IN '('^N <subquery> ')'^N
|
|
|
|
- etc
|
|
|
|
should be interpreted as a <table subquery>, no matter how deep in the
|
|
|
|
expression the <subquery> is.
|
|
|
|
*/
|
|
|
|
|
|
|
|
Item *result;
|
|
|
|
|
|
|
|
DBUG_ENTER("handle_sql2003_note184_exception");
|
|
|
|
|
|
|
|
if (expr->type() == Item::SUBSELECT_ITEM)
|
|
|
|
{
|
|
|
|
Item_subselect *expr2 = (Item_subselect*) expr;
|
|
|
|
|
|
|
|
if (expr2->substype() == Item_subselect::SINGLEROW_SUBS)
|
|
|
|
{
|
|
|
|
Item_singlerow_subselect *expr3 = (Item_singlerow_subselect*) expr2;
|
|
|
|
st_select_lex *subselect;
|
|
|
|
|
|
|
|
/*
|
|
|
|
Implement the mandated change, by altering the semantic tree:
|
|
|
|
left IN Item_singlerow_subselect(subselect)
|
|
|
|
is modified to
|
|
|
|
left IN (subselect)
|
|
|
|
which is represented as
|
|
|
|
Item_in_subselect(left, subselect)
|
|
|
|
*/
|
|
|
|
subselect= expr3->invalidate_and_restore_select_lex();
|
|
|
|
result= new (thd->mem_root) Item_in_subselect(left, subselect);
|
|
|
|
|
|
|
|
if (! equal)
|
|
|
|
result = negate_expression(thd, result);
|
|
|
|
|
|
|
|
DBUG_RETURN(result);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (equal)
|
|
|
|
result= new (thd->mem_root) Item_func_eq(left, expr);
|
|
|
|
else
|
|
|
|
result= new (thd->mem_root) Item_func_ne(left, expr);
|
|
|
|
|
|
|
|
DBUG_RETURN(result);
|
|
|
|
}
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
%}
|
|
|
|
%union {
|
|
|
|
int num;
|
|
|
|
ulong ulong_num;
|
2001-09-14 02:54:33 +03:00
|
|
|
ulonglong ulonglong_number;
|
2005-07-22 14:47:05 -04:00
|
|
|
longlong longlong_number;
|
2000-07-31 21:29:14 +02:00
|
|
|
LEX_STRING lex_str;
|
|
|
|
LEX_STRING *lex_str_ptr;
|
|
|
|
LEX_SYMBOL symbol;
|
|
|
|
Table_ident *table;
|
|
|
|
char *simple_string;
|
|
|
|
Item *item;
|
2004-03-18 18:27:03 +02:00
|
|
|
Item_num *item_num;
|
2000-07-31 21:29:14 +02:00
|
|
|
List<Item> *item_list;
|
|
|
|
List<String> *string_list;
|
2002-07-23 18:31:22 +03:00
|
|
|
String *string;
|
2007-06-10 14:43:57 +04:00
|
|
|
Key_part_spec *key_part;
|
2002-07-23 18:31:22 +03:00
|
|
|
TABLE_LIST *table_list;
|
|
|
|
udf_func *udf;
|
|
|
|
LEX_USER *lex_user;
|
2003-08-19 00:08:08 +03:00
|
|
|
struct sys_var_with_base variable;
|
2005-08-27 18:51:11 +05:00
|
|
|
enum enum_var_type var_type;
|
2000-07-31 21:29:14 +02:00
|
|
|
Key::Keytype key_type;
|
2003-08-19 00:08:08 +03:00
|
|
|
enum ha_key_alg key_alg;
|
2005-12-21 10:18:40 -08:00
|
|
|
handlerton *db_type;
|
2000-07-31 21:29:14 +02:00
|
|
|
enum row_type row_type;
|
2001-11-06 00:05:45 +02:00
|
|
|
enum ha_rkey_function ha_rkey_mode;
|
2001-03-21 01:02:22 +02:00
|
|
|
enum enum_tx_isolation tx_isolation;
|
2003-07-06 17:12:45 +02:00
|
|
|
enum Cast_target cast_type;
|
2000-07-31 21:29:14 +02:00
|
|
|
enum Item_udftype udf_type;
|
2007-10-11 18:07:40 +03:00
|
|
|
enum ha_choice choice;
|
2002-09-12 19:36:22 +05:00
|
|
|
CHARSET_INFO *charset;
|
2002-11-16 20:19:10 +02:00
|
|
|
thr_lock_type lock_type;
|
2004-11-11 19:01:46 -08:00
|
|
|
interval_type interval, interval_time_st;
|
2003-11-03 14:01:59 +02:00
|
|
|
timestamp_type date_time_type;
|
2002-10-27 23:27:00 +02:00
|
|
|
st_select_lex *select_lex;
|
2002-11-07 23:45:19 +02:00
|
|
|
chooser_compare_func_creator boolfunc2creator;
|
2004-11-11 19:01:46 -08:00
|
|
|
struct sp_cond_type *spcondtype;
|
|
|
|
struct { int vars, conds, hndlrs, curs; } spblock;
|
|
|
|
sp_name *spname;
|
|
|
|
struct st_lex *lex;
|
2005-12-15 14:12:28 +01:00
|
|
|
sp_head *sphead;
|
2006-03-07 15:25:08 +04:00
|
|
|
struct p_elem_val *p_elem_value;
|
2007-03-05 19:08:41 +02:00
|
|
|
enum index_hint_type index_hint;
|
2000-07-31 21:29:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
%{
|
2004-06-24 02:57:57 +03:00
|
|
|
bool my_yyoverflow(short **a, YYSTYPE **b, ulong *yystacksize);
|
2000-07-31 21:29:14 +02:00
|
|
|
%}
|
|
|
|
|
2007-08-24 09:08:11 -06:00
|
|
|
%pure_parser /* We have threads */
|
2007-03-02 15:05:16 +03:00
|
|
|
/*
|
2007-12-19 20:59:57 -02:00
|
|
|
Currently there are 169 shift/reduce conflicts.
|
2007-08-22 14:25:36 -06:00
|
|
|
We should not introduce new conflicts any more.
|
2007-03-02 15:05:16 +03:00
|
|
|
*/
|
2007-12-19 20:59:57 -02:00
|
|
|
%expect 169
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2006-11-02 11:01:53 -07:00
|
|
|
/*
|
|
|
|
Comments for TOKENS.
|
|
|
|
For each token, please include in the same line a comment that contains
|
|
|
|
the following tags:
|
|
|
|
SQL-2003-R : Reserved keyword as per SQL-2003
|
|
|
|
SQL-2003-N : Non Reserved keyword as per SQL-2003
|
|
|
|
SQL-1999-R : Reserved keyword as per SQL-1999
|
|
|
|
SQL-1999-N : Non Reserved keyword as per SQL-1999
|
|
|
|
MYSQL : MySQL extention (unspecified)
|
|
|
|
MYSQL-FUNC : MySQL extention, function
|
|
|
|
INTERNAL : Not a real token, lex optimization
|
|
|
|
OPERATOR : SQL operator
|
|
|
|
FUTURE-USE : Reserved for futur use
|
|
|
|
|
|
|
|
This makes the code grep-able, and helps maintenance.
|
|
|
|
*/
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2006-11-02 11:01:53 -07:00
|
|
|
%token ABORT_SYM /* INTERNAL (used in lex) */
|
2006-01-11 11:35:25 +01:00
|
|
|
%token ACCESSIBLE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token ACTION /* SQL-2003-N */
|
|
|
|
%token ADD /* SQL-2003-R */
|
|
|
|
%token ADDDATE_SYM /* MYSQL-FUNC */
|
|
|
|
%token AFTER_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token AGAINST
|
|
|
|
%token AGGREGATE_SYM
|
|
|
|
%token ALGORITHM_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token ALL /* SQL-2003-R */
|
|
|
|
%token ALTER /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token ANALYZE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token AND_AND_SYM /* OPERATOR */
|
|
|
|
%token AND_SYM /* SQL-2003-R */
|
|
|
|
%token ANY_SYM /* SQL-2003-R */
|
|
|
|
%token AS /* SQL-2003-R */
|
|
|
|
%token ASC /* SQL-2003-N */
|
|
|
|
%token ASCII_SYM /* MYSQL-FUNC */
|
|
|
|
%token ASENSITIVE_SYM /* FUTURE-USE */
|
|
|
|
%token AT_SYM /* SQL-2003-R */
|
2005-11-10 19:43:17 +02:00
|
|
|
%token AUTHORS_SYM
|
2006-01-11 11:35:25 +01:00
|
|
|
%token AUTOEXTEND_SIZE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token AUTO_INC
|
2005-01-16 13:16:23 +01:00
|
|
|
%token AVG_ROW_LENGTH
|
2006-11-02 11:01:53 -07:00
|
|
|
%token AVG_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token BACKUP_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token BEFORE_SYM /* SQL-2003-N */
|
|
|
|
%token BEGIN_SYM /* SQL-2003-R */
|
|
|
|
%token BETWEEN_SYM /* SQL-2003-R */
|
|
|
|
%token BIGINT /* SQL-2003-R */
|
|
|
|
%token BINARY /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token BINLOG_SYM
|
2004-12-17 18:06:05 +04:00
|
|
|
%token BIN_NUM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token BIT_AND /* MYSQL-FUNC */
|
|
|
|
%token BIT_OR /* MYSQL-FUNC */
|
|
|
|
%token BIT_SYM /* MYSQL-FUNC */
|
|
|
|
%token BIT_XOR /* MYSQL-FUNC */
|
|
|
|
%token BLOB_SYM /* SQL-2003-R */
|
2007-01-03 17:15:10 -05:00
|
|
|
%token BLOCK_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token BOOLEAN_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token BOOL_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token BOTH /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token BTREE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token BY /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token BYTE_SYM
|
|
|
|
%token CACHE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CALL_SYM /* SQL-2003-R */
|
|
|
|
%token CASCADE /* SQL-2003-N */
|
|
|
|
%token CASCADED /* SQL-2003-R */
|
|
|
|
%token CASE_SYM /* SQL-2003-R */
|
|
|
|
%token CAST_SYM /* SQL-2003-R */
|
|
|
|
%token CHAIN_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token CHANGE
|
|
|
|
%token CHANGED
|
|
|
|
%token CHARSET
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CHAR_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token CHECKSUM_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CHECK_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token CIPHER_SYM
|
|
|
|
%token CLIENT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CLOSE_SYM /* SQL-2003-R */
|
|
|
|
%token COALESCE /* SQL-2003-N */
|
2005-11-17 11:11:48 +01:00
|
|
|
%token CODE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token COLLATE_SYM /* SQL-2003-R */
|
|
|
|
%token COLLATION_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token COLUMNS
|
2006-11-02 11:01:53 -07:00
|
|
|
%token COLUMN_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token COMMENT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token COMMITTED_SYM /* SQL-2003-N */
|
|
|
|
%token COMMIT_SYM /* SQL-2003-R */
|
2005-02-14 21:50:09 +01:00
|
|
|
%token COMPACT_SYM
|
2005-12-02 13:07:02 +01:00
|
|
|
%token COMPLETION_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token COMPRESSED_SYM
|
|
|
|
%token CONCURRENT
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CONDITION_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token CONNECTION_SYM
|
|
|
|
%token CONSISTENT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CONSTRAINT /* SQL-2003-R */
|
|
|
|
%token CONTAINS_SYM /* SQL-2003-N */
|
2007-01-03 17:15:10 -05:00
|
|
|
%token CONTEXT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CONTINUE_SYM /* SQL-2003-R */
|
2006-05-02 17:53:26 -07:00
|
|
|
%token CONTRIBUTORS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CONVERT_SYM /* SQL-2003-N */
|
|
|
|
%token COUNT_SYM /* SQL-2003-N */
|
2007-01-03 17:15:10 -05:00
|
|
|
%token CPU_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token CREATE /* SQL-2003-R */
|
|
|
|
%token CROSS /* SQL-2003-R */
|
|
|
|
%token CUBE_SYM /* SQL-2003-R */
|
|
|
|
%token CURDATE /* MYSQL-FUNC */
|
|
|
|
%token CURRENT_USER /* SQL-2003-R */
|
|
|
|
%token CURSOR_SYM /* SQL-2003-R */
|
|
|
|
%token CURTIME /* MYSQL-FUNC */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DATABASE
|
|
|
|
%token DATABASES
|
2006-01-11 11:35:25 +01:00
|
|
|
%token DATAFILE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DATA_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DATETIME
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DATE_ADD_INTERVAL /* MYSQL-FUNC */
|
|
|
|
%token DATE_SUB_INTERVAL /* MYSQL-FUNC */
|
|
|
|
%token DATE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DAY_HOUR_SYM
|
|
|
|
%token DAY_MICROSECOND_SYM
|
|
|
|
%token DAY_MINUTE_SYM
|
|
|
|
%token DAY_SECOND_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DAY_SYM /* SQL-2003-R */
|
|
|
|
%token DEALLOCATE_SYM /* SQL-2003-R */
|
2005-02-14 21:50:09 +01:00
|
|
|
%token DECIMAL_NUM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DECIMAL_SYM /* SQL-2003-R */
|
|
|
|
%token DECLARE_SYM /* SQL-2003-R */
|
|
|
|
%token DEFAULT /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DEFINER_SYM
|
|
|
|
%token DELAYED_SYM
|
|
|
|
%token DELAY_KEY_WRITE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DELETE_SYM /* SQL-2003-R */
|
|
|
|
%token DESC /* SQL-2003-N */
|
|
|
|
%token DESCRIBE /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DES_KEY_FILE
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DETERMINISTIC_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DIRECTORY_SYM
|
|
|
|
%token DISABLE_SYM
|
|
|
|
%token DISCARD
|
2006-01-11 11:35:25 +01:00
|
|
|
%token DISK_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DISTINCT /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DIV_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DOUBLE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DO_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DROP /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token DUAL_SYM
|
|
|
|
%token DUMPFILE
|
2003-01-21 21:07:59 +02:00
|
|
|
%token DUPLICATE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token DYNAMIC_SYM /* SQL-2003-R */
|
|
|
|
%token EACH_SYM /* SQL-2003-R */
|
|
|
|
%token ELSE /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token ELSEIF_SYM
|
|
|
|
%token ENABLE_SYM
|
|
|
|
%token ENCLOSED
|
2006-11-02 11:01:53 -07:00
|
|
|
%token END /* SQL-2003-R */
|
2005-12-02 13:07:02 +01:00
|
|
|
%token ENDS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token END_OF_INPUT /* INTERNAL */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token ENGINES_SYM
|
|
|
|
%token ENGINE_SYM
|
|
|
|
%token ENUM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token EQ /* OPERATOR */
|
|
|
|
%token EQUAL_SYM /* OPERATOR */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token ERRORS
|
|
|
|
%token ESCAPED
|
2006-11-02 11:01:53 -07:00
|
|
|
%token ESCAPE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token EVENTS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token EVENT_SYM
|
|
|
|
%token EVERY_SYM /* SQL-2003-N */
|
|
|
|
%token EXECUTE_SYM /* SQL-2003-R */
|
|
|
|
%token EXISTS /* SQL-2003-R */
|
2004-11-11 19:01:46 -08:00
|
|
|
%token EXIT_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token EXPANSION_SYM
|
|
|
|
%token EXTENDED_SYM
|
2006-01-11 11:35:25 +01:00
|
|
|
%token EXTENT_SIZE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token EXTRACT_SYM /* SQL-2003-N */
|
|
|
|
%token FALSE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token FAST_SYM
|
2007-01-03 17:15:10 -05:00
|
|
|
%token FAULTS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token FETCH_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token FILE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token FIRST_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token FIXED_SYM
|
|
|
|
%token FLOAT_NUM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token FLOAT_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token FLUSH_SYM
|
|
|
|
%token FORCE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token FOREIGN /* SQL-2003-R */
|
|
|
|
%token FOR_SYM /* SQL-2003-R */
|
|
|
|
%token FOUND_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token FRAC_SECOND_SYM
|
|
|
|
%token FROM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token FULL /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token FULLTEXT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token FUNCTION_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token GE
|
|
|
|
%token GEOMETRYCOLLECTION
|
|
|
|
%token GEOMETRY_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token GET_FORMAT /* MYSQL-FUNC */
|
|
|
|
%token GLOBAL_SYM /* SQL-2003-R */
|
|
|
|
%token GRANT /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token GRANTS
|
2007-02-23 22:48:15 +02:00
|
|
|
%token GROUP_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token GROUP_CONCAT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token GT_SYM /* OPERATOR */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token HANDLER_SYM
|
|
|
|
%token HASH_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token HAVING /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token HELP_SYM
|
|
|
|
%token HEX_NUM
|
|
|
|
%token HIGH_PRIORITY
|
2006-12-01 19:47:45 -05:00
|
|
|
%token HOST_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token HOSTS_SYM
|
|
|
|
%token HOUR_MICROSECOND_SYM
|
|
|
|
%token HOUR_MINUTE_SYM
|
|
|
|
%token HOUR_SECOND_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token HOUR_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token IDENT
|
|
|
|
%token IDENTIFIED_SYM
|
|
|
|
%token IDENT_QUOTED
|
|
|
|
%token IF
|
|
|
|
%token IGNORE_SYM
|
|
|
|
%token IMPORT
|
|
|
|
%token INDEXES
|
|
|
|
%token INDEX_SYM
|
|
|
|
%token INFILE
|
2006-01-11 11:35:25 +01:00
|
|
|
%token INITIAL_SIZE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token INNER_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token INNOBASE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token INOUT_SYM /* SQL-2003-R */
|
|
|
|
%token INSENSITIVE_SYM /* SQL-2003-R */
|
|
|
|
%token INSERT /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token INSERT_METHOD
|
2005-11-06 13:13:06 +01:00
|
|
|
%token INSTALL_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token INTERVAL_SYM /* SQL-2003-R */
|
|
|
|
%token INTO /* SQL-2003-R */
|
|
|
|
%token INT_SYM /* SQL-2003-R */
|
2004-11-11 19:01:46 -08:00
|
|
|
%token INVOKER_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token IN_SYM /* SQL-2003-R */
|
2007-01-03 17:15:10 -05:00
|
|
|
%token IO_SYM
|
|
|
|
%token IPC_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token IS /* SQL-2003-R */
|
|
|
|
%token ISOLATION /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token ISSUER_SYM
|
|
|
|
%token ITERATE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token JOIN_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token KEYS
|
2006-05-03 15:59:17 +03:00
|
|
|
%token KEY_BLOCK_SIZE
|
2006-11-02 11:01:53 -07:00
|
|
|
%token KEY_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token KILL_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token LANGUAGE_SYM /* SQL-2003-R */
|
|
|
|
%token LAST_SYM /* SQL-2003-N */
|
|
|
|
%token LE /* OPERATOR */
|
|
|
|
%token LEADING /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token LEAVES
|
|
|
|
%token LEAVE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token LEFT /* SQL-2003-R */
|
2005-07-18 13:31:02 +02:00
|
|
|
%token LESS_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token LEVEL_SYM
|
|
|
|
%token LEX_HOSTNAME
|
2006-11-02 11:01:53 -07:00
|
|
|
%token LIKE /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token LIMIT
|
2005-07-18 13:31:02 +02:00
|
|
|
%token LINEAR_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token LINES
|
|
|
|
%token LINESTRING
|
2005-07-18 13:31:02 +02:00
|
|
|
%token LIST_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token LOAD
|
2006-11-02 11:01:53 -07:00
|
|
|
%token LOCAL_SYM /* SQL-2003-R */
|
|
|
|
%token LOCATOR_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token LOCKS_SYM
|
|
|
|
%token LOCK_SYM
|
2006-01-11 11:35:25 +01:00
|
|
|
%token LOGFILE_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token LOGS_SYM
|
|
|
|
%token LONGBLOB
|
|
|
|
%token LONGTEXT
|
|
|
|
%token LONG_NUM
|
|
|
|
%token LONG_SYM
|
|
|
|
%token LOOP_SYM
|
|
|
|
%token LOW_PRIORITY
|
2006-11-02 11:01:53 -07:00
|
|
|
%token LT /* OPERATOR */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MASTER_CONNECT_RETRY_SYM
|
|
|
|
%token MASTER_HOST_SYM
|
|
|
|
%token MASTER_LOG_FILE_SYM
|
|
|
|
%token MASTER_LOG_POS_SYM
|
|
|
|
%token MASTER_PASSWORD_SYM
|
|
|
|
%token MASTER_PORT_SYM
|
|
|
|
%token MASTER_SERVER_ID_SYM
|
|
|
|
%token MASTER_SSL_CAPATH_SYM
|
|
|
|
%token MASTER_SSL_CA_SYM
|
|
|
|
%token MASTER_SSL_CERT_SYM
|
|
|
|
%token MASTER_SSL_CIPHER_SYM
|
|
|
|
%token MASTER_SSL_KEY_SYM
|
|
|
|
%token MASTER_SSL_SYM
|
2007-03-29 15:09:57 +02:00
|
|
|
%token MASTER_SSL_VERIFY_SERVER_CERT_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MASTER_SYM
|
|
|
|
%token MASTER_USER_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token MATCH /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MAX_CONNECTIONS_PER_HOUR
|
|
|
|
%token MAX_QUERIES_PER_HOUR
|
|
|
|
%token MAX_ROWS
|
2006-01-11 11:35:25 +01:00
|
|
|
%token MAX_SIZE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token MAX_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MAX_UPDATES_PER_HOUR
|
2005-02-14 21:50:09 +01:00
|
|
|
%token MAX_USER_CONNECTIONS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token MAX_VALUE_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MEDIUMBLOB
|
|
|
|
%token MEDIUMINT
|
|
|
|
%token MEDIUMTEXT
|
|
|
|
%token MEDIUM_SYM
|
2006-01-11 11:35:25 +01:00
|
|
|
%token MEMORY_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token MERGE_SYM /* SQL-2003-R */
|
|
|
|
%token MICROSECOND_SYM /* MYSQL-FUNC */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MIGRATE_SYM
|
|
|
|
%token MINUTE_MICROSECOND_SYM
|
|
|
|
%token MINUTE_SECOND_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token MINUTE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MIN_ROWS
|
2006-11-02 11:01:53 -07:00
|
|
|
%token MIN_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MODE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token MODIFIES_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MODIFY_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token MOD_SYM /* SQL-2003-N */
|
|
|
|
%token MONTH_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token MULTILINESTRING
|
|
|
|
%token MULTIPOINT
|
|
|
|
%token MULTIPOLYGON
|
2004-12-24 13:31:21 +01:00
|
|
|
%token MUTEX_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token NAMES_SYM /* SQL-2003-N */
|
|
|
|
%token NAME_SYM /* SQL-2003-N */
|
|
|
|
%token NATIONAL_SYM /* SQL-2003-R */
|
|
|
|
%token NATURAL /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token NCHAR_STRING
|
2006-11-02 11:01:53 -07:00
|
|
|
%token NCHAR_SYM /* SQL-2003-R */
|
2004-04-15 09:14:14 +02:00
|
|
|
%token NDBCLUSTER_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token NE /* OPERATOR */
|
|
|
|
%token NEG
|
|
|
|
%token NEW_SYM /* SQL-2003-R */
|
|
|
|
%token NEXT_SYM /* SQL-2003-N */
|
2005-07-18 13:31:02 +02:00
|
|
|
%token NODEGROUP_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token NONE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token NOT2_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token NOT_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token NOW_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token NO_SYM /* SQL-2003-R */
|
2006-01-11 11:35:25 +01:00
|
|
|
%token NO_WAIT_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token NO_WRITE_TO_BINLOG
|
2006-11-02 11:01:53 -07:00
|
|
|
%token NULL_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token NUM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token NUMERIC_SYM /* SQL-2003-R */
|
2003-09-15 10:26:48 +05:00
|
|
|
%token NVARCHAR_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token OFFSET_SYM
|
|
|
|
%token OLD_PASSWORD
|
2006-11-02 11:01:53 -07:00
|
|
|
%token ON /* SQL-2003-R */
|
2004-06-03 23:17:18 +02:00
|
|
|
%token ONE_SHOT_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token ONE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token OPEN_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token OPTIMIZE
|
2006-12-01 19:47:45 -05:00
|
|
|
%token OPTIONS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token OPTION /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token OPTIONALLY
|
|
|
|
%token OR2_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token ORDER_SYM /* SQL-2003-R */
|
|
|
|
%token OR_OR_SYM /* OPERATOR */
|
|
|
|
%token OR_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token OUTER
|
|
|
|
%token OUTFILE
|
2006-11-02 11:01:53 -07:00
|
|
|
%token OUT_SYM /* SQL-2003-R */
|
2006-12-01 19:47:45 -05:00
|
|
|
%token OWNER_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token PACK_KEYS_SYM
|
2007-01-03 17:15:10 -05:00
|
|
|
%token PAGE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token PARAM_MARKER
|
2005-11-06 13:13:06 +01:00
|
|
|
%token PARSER_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token PARTIAL /* SQL-2003-N */
|
2006-03-20 14:36:21 -05:00
|
|
|
%token PARTITIONING_SYM
|
2005-07-18 13:31:02 +02:00
|
|
|
%token PARTITIONS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token PARTITION_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token PASSWORD
|
|
|
|
%token PHASE_SYM
|
2006-04-06 15:29:39 +02:00
|
|
|
%token PLUGINS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token PLUGIN_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token POINT_SYM
|
|
|
|
%token POLYGON
|
2006-12-01 19:47:45 -05:00
|
|
|
%token PORT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token POSITION_SYM /* SQL-2003-N */
|
|
|
|
%token PRECISION /* SQL-2003-R */
|
|
|
|
%token PREPARE_SYM /* SQL-2003-R */
|
2005-12-02 13:07:02 +01:00
|
|
|
%token PRESERVE_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token PREV_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token PRIMARY_SYM /* SQL-2003-R */
|
|
|
|
%token PRIVILEGES /* SQL-2003-N */
|
|
|
|
%token PROCEDURE /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token PROCESS
|
|
|
|
%token PROCESSLIST_SYM
|
2007-01-03 17:15:10 -05:00
|
|
|
%token PROFILE_SYM
|
|
|
|
%token PROFILES_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token PURGE
|
|
|
|
%token QUARTER_SYM
|
|
|
|
%token QUERY_SYM
|
|
|
|
%token QUICK
|
2006-11-02 11:01:53 -07:00
|
|
|
%token RANGE_SYM /* SQL-2003-R */
|
|
|
|
%token READS_SYM /* SQL-2003-R */
|
2006-01-11 11:35:25 +01:00
|
|
|
%token READ_ONLY_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token READ_SYM /* SQL-2003-N */
|
2006-01-11 11:35:25 +01:00
|
|
|
%token READ_WRITE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token REAL /* SQL-2003-R */
|
2006-01-17 08:40:00 +01:00
|
|
|
%token REBUILD_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token RECOVER_SYM
|
2006-01-11 11:35:25 +01:00
|
|
|
%token REDOFILE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token REDO_BUFFER_SIZE_SYM
|
2005-02-14 21:50:09 +01:00
|
|
|
%token REDUNDANT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token REFERENCES /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token REGEXP
|
|
|
|
%token RELAY_LOG_FILE_SYM
|
|
|
|
%token RELAY_LOG_POS_SYM
|
|
|
|
%token RELAY_THREAD
|
2006-11-02 11:01:53 -07:00
|
|
|
%token RELEASE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token RELOAD
|
2006-03-20 14:36:21 -05:00
|
|
|
%token REMOVE_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token RENAME
|
2006-01-17 08:40:00 +01:00
|
|
|
%token REORGANIZE_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token REPAIR
|
2006-11-02 11:01:53 -07:00
|
|
|
%token REPEATABLE_SYM /* SQL-2003-N */
|
|
|
|
%token REPEAT_SYM /* MYSQL-FUNC */
|
|
|
|
%token REPLACE /* MYSQL-FUNC */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token REPLICATION
|
|
|
|
%token REQUIRE_SYM
|
|
|
|
%token RESET_SYM
|
|
|
|
%token RESOURCES
|
|
|
|
%token RESTORE_SYM
|
|
|
|
%token RESTRICT
|
|
|
|
%token RESUME_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token RETURNS_SYM /* SQL-2003-R */
|
|
|
|
%token RETURN_SYM /* SQL-2003-R */
|
|
|
|
%token REVOKE /* SQL-2003-R */
|
|
|
|
%token RIGHT /* SQL-2003-R */
|
|
|
|
%token ROLLBACK_SYM /* SQL-2003-R */
|
|
|
|
%token ROLLUP_SYM /* SQL-2003-R */
|
|
|
|
%token ROUTINE_SYM /* SQL-2003-N */
|
|
|
|
%token ROWS_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token ROW_FORMAT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token ROW_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token RTREE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SAVEPOINT_SYM /* SQL-2003-R */
|
2005-12-02 13:07:02 +01:00
|
|
|
%token SCHEDULE_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SECOND_MICROSECOND_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SECOND_SYM /* SQL-2003-R */
|
|
|
|
%token SECURITY_SYM /* SQL-2003-N */
|
|
|
|
%token SELECT_SYM /* SQL-2003-R */
|
|
|
|
%token SENSITIVE_SYM /* FUTURE-USE */
|
2003-03-18 04:07:40 +05:00
|
|
|
%token SEPARATOR_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SERIALIZABLE_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SERIAL_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SESSION_SYM /* SQL-2003-N */
|
2006-12-01 19:47:45 -05:00
|
|
|
%token SERVER_SYM
|
|
|
|
%token SERVER_OPTIONS
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SET /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SET_VAR
|
|
|
|
%token SHARE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SHIFT_LEFT /* OPERATOR */
|
|
|
|
%token SHIFT_RIGHT /* OPERATOR */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SHOW
|
|
|
|
%token SHUTDOWN
|
|
|
|
%token SIGNED_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SIMPLE_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SLAVE
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SMALLINT /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SNAPSHOT_SYM
|
2006-12-01 19:47:45 -05:00
|
|
|
%token SOCKET_SYM
|
2005-11-06 13:13:06 +01:00
|
|
|
%token SONAME_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SOUNDS_SYM
|
2007-01-03 17:15:10 -05:00
|
|
|
%token SOURCE_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SPATIAL_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SPECIFIC_SYM /* SQL-2003-R */
|
|
|
|
%token SQLEXCEPTION_SYM /* SQL-2003-R */
|
|
|
|
%token SQLSTATE_SYM /* SQL-2003-R */
|
|
|
|
%token SQLWARNING_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SQL_BIG_RESULT
|
|
|
|
%token SQL_BUFFER_RESULT
|
|
|
|
%token SQL_CACHE_SYM
|
|
|
|
%token SQL_CALC_FOUND_ROWS
|
|
|
|
%token SQL_NO_CACHE_SYM
|
|
|
|
%token SQL_SMALL_RESULT
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SQL_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SQL_THREAD
|
2001-09-30 10:46:20 +08:00
|
|
|
%token SSL_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token STARTING
|
2005-12-02 13:07:02 +01:00
|
|
|
%token STARTS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token START_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token STATUS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token STDDEV_SAMP_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token STD_SYM
|
|
|
|
%token STOP_SYM
|
|
|
|
%token STORAGE_SYM
|
|
|
|
%token STRAIGHT_JOIN
|
|
|
|
%token STRING_SYM
|
|
|
|
%token SUBDATE_SYM
|
|
|
|
%token SUBJECT_SYM
|
2005-07-18 13:31:02 +02:00
|
|
|
%token SUBPARTITIONS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token SUBPARTITION_SYM
|
|
|
|
%token SUBSTRING /* SQL-2003-N */
|
|
|
|
%token SUM_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token SUPER_SYM
|
|
|
|
%token SUSPEND_SYM
|
2007-01-03 17:15:10 -05:00
|
|
|
%token SWAPS_SYM
|
|
|
|
%token SWITCHES_SYM
|
2005-08-24 15:50:58 -07:00
|
|
|
%token SYSDATE
|
2005-01-16 13:16:23 +01:00
|
|
|
%token TABLES
|
|
|
|
%token TABLESPACE
|
2006-11-02 11:01:53 -07:00
|
|
|
%token TABLE_REF_PRIORITY
|
|
|
|
%token TABLE_SYM /* SQL-2003-R */
|
2007-10-11 18:07:40 +03:00
|
|
|
%token TABLE_CHECKSUM_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token TEMPORARY /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token TEMPTABLE_SYM
|
|
|
|
%token TERMINATED
|
|
|
|
%token TEXT_STRING
|
|
|
|
%token TEXT_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token THAN_SYM
|
|
|
|
%token THEN_SYM /* SQL-2003-R */
|
|
|
|
%token TIMESTAMP /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token TIMESTAMP_ADD
|
|
|
|
%token TIMESTAMP_DIFF
|
2006-11-02 11:01:53 -07:00
|
|
|
%token TIME_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token TINYBLOB
|
|
|
|
%token TINYINT
|
|
|
|
%token TINYTEXT
|
2006-11-02 11:01:53 -07:00
|
|
|
%token TO_SYM /* SQL-2003-R */
|
|
|
|
%token TRAILING /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token TRANSACTION_SYM
|
2005-07-19 20:06:49 +04:00
|
|
|
%token TRIGGERS_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token TRIGGER_SYM /* SQL-2003-R */
|
|
|
|
%token TRIM /* SQL-2003-N */
|
|
|
|
%token TRUE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token TRUNCATE_SYM
|
2002-06-12 14:13:12 -07:00
|
|
|
%token TYPES_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token TYPE_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token UDF_RETURNS_SYM
|
|
|
|
%token ULONGLONG_NUM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token UNCOMMITTED_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token UNDEFINED_SYM
|
|
|
|
%token UNDERSCORE_CHARSET
|
2006-11-02 11:01:53 -07:00
|
|
|
%token UNDOFILE_SYM
|
|
|
|
%token UNDO_BUFFER_SIZE_SYM
|
|
|
|
%token UNDO_SYM /* FUTURE-USE */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token UNICODE_SYM
|
2005-11-06 13:13:06 +01:00
|
|
|
%token UNINSTALL_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token UNION_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token UNIQUE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token UNKNOWN_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token UNLOCK_SYM
|
|
|
|
%token UNSIGNED
|
|
|
|
%token UNTIL_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token UPDATE_SYM /* SQL-2003-R */
|
2006-02-17 10:52:32 +04:00
|
|
|
%token UPGRADE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token USAGE /* SQL-2003-N */
|
|
|
|
%token USER /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token USE_FRM
|
|
|
|
%token USE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token USING /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token UTC_DATE_SYM
|
|
|
|
%token UTC_TIMESTAMP_SYM
|
|
|
|
%token UTC_TIME_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token VALUES /* SQL-2003-R */
|
|
|
|
%token VALUE_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token VARBINARY
|
2006-11-02 11:01:53 -07:00
|
|
|
%token VARCHAR /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token VARIABLES
|
|
|
|
%token VARIANCE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token VARYING /* SQL-2003-R */
|
|
|
|
%token VAR_SAMP_SYM
|
|
|
|
%token VIEW_SYM /* SQL-2003-N */
|
2006-01-11 11:35:25 +01:00
|
|
|
%token WAIT_SYM
|
2005-01-16 13:16:23 +01:00
|
|
|
%token WARNINGS
|
|
|
|
%token WEEK_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token WHEN_SYM /* SQL-2003-R */
|
|
|
|
%token WHERE /* SQL-2003-R */
|
2004-11-11 19:01:46 -08:00
|
|
|
%token WHILE_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token WITH /* SQL-2003-R */
|
|
|
|
%token WORK_SYM /* SQL-2003-N */
|
2006-12-01 19:47:45 -05:00
|
|
|
%token WRAPPER_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token WRITE_SYM /* SQL-2003-N */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token X509_SYM
|
|
|
|
%token XA_SYM
|
|
|
|
%token XOR
|
|
|
|
%token YEAR_MONTH_SYM
|
2006-11-02 11:01:53 -07:00
|
|
|
%token YEAR_SYM /* SQL-2003-R */
|
2005-01-16 13:16:23 +01:00
|
|
|
%token ZEROFILL
|
2001-09-19 19:45:13 -06:00
|
|
|
|
2005-10-25 09:00:57 +03:00
|
|
|
%left JOIN_SYM INNER_SYM STRAIGHT_JOIN CROSS LEFT RIGHT
|
2005-09-10 15:01:54 +03:00
|
|
|
/* A dummy token to force the priority of table_ref production in a join. */
|
|
|
|
%left TABLE_REF_PRIORITY
|
2000-07-31 21:29:14 +02:00
|
|
|
%left SET_VAR
|
2007-08-22 14:25:36 -06:00
|
|
|
%left OR_OR_SYM OR_SYM OR2_SYM
|
|
|
|
%left XOR
|
2007-08-14 20:31:06 -06:00
|
|
|
%left AND_SYM AND_AND_SYM
|
|
|
|
%left BETWEEN_SYM CASE_SYM WHEN_SYM THEN_SYM ELSE
|
|
|
|
%left EQ EQUAL_SYM GE GT_SYM LE LT NE IS LIKE REGEXP IN_SYM
|
|
|
|
%left '|'
|
|
|
|
%left '&'
|
|
|
|
%left SHIFT_LEFT SHIFT_RIGHT
|
|
|
|
%left '-' '+'
|
|
|
|
%left '*' '/' '%' DIV_SYM MOD_SYM
|
2002-06-29 16:25:09 +03:00
|
|
|
%left '^'
|
2007-08-14 20:31:06 -06:00
|
|
|
%left NEG '~'
|
|
|
|
%right NOT_SYM NOT2_SYM
|
|
|
|
%right BINARY COLLATE_SYM
|
2007-08-22 14:25:36 -06:00
|
|
|
%left INTERVAL_SYM
|
2002-10-15 16:33:06 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
%type <lex_str>
|
2005-02-09 02:50:45 +04:00
|
|
|
IDENT IDENT_QUOTED TEXT_STRING DECIMAL_NUM FLOAT_NUM NUM LONG_NUM HEX_NUM
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX_HOSTNAME ULONGLONG_NUM field_ident select_alias ident ident_or_text
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
IDENT_sys TEXT_STRING_sys TEXT_STRING_literal
|
2007-08-14 20:31:06 -06:00
|
|
|
NCHAR_STRING opt_component key_cache_name
|
2006-10-16 19:57:33 +03:00
|
|
|
sp_opt_label BIN_NUM label_ident TEXT_STRING_filesystem ident_or_empty
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <lex_str_ptr>
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_table_alias
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <table>
|
2007-08-14 20:31:06 -06:00
|
|
|
table_ident table_ident_nodb references xid
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <simple_string>
|
2007-08-14 20:31:06 -06:00
|
|
|
remember_name remember_end opt_ident opt_db text_or_password
|
|
|
|
opt_constraint constraint
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <string>
|
2007-08-14 20:31:06 -06:00
|
|
|
text_string opt_gconcat_separator
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <num>
|
2007-08-14 20:31:06 -06:00
|
|
|
type int_type real_type order_dir lock_option
|
|
|
|
udf_type if_exists opt_local opt_table_options table_options
|
2005-08-27 18:51:11 +05:00
|
|
|
table_option opt_if_not_exists opt_no_write_to_binlog
|
|
|
|
delete_option opt_temporary all_or_any opt_distinct
|
2004-03-23 14:43:24 +01:00
|
|
|
opt_ignore_leaves fulltext_options spatial_type union_option
|
2005-02-14 21:50:09 +01:00
|
|
|
start_transaction_opts opt_chain opt_release
|
2005-08-27 18:51:11 +05:00
|
|
|
union_opt select_derived_init option_type2
|
2006-02-14 13:19:54 +01:00
|
|
|
opt_natural_language_mode opt_query_expansion
|
|
|
|
opt_ev_status opt_ev_on_completion ev_on_completion opt_ev_comment
|
|
|
|
ev_alter_on_schedule_completion opt_ev_rename_to opt_ev_sql_stmt
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <ulong_num>
|
2007-08-14 20:31:06 -06:00
|
|
|
ulong_num real_ulong_num merge_insert_types
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-09-14 02:54:33 +03:00
|
|
|
%type <ulonglong_number>
|
2007-08-14 20:31:06 -06:00
|
|
|
ulonglong_num real_ulonglong_num size_number
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-10-11 18:07:40 +03:00
|
|
|
%type <choice> choice
|
|
|
|
|
2006-03-07 15:25:08 +04:00
|
|
|
%type <p_elem_value>
|
2005-07-22 14:47:05 -04:00
|
|
|
part_bit_expr
|
|
|
|
|
2002-11-16 20:19:10 +02:00
|
|
|
%type <lock_type>
|
2007-08-14 20:31:06 -06:00
|
|
|
replace_lock_option opt_low_priority insert_lock_option load_data_lock
|
2002-11-16 20:19:10 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
%type <item>
|
2007-08-14 20:31:06 -06:00
|
|
|
literal text_literal insert_ident order_ident
|
|
|
|
simple_ident select_item2 expr opt_expr opt_else sum_expr in_sum_expr
|
2007-08-28 15:56:12 -06:00
|
|
|
variable variable_aux bool_pri
|
|
|
|
predicate bit_expr
|
2007-08-14 20:31:06 -06:00
|
|
|
table_wild simple_expr udf_expr
|
2007-11-30 09:34:25 -02:00
|
|
|
expr_or_default set_expr_or_default
|
2007-08-14 20:31:06 -06:00
|
|
|
param_marker geometry_function
|
|
|
|
signed_literal now_or_signed_literal opt_escape
|
|
|
|
sp_opt_default
|
|
|
|
simple_ident_nospvar simple_ident_q
|
2005-06-07 14:11:36 +04:00
|
|
|
field_or_var limit_option
|
2005-07-22 14:47:05 -04:00
|
|
|
part_func_expr
|
2006-11-02 11:01:53 -07:00
|
|
|
function_call_keyword
|
|
|
|
function_call_nonkeyword
|
|
|
|
function_call_generic
|
|
|
|
function_call_conflict
|
2004-03-18 18:27:03 +02:00
|
|
|
|
|
|
|
%type <item_num>
|
2007-08-14 20:31:06 -06:00
|
|
|
NUM_literal
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <item_list>
|
2007-08-22 15:38:32 -06:00
|
|
|
expr_list opt_udf_expr_list udf_expr_list when_list
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_list ident_list_arg opt_expr_list
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-08-27 18:51:11 +05:00
|
|
|
%type <var_type>
|
|
|
|
option_type opt_var_type opt_var_ident_type
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
%type <key_type>
|
2007-08-14 20:31:06 -06:00
|
|
|
key_type opt_unique_or_fulltext constraint_key_type
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-02-22 15:24:42 +04:00
|
|
|
%type <key_alg>
|
2007-08-14 20:31:06 -06:00
|
|
|
btree_or_rtree
|
2002-02-22 15:24:42 +04:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
%type <string_list>
|
2007-08-14 20:31:06 -06:00
|
|
|
using_list
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <key_part>
|
2007-08-14 20:31:06 -06:00
|
|
|
key_part
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <table_list>
|
2007-08-14 20:31:06 -06:00
|
|
|
join_table_list join_table
|
2007-12-19 20:59:57 -02:00
|
|
|
table_factor table_ref esc_table_ref
|
2005-03-16 00:13:23 +00:00
|
|
|
select_derived derived_table_list
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-11-03 14:01:59 +02:00
|
|
|
%type <date_time_type> date_time_type;
|
2000-07-31 21:29:14 +02:00
|
|
|
%type <interval> interval
|
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
%type <interval_time_st> interval_time_st
|
|
|
|
|
2008-02-25 13:25:57 +03:00
|
|
|
%type <interval_time_st> interval_time_stamp
|
|
|
|
|
Bug#24392 (SHOW ENGINE MUTEX STATUS is a synonym for SHOW INNODB STATUS)
Before this fix, the command SHOW ENGINE <name> STATUS would:
- print a warning if the engine name is unknown,
- proceed and implement the same behavior as SHOW ENGINE ALL STATUS,
and list the status of all the storage engines registered.
In particular, this behavior caused confusion about the command :
SHOW ENGINE MUTEX STATUS, which as a side effect would print the status
of the innodb engine when that engine is registered.
Also, before this fix, every time an unknown engine name was substituted by
the default engine (which happen unless SQL_MODE NO_ENGINE_SUBSTITUTION is
set), a malformed warning was raised.
For example, the command ALTER TABLE T1 ENGINE = X would print :
Warnings:
Error 1286 Unknown table engine 'X'
With this fix:
SHOW ENGINE <name> STATUS|LOGS|MUTEX
always fails with an error when the engine <name> is unknown.
For other commands, warnings about unknown engines are raised as:
Warnings:
Warning 1286 Unknown table engine 'X'
In other words, engine substitution never affect the SHOW ENGINE command,
since this would lead to very confusing results.
2007-01-23 15:14:08 -07:00
|
|
|
%type <db_type> storage_engines known_storage_engines
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
%type <row_type> row_types
|
|
|
|
|
2002-07-23 18:31:22 +03:00
|
|
|
%type <tx_isolation> isolation_types
|
2001-03-21 01:02:22 +02:00
|
|
|
|
2001-11-06 00:05:45 +02:00
|
|
|
%type <ha_rkey_mode> handler_rkey_mode
|
|
|
|
|
2004-01-22 22:13:24 +02:00
|
|
|
%type <cast_type> cast_type
|
2002-01-03 00:46:43 +02:00
|
|
|
|
2006-11-02 11:01:53 -07:00
|
|
|
%type <symbol> keyword keyword_sp
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2006-03-01 14:13:07 +03:00
|
|
|
%type <lex_user> user grant_user
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-12-05 01:14:51 +03:00
|
|
|
%type <charset>
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_collate
|
|
|
|
charset_name
|
|
|
|
charset_name_or_default
|
|
|
|
old_or_new_charset_name
|
|
|
|
old_or_new_charset_name_or_default
|
|
|
|
collation_name
|
|
|
|
collation_name_or_default
|
|
|
|
opt_load_data_charset
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
UNDERSCORE_CHARSET
|
2002-09-12 19:36:22 +05:00
|
|
|
|
2002-07-23 18:31:22 +03:00
|
|
|
%type <variable> internal_variable_name
|
|
|
|
|
2007-11-26 13:36:24 +02:00
|
|
|
%type <select_lex> subselect take_first_select
|
2007-08-14 20:31:06 -06:00
|
|
|
get_select_lex
|
2002-10-27 23:27:00 +02:00
|
|
|
|
2002-11-07 23:45:19 +02:00
|
|
|
%type <boolfunc2creator> comp_op
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
%type <NONE>
|
2007-08-14 20:31:06 -06:00
|
|
|
query verb_clause create change select do drop insert replace insert2
|
|
|
|
insert_values update delete truncate rename
|
|
|
|
show describe load alter optimize keycache preload flush
|
|
|
|
reset purge begin commit rollback savepoint release
|
|
|
|
slave master_def master_defs master_file_def slave_until_opts
|
|
|
|
repair restore backup analyze check start checksum
|
|
|
|
field_list field_list_item field_spec kill column_def key_def
|
|
|
|
keycache_list assign_to_keycache preload_list preload_keys
|
|
|
|
select_item_list select_item values_list no_braces
|
|
|
|
opt_limit_clause delete_limit_clause fields opt_values values
|
|
|
|
procedure_list procedure_list2 procedure_item
|
2007-08-22 15:38:32 -06:00
|
|
|
handler
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_precision opt_ignore opt_column opt_restrict
|
|
|
|
grant revoke set lock unlock string_list field_options field_option
|
|
|
|
field_opt_list opt_binary table_lock_list table_lock
|
|
|
|
ref_list opt_on_delete opt_on_delete_list opt_on_delete_item use
|
|
|
|
opt_delete_options opt_delete_option varchar nchar nvarchar
|
2007-09-03 16:24:33 +02:00
|
|
|
opt_outer table_list table_name table_alias_ref_list table_alias_ref
|
2007-10-16 20:47:08 -06:00
|
|
|
opt_option opt_place
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_attribute opt_attribute_list attribute column_list column_list_id
|
|
|
|
opt_column_list grant_privileges grant_ident grant_list grant_option
|
|
|
|
object_privilege object_privilege_list user_list rename_list
|
|
|
|
clear_privileges flush_options flush_option
|
|
|
|
equal optional_braces
|
|
|
|
opt_mi_check_type opt_to mi_check_types normal_join
|
2007-09-10 16:10:37 -06:00
|
|
|
table_to_table_list table_to_table opt_table_list opt_as
|
2007-08-14 20:31:06 -06:00
|
|
|
handler_rkey_function handler_read_or_scan
|
|
|
|
single_multi table_wild_list table_wild_one opt_wild
|
|
|
|
union_clause union_list
|
|
|
|
precision subselect_start opt_and charset
|
2008-04-01 12:19:20 -04:00
|
|
|
subselect_end select_var_list select_var_list_init help
|
|
|
|
field_length opt_field_length
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_extended_describe
|
2005-09-14 10:53:09 +03:00
|
|
|
prepare prepare_src execute deallocate
|
2007-08-14 20:31:06 -06:00
|
|
|
statement sp_suid
|
|
|
|
sp_c_chistics sp_a_chistics sp_chistic sp_c_chistic xa
|
2005-03-16 04:32:47 +03:00
|
|
|
load_data opt_field_or_var_spec fields_or_vars opt_load_data_set_spec
|
2007-10-16 20:47:08 -06:00
|
|
|
view_replace_or_algorithm view_replace
|
2006-06-27 13:15:40 +02:00
|
|
|
view_algorithm view_or_trigger_or_sp_or_event
|
2007-10-16 20:47:08 -06:00
|
|
|
definer_tail no_definer_tail
|
2006-03-09 20:41:21 +03:00
|
|
|
view_suid view_tail view_list_opt view_list view_select
|
2007-10-16 20:47:08 -06:00
|
|
|
view_check_option trigger_tail sp_tail sf_tail udf_tail event_tail
|
2005-12-26 17:22:12 +04:00
|
|
|
install uninstall partition_entry binlog_base64_event
|
2007-08-14 20:31:06 -06:00
|
|
|
init_key_options key_options key_opts key_opt key_using_alg
|
2006-12-01 19:47:45 -05:00
|
|
|
server_def server_options_list server_option
|
2007-10-16 20:47:08 -06:00
|
|
|
definer_opt no_definer definer
|
2001-06-03 17:07:26 +03:00
|
|
|
END_OF_INPUT
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
%type <NONE> call sp_proc_stmts sp_proc_stmts1 sp_proc_stmt
|
2005-12-02 13:07:02 +01:00
|
|
|
%type <NONE> sp_proc_stmt_statement sp_proc_stmt_return
|
2006-12-12 13:50:55 -07:00
|
|
|
%type <NONE> sp_proc_stmt_if
|
2008-01-23 16:21:09 -07:00
|
|
|
%type <NONE> sp_labeled_control sp_proc_stmt_unlabeled
|
|
|
|
%type <NONE> sp_labeled_block sp_unlabeled_block
|
|
|
|
%type <NONE> sp_proc_stmt_leave
|
2006-04-25 17:44:35 +02:00
|
|
|
%type <NONE> sp_proc_stmt_iterate
|
2005-12-02 13:07:02 +01:00
|
|
|
%type <NONE> sp_proc_stmt_open sp_proc_stmt_fetch sp_proc_stmt_close
|
2006-12-12 13:50:55 -07:00
|
|
|
%type <NONE> case_stmt_specification simple_case_stmt searched_case_stmt
|
2005-12-02 13:07:02 +01:00
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
%type <num> sp_decl_idents sp_opt_inout sp_handler_type sp_hcond_list
|
|
|
|
%type <spcondtype> sp_cond sp_hcond
|
|
|
|
%type <spblock> sp_decls sp_decl
|
|
|
|
%type <lex> sp_cursor_stmt
|
|
|
|
%type <spname> sp_name
|
2007-03-05 19:08:41 +02:00
|
|
|
%type <index_hint> index_hint_type
|
|
|
|
%type <num> index_hint_clause
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
%type <NONE>
|
2007-08-14 20:31:06 -06:00
|
|
|
'-' '+' '*' '/' '%' '(' ')'
|
|
|
|
',' '!' '{' '}' '&' '|' AND_SYM OR_SYM OR_OR_SYM BETWEEN_SYM CASE_SYM
|
|
|
|
THEN_SYM WHEN_SYM DIV_SYM MOD_SYM OR2_SYM AND_AND_SYM
|
2000-07-31 21:29:14 +02:00
|
|
|
%%
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
Indentation of grammar rules:
|
|
|
|
|
|
|
|
rule: <-- starts at col 1
|
|
|
|
rule1a rule1b rule1c <-- starts at col 11
|
|
|
|
{ <-- starts at col 11
|
|
|
|
code <-- starts at col 13, indentation is 2 spaces
|
|
|
|
}
|
|
|
|
| rule2a rule2b
|
|
|
|
{
|
|
|
|
code
|
|
|
|
}
|
|
|
|
; <-- on a line by itself, starts at col 9
|
|
|
|
|
2007-08-24 09:08:11 -06:00
|
|
|
Also, please do not use any <TAB>, but spaces.
|
|
|
|
Having a uniform indentation in this file helps
|
|
|
|
code reviews, patches, merges, and make maintenance easier.
|
|
|
|
Tip: grep [[:cntrl:]] sql_yacc.yy
|
|
|
|
Thanks.
|
2007-08-14 20:31:06 -06:00
|
|
|
*/
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
query:
|
2007-08-14 20:31:06 -06:00
|
|
|
END_OF_INPUT
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
if (!thd->bootstrap &&
|
|
|
|
(!(thd->lex->select_lex.options & OPTION_FOUND_COMMENT)))
|
|
|
|
{
|
|
|
|
my_message(ER_EMPTY_QUERY, ER(ER_EMPTY_QUERY), MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2008-07-07 10:00:08 -06:00
|
|
|
thd->lex->sql_command= SQLCOM_EMPTY_QUERY;
|
2008-07-14 15:41:30 -06:00
|
|
|
YYLIP->found_semicolon= NULL;
|
2008-07-07 10:00:08 -06:00
|
|
|
}
|
|
|
|
| verb_clause
|
|
|
|
{
|
2008-07-14 15:41:30 -06:00
|
|
|
Lex_input_stream *lip = YYLIP;
|
2008-07-07 10:00:08 -06:00
|
|
|
|
|
|
|
if ((YYTHD->client_capabilities & CLIENT_MULTI_QUERIES) &&
|
|
|
|
! lip->stmt_prepare_mode &&
|
2008-07-07 15:53:20 -06:00
|
|
|
! lip->eof())
|
2008-07-07 10:00:08 -06:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
We found a well formed query, and multi queries are allowed:
|
|
|
|
- force the parser to stop after the ';'
|
|
|
|
- mark the start of the next query for the next invocation
|
|
|
|
of the parser.
|
|
|
|
*/
|
|
|
|
lip->next_state= MY_LEX_END;
|
2008-07-07 15:53:20 -06:00
|
|
|
lip->found_semicolon= lip->get_ptr();
|
2008-07-07 10:00:08 -06:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else
|
|
|
|
{
|
2008-07-07 10:00:08 -06:00
|
|
|
/* Single query, terminated. */
|
|
|
|
lip->found_semicolon= NULL;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
}
|
2008-07-07 10:00:08 -06:00
|
|
|
';'
|
|
|
|
opt_end_of_input
|
|
|
|
| verb_clause END_OF_INPUT
|
|
|
|
{
|
|
|
|
/* Single query, not terminated. */
|
2008-07-14 15:41:30 -06:00
|
|
|
YYLIP->found_semicolon= NULL;
|
2008-07-07 10:00:08 -06:00
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
opt_end_of_input:
|
|
|
|
/* empty */
|
|
|
|
| END_OF_INPUT
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
verb_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
statement
|
|
|
|
| begin
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
/* Verb clauses, except begin */
|
|
|
|
statement:
|
2007-08-14 20:31:06 -06:00
|
|
|
alter
|
|
|
|
| analyze
|
|
|
|
| backup
|
|
|
|
| binlog_base64_event
|
|
|
|
| call
|
|
|
|
| change
|
|
|
|
| check
|
|
|
|
| checksum
|
|
|
|
| commit
|
|
|
|
| create
|
2004-06-07 12:09:10 +04:00
|
|
|
| deallocate
|
2007-08-14 20:31:06 -06:00
|
|
|
| delete
|
|
|
|
| describe
|
|
|
|
| do
|
|
|
|
| drop
|
2004-06-07 12:09:10 +04:00
|
|
|
| execute
|
2007-08-14 20:31:06 -06:00
|
|
|
| flush
|
|
|
|
| grant
|
|
|
|
| handler
|
|
|
|
| help
|
|
|
|
| insert
|
2005-11-06 13:13:06 +01:00
|
|
|
| install
|
2007-08-14 20:31:06 -06:00
|
|
|
| kill
|
|
|
|
| load
|
|
|
|
| lock
|
|
|
|
| optimize
|
2003-08-26 00:15:49 -07:00
|
|
|
| keycache
|
2005-07-18 13:31:02 +02:00
|
|
|
| partition_entry
|
2007-08-14 20:31:06 -06:00
|
|
|
| preload
|
2004-06-07 12:09:10 +04:00
|
|
|
| prepare
|
2007-08-14 20:31:06 -06:00
|
|
|
| purge
|
|
|
|
| release
|
|
|
|
| rename
|
|
|
|
| repair
|
|
|
|
| replace
|
|
|
|
| reset
|
|
|
|
| restore
|
|
|
|
| revoke
|
|
|
|
| rollback
|
|
|
|
| savepoint
|
|
|
|
| select
|
|
|
|
| set
|
|
|
|
| show
|
|
|
|
| slave
|
|
|
|
| start
|
|
|
|
| truncate
|
2005-11-06 13:13:06 +01:00
|
|
|
| uninstall
|
2007-08-14 20:31:06 -06:00
|
|
|
| unlock
|
|
|
|
| update
|
|
|
|
| use
|
|
|
|
| xa
|
2003-08-05 21:14:15 +02:00
|
|
|
;
|
2002-12-05 01:14:51 +03:00
|
|
|
|
2004-04-05 19:43:37 +04:00
|
|
|
deallocate:
|
2007-08-14 20:31:06 -06:00
|
|
|
deallocate_or_drop PREPARE_SYM ident
|
2004-04-05 19:43:37 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
lex->sql_command= SQLCOM_DEALLOCATE_PREPARE;
|
|
|
|
lex->prepared_stmt_name= $3;
|
2004-04-05 19:43:37 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2004-04-05 19:43:37 +04:00
|
|
|
|
2004-06-18 03:02:29 +03:00
|
|
|
deallocate_or_drop:
|
2007-08-14 20:31:06 -06:00
|
|
|
DEALLOCATE_SYM
|
|
|
|
| DROP
|
|
|
|
;
|
2004-06-18 03:02:29 +03:00
|
|
|
|
2004-04-05 19:43:37 +04:00
|
|
|
prepare:
|
2007-08-14 20:31:06 -06:00
|
|
|
PREPARE_SYM ident FROM prepare_src
|
2004-04-05 19:43:37 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
lex->sql_command= SQLCOM_PREPARE;
|
|
|
|
lex->prepared_stmt_name= $2;
|
2004-04-05 19:43:37 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2004-04-05 19:43:37 +04:00
|
|
|
|
2004-05-21 04:27:50 +04:00
|
|
|
prepare_src:
|
2007-08-14 20:31:06 -06:00
|
|
|
TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
lex->prepared_stmt_code= $1;
|
|
|
|
lex->prepared_stmt_code_is_varref= FALSE;
|
|
|
|
}
|
2004-05-21 04:27:50 +04:00
|
|
|
| '@' ident_or_text
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
lex->prepared_stmt_code= $2;
|
|
|
|
lex->prepared_stmt_code_is_varref= TRUE;
|
|
|
|
}
|
|
|
|
;
|
2004-06-07 12:09:10 +04:00
|
|
|
|
2004-04-05 19:43:37 +04:00
|
|
|
execute:
|
2007-08-14 20:31:06 -06:00
|
|
|
EXECUTE_SYM ident
|
2004-04-05 19:43:37 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
lex->sql_command= SQLCOM_EXECUTE;
|
|
|
|
lex->prepared_stmt_name= $2;
|
2004-04-05 19:43:37 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
execute_using
|
|
|
|
{}
|
2004-04-05 19:43:37 +04:00
|
|
|
;
|
|
|
|
|
|
|
|
execute_using:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* nothing */
|
2004-04-05 19:43:37 +04:00
|
|
|
| USING execute_var_list
|
|
|
|
;
|
|
|
|
|
|
|
|
execute_var_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
execute_var_list ',' execute_var_ident
|
2004-04-30 20:08:38 +04:00
|
|
|
| execute_var_ident
|
2004-04-05 19:43:37 +04:00
|
|
|
;
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
execute_var_ident:
|
|
|
|
'@' ident_or_text
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
LEX_STRING *lexstr= (LEX_STRING*)sql_memdup(&$2, sizeof(LEX_STRING));
|
|
|
|
if (!lexstr || lex->prepared_stmt_params.push_back(lexstr))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2004-04-05 19:43:37 +04:00
|
|
|
;
|
|
|
|
|
2002-10-28 17:44:19 +04:00
|
|
|
/* help */
|
|
|
|
|
2002-12-05 01:14:51 +03:00
|
|
|
help:
|
2007-08-14 20:31:06 -06:00
|
|
|
HELP_SYM
|
|
|
|
{
|
|
|
|
if (Lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "HELP");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ident_or_text
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_HELP;
|
|
|
|
lex->help_arg= $3.str;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
/* change master */
|
|
|
|
|
|
|
|
change:
|
2007-08-14 20:31:06 -06:00
|
|
|
CHANGE MASTER_SYM TO_SYM
|
|
|
|
{
|
|
|
|
LEX *lex = Lex;
|
|
|
|
lex->sql_command = SQLCOM_CHANGE_MASTER;
|
|
|
|
bzero((char*) &lex->mi, sizeof(lex->mi));
|
|
|
|
}
|
|
|
|
master_defs
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
master_defs:
|
2007-08-14 20:31:06 -06:00
|
|
|
master_def
|
|
|
|
| master_defs ',' master_def
|
|
|
|
;
|
2000-08-22 00:39:08 +03:00
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
master_def:
|
2007-08-14 20:31:06 -06:00
|
|
|
MASTER_HOST_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.host = $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_USER_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.user = $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_PASSWORD_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.password = $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_PORT_SYM EQ ulong_num
|
|
|
|
{
|
|
|
|
Lex->mi.port = $3;
|
|
|
|
}
|
|
|
|
| MASTER_CONNECT_RETRY_SYM EQ ulong_num
|
|
|
|
{
|
|
|
|
Lex->mi.connect_retry = $3;
|
|
|
|
}
|
|
|
|
| MASTER_SSL_SYM EQ ulong_num
|
|
|
|
{
|
|
|
|
Lex->mi.ssl= $3 ?
|
|
|
|
LEX_MASTER_INFO::SSL_ENABLE : LEX_MASTER_INFO::SSL_DISABLE;
|
|
|
|
}
|
|
|
|
| MASTER_SSL_CA_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.ssl_ca= $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_SSL_CAPATH_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.ssl_capath= $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_SSL_CERT_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.ssl_cert= $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_SSL_CIPHER_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.ssl_cipher= $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_SSL_KEY_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.ssl_key= $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_SSL_VERIFY_SERVER_CERT_SYM EQ ulong_num
|
|
|
|
{
|
|
|
|
Lex->mi.ssl_verify_server_cert= $3 ?
|
|
|
|
LEX_MASTER_INFO::SSL_ENABLE : LEX_MASTER_INFO::SSL_DISABLE;
|
|
|
|
}
|
|
|
|
| master_file_def
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
master_file_def:
|
2007-08-14 20:31:06 -06:00
|
|
|
MASTER_LOG_FILE_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.log_file_name = $3.str;
|
|
|
|
}
|
|
|
|
| MASTER_LOG_POS_SYM EQ ulonglong_num
|
|
|
|
{
|
|
|
|
Lex->mi.pos = $3;
|
|
|
|
/*
|
|
|
|
If the user specified a value < BIN_LOG_HEADER_SIZE, adjust it
|
|
|
|
instead of causing subsequent errors.
|
|
|
|
We need to do it in this file, because only there we know that
|
|
|
|
MASTER_LOG_POS has been explicitely specified. On the contrary
|
|
|
|
in change_master() (sql_repl.cc) we cannot distinguish between 0
|
|
|
|
(MASTER_LOG_POS explicitely specified as 0) and 0 (unspecified),
|
|
|
|
whereas we want to distinguish (specified 0 means "read the binlog
|
|
|
|
from 0" (4 in fact), unspecified means "don't change the position
|
|
|
|
(keep the preceding value)").
|
|
|
|
*/
|
|
|
|
Lex->mi.pos = max(BIN_LOG_HEADER_SIZE, Lex->mi.pos);
|
|
|
|
}
|
|
|
|
| RELAY_LOG_FILE_SYM EQ TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->mi.relay_log_name = $3.str;
|
|
|
|
}
|
|
|
|
| RELAY_LOG_POS_SYM EQ ulong_num
|
|
|
|
{
|
|
|
|
Lex->mi.relay_log_pos = $3;
|
|
|
|
/* Adjust if < BIN_LOG_HEADER_SIZE (same comment as Lex->mi.pos) */
|
|
|
|
Lex->mi.relay_log_pos = max(BIN_LOG_HEADER_SIZE, Lex->mi.relay_log_pos);
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
/* create a table */
|
|
|
|
|
|
|
|
create:
|
2007-08-14 20:31:06 -06:00
|
|
|
CREATE opt_table_options TABLE_SYM opt_if_not_exists table_ident
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
lex->sql_command= SQLCOM_CREATE_TABLE;
|
|
|
|
if (!lex->select_lex.add_table_to_list(thd, $5, NULL,
|
|
|
|
TL_OPTION_UPDATING,
|
|
|
|
TL_WRITE))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->alter_info.reset();
|
|
|
|
lex->col_list.empty();
|
|
|
|
lex->change=NullS;
|
|
|
|
bzero((char*) &lex->create_info,sizeof(lex->create_info));
|
|
|
|
lex->create_info.options=$2 | $4;
|
|
|
|
lex->create_info.db_type= ha_default_handlerton(thd);
|
|
|
|
lex->create_info.default_table_charset= NULL;
|
|
|
|
lex->name.str= 0;
|
|
|
|
lex->name.length= 0;
|
|
|
|
}
|
|
|
|
create2
|
|
|
|
{
|
|
|
|
LEX *lex= YYTHD->lex;
|
|
|
|
lex->current_select= &lex->select_lex;
|
|
|
|
if (!lex->create_info.db_type)
|
|
|
|
{
|
|
|
|
lex->create_info.db_type= ha_default_handlerton(YYTHD);
|
|
|
|
push_warning_printf(YYTHD, MYSQL_ERROR::WARN_LEVEL_WARN,
|
|
|
|
ER_WARN_USING_OTHER_HANDLER,
|
|
|
|
ER(ER_WARN_USING_OTHER_HANDLER),
|
|
|
|
ha_resolve_storage_engine_name(lex->create_info.db_type),
|
|
|
|
$5->table.str);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| CREATE opt_unique_or_fulltext INDEX_SYM ident key_alg ON
|
|
|
|
table_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_CREATE_INDEX;
|
|
|
|
if (!lex->current_select->add_table_to_list(lex->thd, $7,
|
|
|
|
NULL,
|
|
|
|
TL_OPTION_UPDATING))
|
|
|
|
MYSQL_YYABORT;
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
lex->alter_info.reset();
|
|
|
|
lex->alter_info.flags= ALTER_ADD_INDEX;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->col_list.empty();
|
|
|
|
lex->change=NullS;
|
|
|
|
}
|
|
|
|
'(' key_list ')' key_options
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
Key *key;
|
2007-08-14 20:31:06 -06:00
|
|
|
if ($2 != Key::FULLTEXT && lex->key_create_info.parser_name.str)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
key= new Key($2, $4.str, &lex->key_create_info, 0,
|
|
|
|
lex->col_list);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (key == NULL)
|
|
|
|
MYSQL_YYABORT;
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
lex->alter_info.key_list.push_back(key);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->col_list.empty();
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CREATE DATABASE opt_if_not_exists ident
|
|
|
|
{
|
|
|
|
Lex->create_info.default_table_charset= NULL;
|
|
|
|
Lex->create_info.used_fields= 0;
|
|
|
|
}
|
|
|
|
opt_create_database_options
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command=SQLCOM_CREATE_DB;
|
|
|
|
lex->name= $4;
|
2004-11-11 19:01:46 -08:00
|
|
|
lex->create_info.options=$3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| CREATE
|
|
|
|
{
|
2006-06-27 13:15:40 +02:00
|
|
|
Lex->create_view_mode= VIEW_CREATE_NEW;
|
|
|
|
Lex->create_view_algorithm= VIEW_ALGORITHM_UNDEFINED;
|
|
|
|
Lex->create_view_suid= TRUE;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
view_or_trigger_or_sp_or_event
|
|
|
|
{}
|
|
|
|
| CREATE USER clear_privileges grant_list
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_CREATE_USER;
|
|
|
|
}
|
|
|
|
| CREATE LOGFILE_SYM GROUP_SYM logfile_group_info
|
2006-06-27 13:15:40 +02:00
|
|
|
{
|
2006-08-14 15:26:59 +02:00
|
|
|
Lex->alter_tablespace_info->ts_cmd_type= CREATE_LOGFILE_GROUP;
|
2006-06-27 13:15:40 +02:00
|
|
|
}
|
|
|
|
| CREATE TABLESPACE tablespace_info
|
|
|
|
{
|
2006-08-14 15:26:59 +02:00
|
|
|
Lex->alter_tablespace_info->ts_cmd_type= CREATE_TABLESPACE;
|
2006-06-27 13:15:40 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CREATE server_def
|
|
|
|
{
|
|
|
|
Lex->sql_command= SQLCOM_CREATE_SERVER;
|
2006-12-01 19:47:45 -05:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
|
|
|
|
2006-12-01 19:47:45 -05:00
|
|
|
server_def:
|
2007-08-14 20:31:06 -06:00
|
|
|
SERVER_SYM
|
|
|
|
ident_or_text
|
|
|
|
FOREIGN DATA_SYM WRAPPER_SYM
|
|
|
|
ident_or_text
|
|
|
|
OPTIONS_SYM '(' server_options_list ')'
|
|
|
|
{
|
|
|
|
Lex->server_options.server_name= $2.str;
|
|
|
|
Lex->server_options.server_name_length= $2.length;
|
|
|
|
Lex->server_options.scheme= $6.str;
|
|
|
|
}
|
2006-12-01 19:47:45 -05:00
|
|
|
;
|
2006-06-27 13:15:40 +02:00
|
|
|
|
2006-12-01 19:47:45 -05:00
|
|
|
server_options_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
server_option
|
2006-12-01 19:47:45 -05:00
|
|
|
| server_options_list ',' server_option
|
|
|
|
;
|
|
|
|
|
|
|
|
server_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
USER TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->server_options.username= $2.str;
|
|
|
|
}
|
|
|
|
| HOST_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->server_options.host= $2.str;
|
|
|
|
}
|
|
|
|
| DATABASE TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->server_options.db= $2.str;
|
|
|
|
}
|
|
|
|
| OWNER_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->server_options.owner= $2.str;
|
|
|
|
}
|
|
|
|
| PASSWORD TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->server_options.password= $2.str;
|
|
|
|
}
|
|
|
|
| SOCKET_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->server_options.socket= $2.str;
|
|
|
|
}
|
|
|
|
| PORT_SYM ulong_num
|
|
|
|
{
|
|
|
|
Lex->server_options.port= $2;
|
|
|
|
}
|
2006-12-01 19:47:45 -05:00
|
|
|
;
|
2006-06-27 13:15:40 +02:00
|
|
|
|
|
|
|
event_tail:
|
|
|
|
EVENT_SYM opt_if_not_exists sp_name
|
2005-12-02 13:07:02 +01:00
|
|
|
{
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex=Lex;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
lex->create_info.options= $2;
|
|
|
|
if (!(lex->event_parse_data= Event_parse_data::new_instance(thd)))
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
lex->event_parse_data->identifier= $3;
|
2008-08-18 13:05:51 +02:00
|
|
|
lex->event_parse_data->on_completion=
|
|
|
|
Event_parse_data::ON_COMPLETION_DROP;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
lex->sql_command= SQLCOM_CREATE_EVENT;
|
2006-08-23 16:53:04 +02:00
|
|
|
/* We need that for disallowing subqueries */
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
|
|
|
ON SCHEDULE_SYM ev_schedule_time
|
2006-01-20 16:12:44 +01:00
|
|
|
opt_ev_on_completion
|
|
|
|
opt_ev_status
|
|
|
|
opt_ev_comment
|
2005-12-02 13:07:02 +01:00
|
|
|
DO_SYM ev_sql_stmt
|
|
|
|
{
|
2005-12-07 19:26:44 +01:00
|
|
|
/*
|
|
|
|
sql_command is set here because some rules in ev_sql_stmt
|
|
|
|
can overwrite it
|
|
|
|
*/
|
2005-12-05 11:45:04 +01:00
|
|
|
Lex->sql_command= SQLCOM_CREATE_EVENT;
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 12:49:56 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
ev_schedule_time:
|
|
|
|
EVERY_SYM expr interval
|
|
|
|
{
|
2006-06-27 10:53:26 +02:00
|
|
|
Lex->event_parse_data->item_expression= $2;
|
|
|
|
Lex->event_parse_data->interval= $3;
|
2006-01-11 12:49:56 +01:00
|
|
|
}
|
|
|
|
ev_starts
|
|
|
|
ev_ends
|
|
|
|
| AT_SYM expr
|
|
|
|
{
|
2006-06-27 10:53:26 +02:00
|
|
|
Lex->event_parse_data->item_execute_at= $2;
|
2006-01-11 12:49:56 +01:00
|
|
|
}
|
2006-09-21 01:33:50 -06:00
|
|
|
;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_ev_status:
|
|
|
|
/* empty */ { $$= 0; }
|
2006-01-24 16:04:35 +01:00
|
|
|
| ENABLE_SYM
|
2006-01-11 12:49:56 +01:00
|
|
|
{
|
2008-05-09 09:43:02 +02:00
|
|
|
Lex->event_parse_data->status= Event_parse_data::ENABLED;
|
2007-03-16 09:56:57 -04:00
|
|
|
$$= 1;
|
|
|
|
}
|
2007-03-30 11:08:19 -04:00
|
|
|
| DISABLE_SYM ON SLAVE
|
2007-03-16 09:56:57 -04:00
|
|
|
{
|
2008-05-09 09:43:02 +02:00
|
|
|
Lex->event_parse_data->status= Event_parse_data::SLAVESIDE_DISABLED;
|
2006-02-14 13:19:54 +01:00
|
|
|
$$= 1;
|
2006-01-11 12:49:56 +01:00
|
|
|
}
|
2006-01-24 16:04:35 +01:00
|
|
|
| DISABLE_SYM
|
2006-01-11 12:49:56 +01:00
|
|
|
{
|
2008-05-09 09:43:02 +02:00
|
|
|
Lex->event_parse_data->status= Event_parse_data::DISABLED;
|
2006-02-14 13:19:54 +01:00
|
|
|
$$= 1;
|
2006-01-11 12:49:56 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 12:49:56 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
ev_starts:
|
|
|
|
/* empty */
|
2006-02-28 11:43:10 +01:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *item= new (YYTHD->mem_root) Item_func_now_local();
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->event_parse_data->item_starts= item;
|
2006-02-28 11:43:10 +01:00
|
|
|
}
|
2006-01-11 12:49:56 +01:00
|
|
|
| STARTS_SYM expr
|
|
|
|
{
|
2006-06-27 10:53:26 +02:00
|
|
|
Lex->event_parse_data->item_starts= $2;
|
2006-01-11 12:49:56 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 12:49:56 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
ev_ends:
|
|
|
|
/* empty */
|
2006-01-11 12:49:56 +01:00
|
|
|
| ENDS_SYM expr
|
|
|
|
{
|
2006-06-27 10:53:26 +02:00
|
|
|
Lex->event_parse_data->item_ends= $2;
|
2006-01-11 12:49:56 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 12:49:56 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_ev_on_completion:
|
|
|
|
/* empty */ { $$= 0; }
|
2006-01-20 16:12:44 +01:00
|
|
|
| ev_on_completion
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-20 16:12:44 +01:00
|
|
|
|
2006-02-14 13:19:54 +01:00
|
|
|
ev_on_completion:
|
2006-01-20 16:12:44 +01:00
|
|
|
ON COMPLETION_SYM PRESERVE_SYM
|
2005-12-02 13:07:02 +01:00
|
|
|
{
|
2006-06-27 10:53:26 +02:00
|
|
|
Lex->event_parse_data->on_completion=
|
2008-05-09 09:43:02 +02:00
|
|
|
Event_parse_data::ON_COMPLETION_PRESERVE;
|
2006-02-14 13:19:54 +01:00
|
|
|
$$= 1;
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
|
|
|
| ON COMPLETION_SYM NOT_SYM PRESERVE_SYM
|
|
|
|
{
|
2006-06-27 10:53:26 +02:00
|
|
|
Lex->event_parse_data->on_completion=
|
2008-05-09 09:43:02 +02:00
|
|
|
Event_parse_data::ON_COMPLETION_DROP;
|
2006-02-14 13:19:54 +01:00
|
|
|
$$= 1;
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 12:49:56 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_ev_comment:
|
|
|
|
/* empty */ { $$= 0; }
|
2005-12-02 13:07:02 +01:00
|
|
|
| COMMENT_SYM TEXT_STRING_sys
|
|
|
|
{
|
2006-06-27 10:53:26 +02:00
|
|
|
Lex->comment= Lex->event_parse_data->comment= $2;
|
2006-10-19 15:56:37 +02:00
|
|
|
$$= 1;
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2005-12-02 13:07:02 +01:00
|
|
|
|
|
|
|
ev_sql_stmt:
|
|
|
|
{
|
2007-04-25 21:38:12 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2006-06-27 13:15:40 +02:00
|
|
|
/*
|
|
|
|
This stops the following :
|
|
|
|
- CREATE EVENT ... DO CREATE EVENT ...;
|
|
|
|
- ALTER EVENT ... DO CREATE EVENT ...;
|
|
|
|
- CREATE EVENT ... DO ALTER EVENT DO ....;
|
|
|
|
- CREATE PROCEDURE ... BEGIN CREATE EVENT ... END|
|
|
|
|
This allows:
|
|
|
|
- CREATE EVENT ... DO DROP EVENT yyy;
|
|
|
|
- CREATE EVENT ... DO ALTER EVENT yyy;
|
|
|
|
(the nested ALTER EVENT can have anything but DO clause)
|
|
|
|
- ALTER EVENT ... DO ALTER EVENT yyy;
|
|
|
|
(the nested ALTER EVENT can have anything but DO clause)
|
|
|
|
- ALTER EVENT ... DO DROP EVENT yyy;
|
|
|
|
- CREATE PROCEDURE ... BEGIN ALTER EVENT ... END|
|
|
|
|
(the nested ALTER EVENT can have anything but DO clause)
|
|
|
|
- CREATE PROCEDURE ... BEGIN DROP EVENT ... END|
|
|
|
|
*/
|
|
|
|
if (lex->sphead)
|
2005-12-15 14:12:28 +01:00
|
|
|
{
|
2007-03-27 22:15:51 +04:00
|
|
|
my_error(ER_EVENT_RECURSION_FORBIDDEN, MYF(0));
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-06-27 13:15:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!(lex->sphead= new sp_head()))
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
lex->sphead->reset_thd_mem_root(thd);
|
2006-06-27 13:15:40 +02:00
|
|
|
lex->sphead->init(lex);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sphead->init_sp_name(thd, lex->event_parse_data->identifier);
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2006-06-27 13:15:40 +02:00
|
|
|
lex->sphead->m_type= TYPE_ENUM_PROCEDURE;
|
2005-12-02 13:07:02 +01:00
|
|
|
|
2006-06-27 13:15:40 +02:00
|
|
|
bzero((char *)&lex->sp_chistics, sizeof(st_sp_chistics));
|
|
|
|
lex->sphead->m_chistics= &lex->sp_chistics;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
lex->sphead->set_body_start(thd, lip->get_cpp_ptr());
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
|
|
|
ev_sql_stmt_inner
|
|
|
|
{
|
2007-04-25 21:38:12 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2006-08-17 14:22:59 +02:00
|
|
|
/* return back to the original memory root ASAP */
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
lex->sphead->set_stmt_end(thd);
|
2007-04-25 21:38:12 -06:00
|
|
|
lex->sphead->restore_thd_mem_root(thd);
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2006-08-17 14:22:59 +02:00
|
|
|
lex->sp_chistics.suid= SP_IS_SUID; //always the definer!
|
2005-12-02 13:07:02 +01:00
|
|
|
|
2007-06-14 18:49:17 +04:00
|
|
|
lex->event_parse_data->body_changed= TRUE;
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2005-12-02 13:07:02 +01:00
|
|
|
ev_sql_stmt_inner:
|
|
|
|
sp_proc_stmt_statement
|
|
|
|
| sp_proc_stmt_return
|
|
|
|
| sp_proc_stmt_if
|
2006-12-12 16:42:35 -07:00
|
|
|
| case_stmt_specification
|
2008-01-23 16:21:09 -07:00
|
|
|
| sp_labeled_block
|
|
|
|
| sp_unlabeled_block
|
2006-02-14 13:19:54 +01:00
|
|
|
| sp_labeled_control
|
2005-12-02 13:07:02 +01:00
|
|
|
| sp_proc_stmt_unlabeled
|
|
|
|
| sp_proc_stmt_leave
|
|
|
|
| sp_proc_stmt_iterate
|
|
|
|
| sp_proc_stmt_open
|
|
|
|
| sp_proc_stmt_fetch
|
|
|
|
| sp_proc_stmt_close
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 12:49:56 +01:00
|
|
|
|
2004-11-25 21:55:49 +01:00
|
|
|
clear_privileges:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Nothing */
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->users_list.empty();
|
|
|
|
lex->columns.empty();
|
|
|
|
lex->grant= lex->grant_tot_col= 0;
|
|
|
|
lex->all_privileges= 0;
|
|
|
|
lex->select_lex.db= 0;
|
|
|
|
lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
|
|
|
|
lex->ssl_cipher= lex->x509_subject= lex->x509_issuer= 0;
|
|
|
|
bzero((char *)&(lex->mqh),sizeof(lex->mqh));
|
|
|
|
}
|
2004-11-25 21:55:49 +01:00
|
|
|
;
|
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
sp_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident '.' ident
|
|
|
|
{
|
2006-10-16 19:57:33 +03:00
|
|
|
if (!$1.str || check_db_name(&$1))
|
2006-01-11 15:11:05 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
my_error(ER_WRONG_DB_NAME, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (check_routine_name(&$3))
|
2006-01-11 15:11:05 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
$$= new sp_name($1, $3, true);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$->init_qname(YYTHD);
|
|
|
|
}
|
|
|
|
| ident
|
|
|
|
{
|
A fix and a test case for
Bug#19022 "Memory bug when switching db during trigger execution"
Bug#17199 "Problem when view calls function from another database."
Bug#18444 "Fully qualified stored function names don't work correctly in
SELECT statements"
Documentation note: this patch introduces a change in behaviour of prepared
statements.
This patch adds a few new invariants with regard to how THD::db should
be used. These invariants should be preserved in future:
- one should never refer to THD::db by pointer and always make a deep copy
(strmake, strdup)
- one should never compare two databases by pointer, but use strncmp or
my_strncasecmp
- TABLE_LIST object table->db should be always initialized in the parser or
by creator of the object.
For prepared statements it means that if the current database is changed
after a statement is prepared, the database that was current at prepare
remains active. This also means that you can not prepare a statement that
implicitly refers to the current database if the latter is not set.
This is not documented, and therefore needs documentation. This is NOT a
change in behavior for almost all SQL statements except:
- ALTER TABLE t1 RENAME t2
- OPTIMIZE TABLE t1
- ANALYZE TABLE t1
- TRUNCATE TABLE t1 --
until this patch t1 or t2 could be evaluated at the first execution of
prepared statement.
CURRENT_DATABASE() still works OK and is evaluated at every execution
of prepared statement.
Note, that in stored routines this is not an issue as the default
database is the database of the stored procedure and "use" statement
is prohibited in stored routines.
This patch makes obsolete the use of check_db_used (it was never used in the
old code too) and all other places that check for table->db and assign it
from THD::db if it's NULL, except the parser.
How this patch was created: THD::{db,db_length} were replaced with a
LEX_STRING, THD::db. All the places that refer to THD::{db,db_length} were
manually checked and:
- if the place uses thd->db by pointer, it was fixed to make a deep copy
- if a place compared two db pointers, it was fixed to compare them by value
(via strcmp/my_strcasecmp, whatever was approproate)
Then this intermediate patch was used to write a smaller patch that does the
same thing but without a rename.
TODO in 5.1:
- remove check_db_used
- deploy THD::set_db in mysql_change_db
See also comments to individual files.
2006-06-27 00:47:52 +04:00
|
|
|
THD *thd= YYTHD;
|
2007-07-17 00:59:21 +04:00
|
|
|
LEX *lex= thd->lex;
|
A fix and a test case for
Bug#19022 "Memory bug when switching db during trigger execution"
Bug#17199 "Problem when view calls function from another database."
Bug#18444 "Fully qualified stored function names don't work correctly in
SELECT statements"
Documentation note: this patch introduces a change in behaviour of prepared
statements.
This patch adds a few new invariants with regard to how THD::db should
be used. These invariants should be preserved in future:
- one should never refer to THD::db by pointer and always make a deep copy
(strmake, strdup)
- one should never compare two databases by pointer, but use strncmp or
my_strncasecmp
- TABLE_LIST object table->db should be always initialized in the parser or
by creator of the object.
For prepared statements it means that if the current database is changed
after a statement is prepared, the database that was current at prepare
remains active. This also means that you can not prepare a statement that
implicitly refers to the current database if the latter is not set.
This is not documented, and therefore needs documentation. This is NOT a
change in behavior for almost all SQL statements except:
- ALTER TABLE t1 RENAME t2
- OPTIMIZE TABLE t1
- ANALYZE TABLE t1
- TRUNCATE TABLE t1 --
until this patch t1 or t2 could be evaluated at the first execution of
prepared statement.
CURRENT_DATABASE() still works OK and is evaluated at every execution
of prepared statement.
Note, that in stored routines this is not an issue as the default
database is the database of the stored procedure and "use" statement
is prohibited in stored routines.
This patch makes obsolete the use of check_db_used (it was never used in the
old code too) and all other places that check for table->db and assign it
from THD::db if it's NULL, except the parser.
How this patch was created: THD::{db,db_length} were replaced with a
LEX_STRING, THD::db. All the places that refer to THD::{db,db_length} were
manually checked and:
- if the place uses thd->db by pointer, it was fixed to make a deep copy
- if a place compared two db pointers, it was fixed to compare them by value
(via strcmp/my_strcasecmp, whatever was approproate)
Then this intermediate patch was used to write a smaller patch that does the
same thing but without a rename.
TODO in 5.1:
- remove check_db_used
- deploy THD::set_db in mysql_change_db
See also comments to individual files.
2006-06-27 00:47:52 +04:00
|
|
|
LEX_STRING db;
|
2007-08-14 20:31:06 -06:00
|
|
|
if (check_routine_name(&$1))
|
2006-01-11 15:11:05 +01:00
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2007-07-05 11:34:04 +04:00
|
|
|
if (lex->copy_db_to(&db.str, &db.length))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= new sp_name(db, $1, false);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$->init_qname(thd);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_a_chistics:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ {}
|
|
|
|
| sp_a_chistics sp_chistic {}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_c_chistics:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ {}
|
|
|
|
| sp_c_chistics sp_c_chistic {}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
/* Characteristics for both create and alter */
|
|
|
|
sp_chistic:
|
2007-08-14 20:31:06 -06:00
|
|
|
COMMENT_SYM TEXT_STRING_sys
|
|
|
|
{ Lex->sp_chistics.comment= $2; }
|
|
|
|
| LANGUAGE_SYM SQL_SYM
|
|
|
|
{ /* Just parse it, we only have one language for now. */ }
|
|
|
|
| NO_SYM SQL_SYM
|
|
|
|
{ Lex->sp_chistics.daccess= SP_NO_SQL; }
|
|
|
|
| CONTAINS_SYM SQL_SYM
|
|
|
|
{ Lex->sp_chistics.daccess= SP_CONTAINS_SQL; }
|
|
|
|
| READS_SYM SQL_SYM DATA_SYM
|
|
|
|
{ Lex->sp_chistics.daccess= SP_READS_SQL_DATA; }
|
|
|
|
| MODIFIES_SYM SQL_SYM DATA_SYM
|
|
|
|
{ Lex->sp_chistics.daccess= SP_MODIFIES_SQL_DATA; }
|
|
|
|
| sp_suid
|
|
|
|
{}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
/* Create characteristics */
|
|
|
|
sp_c_chistic:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_chistic { }
|
|
|
|
| DETERMINISTIC_SYM { Lex->sp_chistics.detistic= TRUE; }
|
|
|
|
| not DETERMINISTIC_SYM { Lex->sp_chistics.detistic= FALSE; }
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_suid:
|
2007-08-14 20:31:06 -06:00
|
|
|
SQL_SYM SECURITY_SYM DEFINER_SYM
|
|
|
|
{
|
|
|
|
Lex->sp_chistics.suid= SP_IS_SUID;
|
|
|
|
}
|
|
|
|
| SQL_SYM SECURITY_SYM INVOKER_SYM
|
|
|
|
{
|
|
|
|
Lex->sp_chistics.suid= SP_IS_NOT_SUID;
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
call:
|
2007-08-14 20:31:06 -06:00
|
|
|
CALL_SYM sp_name
|
|
|
|
{
|
|
|
|
LEX *lex = Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sql_command= SQLCOM_CALL;
|
|
|
|
lex->spname= $2;
|
|
|
|
lex->value_list.empty();
|
|
|
|
sp_add_used_routine(lex, YYTHD, $2, TYPE_ENUM_PROCEDURE);
|
|
|
|
}
|
Bug#21462 (Stored procedures with no arguments require parenthesis)
The syntax of the CALL statement, to invoke a stored procedure, has been
changed to make the use of parenthesis optional in the argument list.
With this change, "CALL p;" is equivalent to "CALL p();".
While the SQL spec does not explicitely mandate this syntax, supporting it
is needed for practical reasons, for integration with JDBC / ODBC connectors.
Also, warnings in the sql/sql_yacc.yy file, which were not reported by Bison 2.1
but are now reported by Bison 2.2, have been fixed.
The warning found were:
bison -y -p MYSQL -d --debug --verbose sql_yacc.yy
sql_yacc.yy:653.9-18: warning: symbol UNLOCK_SYM redeclared
sql_yacc.yy:656.9-17: warning: symbol UNTIL_SYM redeclared
sql_yacc.yy:658.9-18: warning: symbol UPDATE_SYM redeclared
sql_yacc.yy:5169.11-5174.11: warning: unused value: $2
sql_yacc.yy:5208.11-5220.11: warning: unused value: $5
sql_yacc.yy:5221.11-5234.11: warning: unused value: $5
conflicts: 249 shift/reduce
"unused value: $2" correspond to the $$=$1 assignment in the 1st {} block
in table_ref -> join_table {} {},
which does not procude a result ($$) for the rule but an intermediate $2
value for the action instead.
"unused value: $5" are similar, with $$ assignments in {} actions blocks
which are not for the final reduce.
2006-10-09 09:59:02 -07:00
|
|
|
opt_sp_cparam_list {}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
/* CALL parameters */
|
Bug#21462 (Stored procedures with no arguments require parenthesis)
The syntax of the CALL statement, to invoke a stored procedure, has been
changed to make the use of parenthesis optional in the argument list.
With this change, "CALL p;" is equivalent to "CALL p();".
While the SQL spec does not explicitely mandate this syntax, supporting it
is needed for practical reasons, for integration with JDBC / ODBC connectors.
Also, warnings in the sql/sql_yacc.yy file, which were not reported by Bison 2.1
but are now reported by Bison 2.2, have been fixed.
The warning found were:
bison -y -p MYSQL -d --debug --verbose sql_yacc.yy
sql_yacc.yy:653.9-18: warning: symbol UNLOCK_SYM redeclared
sql_yacc.yy:656.9-17: warning: symbol UNTIL_SYM redeclared
sql_yacc.yy:658.9-18: warning: symbol UPDATE_SYM redeclared
sql_yacc.yy:5169.11-5174.11: warning: unused value: $2
sql_yacc.yy:5208.11-5220.11: warning: unused value: $5
sql_yacc.yy:5221.11-5234.11: warning: unused value: $5
conflicts: 249 shift/reduce
"unused value: $2" correspond to the $$=$1 assignment in the 1st {} block
in table_ref -> join_table {} {},
which does not procude a result ($$) for the rule but an intermediate $2
value for the action instead.
"unused value: $5" are similar, with $$ assignments in {} actions blocks
which are not for the final reduce.
2006-10-09 09:59:02 -07:00
|
|
|
opt_sp_cparam_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */
|
|
|
|
| '(' opt_sp_cparams ')'
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
Bug#21462 (Stored procedures with no arguments require parenthesis)
The syntax of the CALL statement, to invoke a stored procedure, has been
changed to make the use of parenthesis optional in the argument list.
With this change, "CALL p;" is equivalent to "CALL p();".
While the SQL spec does not explicitely mandate this syntax, supporting it
is needed for practical reasons, for integration with JDBC / ODBC connectors.
Also, warnings in the sql/sql_yacc.yy file, which were not reported by Bison 2.1
but are now reported by Bison 2.2, have been fixed.
The warning found were:
bison -y -p MYSQL -d --debug --verbose sql_yacc.yy
sql_yacc.yy:653.9-18: warning: symbol UNLOCK_SYM redeclared
sql_yacc.yy:656.9-17: warning: symbol UNTIL_SYM redeclared
sql_yacc.yy:658.9-18: warning: symbol UPDATE_SYM redeclared
sql_yacc.yy:5169.11-5174.11: warning: unused value: $2
sql_yacc.yy:5208.11-5220.11: warning: unused value: $5
sql_yacc.yy:5221.11-5234.11: warning: unused value: $5
conflicts: 249 shift/reduce
"unused value: $2" correspond to the $$=$1 assignment in the 1st {} block
in table_ref -> join_table {} {},
which does not procude a result ($$) for the rule but an intermediate $2
value for the action instead.
"unused value: $5" are similar, with $$ assignments in {} actions blocks
which are not for the final reduce.
2006-10-09 09:59:02 -07:00
|
|
|
opt_sp_cparams:
|
|
|
|
/* Empty */
|
|
|
|
| sp_cparams
|
|
|
|
;
|
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
sp_cparams:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_cparams ',' expr
|
|
|
|
{
|
|
|
|
Lex->value_list.push_back($3);
|
|
|
|
}
|
|
|
|
| expr
|
|
|
|
{
|
|
|
|
Lex->value_list.push_back($1);
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
/* Stored FUNCTION parameter declaration list */
|
|
|
|
sp_fdparam_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */
|
|
|
|
| sp_fdparams
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_fdparams:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_fdparams ',' sp_fdparam
|
|
|
|
| sp_fdparam
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2005-12-07 17:01:17 +03:00
|
|
|
sp_init_param:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
|
|
|
|
lex->length= 0;
|
|
|
|
lex->dec= 0;
|
|
|
|
lex->type= 0;
|
|
|
|
|
|
|
|
lex->default_value= 0;
|
|
|
|
lex->on_update_value= 0;
|
|
|
|
|
|
|
|
lex->comment= null_lex_str;
|
|
|
|
lex->charset= NULL;
|
|
|
|
|
|
|
|
lex->interval_list.empty();
|
|
|
|
lex->uint_geom_type= 0;
|
|
|
|
}
|
|
|
|
;
|
2005-12-07 17:01:17 +03:00
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
sp_fdparam:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident sp_init_param type
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_pcontext *spc= lex->spcont;
|
|
|
|
|
|
|
|
if (spc->find_variable(&$1, TRUE))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_DUP_PARAM, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-04-07 16:53:15 +02:00
|
|
|
sp_variable_t *spvar= spc->push_variable(&$1,
|
|
|
|
(enum enum_field_types)$3,
|
|
|
|
sp_param_in);
|
2005-12-07 17:01:17 +03:00
|
|
|
|
|
|
|
if (lex->sphead->fill_field_definition(YYTHD, lex,
|
|
|
|
(enum enum_field_types) $3,
|
2006-04-07 16:53:15 +02:00
|
|
|
&spvar->field_def))
|
2005-12-07 17:01:17 +03:00
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-12-07 17:01:17 +03:00
|
|
|
}
|
2006-04-07 16:53:15 +02:00
|
|
|
spvar->field_def.field_name= spvar->name.str;
|
|
|
|
spvar->field_def.pack_flag |= FIELDFLAG_MAYBE_NULL;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
/* Stored PROCEDURE parameter declaration list */
|
|
|
|
sp_pdparam_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */
|
|
|
|
| sp_pdparams
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_pdparams:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_pdparams ',' sp_pdparam
|
|
|
|
| sp_pdparam
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_pdparam:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_opt_inout sp_init_param ident type
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_pcontext *spc= lex->spcont;
|
|
|
|
|
|
|
|
if (spc->find_variable(&$3, TRUE))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_DUP_PARAM, MYF(0), $3.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-04-07 16:53:15 +02:00
|
|
|
sp_variable_t *spvar= spc->push_variable(&$3,
|
|
|
|
(enum enum_field_types)$4,
|
|
|
|
(sp_param_mode_t)$1);
|
2005-12-07 17:01:17 +03:00
|
|
|
|
|
|
|
if (lex->sphead->fill_field_definition(YYTHD, lex,
|
|
|
|
(enum enum_field_types) $4,
|
2006-04-07 16:53:15 +02:00
|
|
|
&spvar->field_def))
|
2005-12-07 17:01:17 +03:00
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-12-07 17:01:17 +03:00
|
|
|
}
|
2006-04-07 16:53:15 +02:00
|
|
|
spvar->field_def.field_name= spvar->name.str;
|
|
|
|
spvar->field_def.pack_flag |= FIELDFLAG_MAYBE_NULL;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_opt_inout:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ { $$= sp_param_in; }
|
|
|
|
| IN_SYM { $$= sp_param_in; }
|
|
|
|
| OUT_SYM { $$= sp_param_out; }
|
|
|
|
| INOUT_SYM { $$= sp_param_inout; }
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_proc_stmts:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ {}
|
|
|
|
| sp_proc_stmts sp_proc_stmt ';'
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_proc_stmts1:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_proc_stmt ';' {}
|
|
|
|
| sp_proc_stmts1 sp_proc_stmt ';'
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_decls:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */
|
|
|
|
{
|
|
|
|
$$.vars= $$.conds= $$.hndlrs= $$.curs= 0;
|
|
|
|
}
|
|
|
|
| sp_decls sp_decl ';'
|
|
|
|
{
|
|
|
|
/* We check for declarations out of (standard) order this way
|
|
|
|
because letting the grammar rules reflect it caused tricky
|
|
|
|
shift/reduce conflicts with the wrong result. (And we get
|
|
|
|
better error handling this way.) */
|
|
|
|
if (($2.vars || $2.conds) && ($1.curs || $1.hndlrs))
|
|
|
|
{ /* Variable or condition following cursor or handler */
|
|
|
|
my_message(ER_SP_VARCOND_AFTER_CURSHNDLR,
|
2004-11-12 14:34:00 +02:00
|
|
|
ER(ER_SP_VARCOND_AFTER_CURSHNDLR), MYF(0));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if ($2.curs && $1.hndlrs)
|
|
|
|
{ /* Cursor following handler */
|
|
|
|
my_message(ER_SP_CURSOR_AFTER_HANDLER,
|
2004-11-12 14:34:00 +02:00
|
|
|
ER(ER_SP_CURSOR_AFTER_HANDLER), MYF(0));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
$$.vars= $1.vars + $2.vars;
|
|
|
|
$$.conds= $1.conds + $2.conds;
|
|
|
|
$$.hndlrs= $1.hndlrs + $2.hndlrs;
|
|
|
|
$$.curs= $1.curs + $2.curs;
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_decl:
|
2005-12-07 17:01:17 +03:00
|
|
|
DECLARE_SYM sp_decl_idents
|
2005-11-01 14:58:52 +01:00
|
|
|
{
|
2005-12-02 14:30:42 +01:00
|
|
|
LEX *lex= Lex;
|
2005-11-01 14:58:52 +01:00
|
|
|
|
2005-12-02 14:30:42 +01:00
|
|
|
lex->sphead->reset_lex(YYTHD);
|
|
|
|
lex->spcont->declare_var_boundary($2);
|
|
|
|
}
|
2005-12-07 17:01:17 +03:00
|
|
|
type
|
2005-03-04 16:35:28 +03:00
|
|
|
sp_opt_default
|
2005-09-13 12:50:21 +02:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
THD *thd= YYTHD;
|
2005-09-13 12:50:21 +02:00
|
|
|
LEX *lex= Lex;
|
2005-12-07 17:01:17 +03:00
|
|
|
sp_pcontext *pctx= lex->spcont;
|
2006-04-07 16:53:15 +02:00
|
|
|
uint num_vars= pctx->context_var_count();
|
2005-12-07 17:01:17 +03:00
|
|
|
enum enum_field_types var_type= (enum enum_field_types) $4;
|
|
|
|
Item *dflt_value_item= $5;
|
|
|
|
|
|
|
|
if (!dflt_value_item)
|
2005-09-13 12:50:21 +02:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
dflt_value_item= new (thd->mem_root) Item_null();
|
|
|
|
if (dflt_value_item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2005-12-07 17:01:17 +03:00
|
|
|
/* QQ Set to the var_type with null_value? */
|
|
|
|
}
|
|
|
|
|
|
|
|
for (uint i = num_vars-$2 ; i < num_vars ; i++)
|
|
|
|
{
|
2006-04-07 16:53:15 +02:00
|
|
|
uint var_idx= pctx->var_context2runtime(i);
|
|
|
|
sp_variable_t *spvar= pctx->find_variable(var_idx);
|
2005-12-07 17:01:17 +03:00
|
|
|
|
2006-04-07 16:53:15 +02:00
|
|
|
if (!spvar)
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-12-07 17:01:17 +03:00
|
|
|
|
2006-04-07 16:53:15 +02:00
|
|
|
spvar->type= var_type;
|
|
|
|
spvar->dflt= dflt_value_item;
|
2005-12-07 17:01:17 +03:00
|
|
|
|
|
|
|
if (lex->sphead->fill_field_definition(YYTHD, lex, var_type,
|
2006-04-07 16:53:15 +02:00
|
|
|
&spvar->field_def))
|
2005-12-07 17:01:17 +03:00
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-12-07 17:01:17 +03:00
|
|
|
}
|
|
|
|
|
2006-04-07 16:53:15 +02:00
|
|
|
spvar->field_def.field_name= spvar->name.str;
|
|
|
|
spvar->field_def.pack_flag |= FIELDFLAG_MAYBE_NULL;
|
2005-12-07 17:01:17 +03:00
|
|
|
|
|
|
|
/* The last instruction is responsible for freeing LEX. */
|
|
|
|
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
sp_instr_set *is= new sp_instr_set(lex->sphead->instructions(),
|
|
|
|
pctx,
|
|
|
|
var_idx,
|
|
|
|
dflt_value_item,
|
|
|
|
var_type,
|
|
|
|
lex,
|
|
|
|
(i == num_vars - 1));
|
2008-11-21 17:38:42 +04:00
|
|
|
if (is == NULL ||
|
|
|
|
lex->sphead->add_instr(is))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2005-09-13 12:50:21 +02:00
|
|
|
}
|
2005-12-07 17:01:17 +03:00
|
|
|
|
|
|
|
pctx->declare_var_boundary(0);
|
2005-03-04 16:35:28 +03:00
|
|
|
lex->sphead->restore_lex(YYTHD);
|
2005-12-07 17:01:17 +03:00
|
|
|
|
2005-09-13 12:50:21 +02:00
|
|
|
$$.vars= $2;
|
|
|
|
$$.conds= $$.hndlrs= $$.curs= 0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DECLARE_SYM ident CONDITION_SYM FOR_SYM sp_cond
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_pcontext *spc= lex->spcont;
|
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
if (spc->find_cond(&$2, TRUE))
|
|
|
|
{
|
2004-11-13 19:35:51 +02:00
|
|
|
my_error(ER_SP_DUP_COND, MYF(0), $2.str);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2008-11-21 17:38:42 +04:00
|
|
|
if(YYTHD->lex->spcont->push_cond(&$2, $5))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$.vars= $$.hndlrs= $$.curs= 0;
|
|
|
|
$$.conds= 1;
|
|
|
|
}
|
|
|
|
| DECLARE_SYM sp_handler_type HANDLER_SYM FOR_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
Bug#26503 (Illegal SQL exception handler code causes the server to crash)
Before this fix, the parser would accept illegal code in SQL exceptions
handlers, that later causes the runtime to crash when executing the code,
due to memory violations in the exception handler stack.
The root cause of the problem is instructions within an exception handler
that jumps to code located outside of the handler. This is illegal according
to the SQL 2003 standard, since labels located outside the handler are not
supposed to be visible (they are "out of scope"), so any instruction that
jumps to these labels, like ITERATE or LEAVE, should not parse.
The section of the standard that is relevant for this is :
SQL:2003 SQL/PSM (ISO/IEC 9075-4:2003)
section 13.1 <compound statement>,
syntax rule 4
<quote>
The scope of the <beginning label> is CS excluding every <SQL schema
statement> contained in CS and excluding every
<local handler declaration list> contained in CS. <beginning label> shall
not be equivalent to any other <beginning label>s within that scope.
</quote>
With this fix, the C++ class sp_pcontext, which represent the "parsing
context" tree (a.k.a symbol table) of a stored procedure, has been changed
as follows:
- constructors have been cleaned up, so that only building a root node for
the tree is public; building nodes inside a tree is not public.
- a new member, m_label_scope, indicates if a given syntactic context
belongs to a DECLARE HANDLER block,
- label resolution, in the method find_label(), has been changed to
implement the restriction of scope regarding labels used in a compound
statement.
The actions in the parser, when parsing the body of a SQL exception handler,
have been changed as follows:
- the implementation of an exception handler (DECLARE HANDLER) now creates
explicitly a new sp_pcontext, to isolate the code inside the handler from
the containing compound statement context.
- registering exception handlers as a result occurs in the parent context,
see the rule sp_hcond_element
- the code in sp_hcond_list has been cleaned up, to avoid code duplication
In addition, the flags IN_SIMPLE_CASE and IN_HANDLER, declared in sp_head.h
have been removed, since they are unused and broken by design (as seen with
Bug 19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation), representing a stack in a single flag is not possible.
Tests in sp-error have been added to show that illegal constructs are now
rejected.
Tests in sp have been added for code coverage, to show that ITERATE or LEAVE
statements are legal when jumping to a label in scope, inside the body of
an exception handler.
2007-03-14 12:02:32 -06:00
|
|
|
|
|
|
|
lex->spcont= lex->spcont->push_context(LABEL_HANDLER_SCOPE);
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
sp_instr_hpush_jump *i=
|
2004-11-11 19:01:46 -08:00
|
|
|
new sp_instr_hpush_jump(sp->instructions(), ctx, $2,
|
2006-04-07 16:53:15 +02:00
|
|
|
ctx->current_var_count());
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
2009-04-29 07:59:10 +05:00
|
|
|
sp->add_instr(i) ||
|
|
|
|
sp->push_backpatch(i, ctx->push_label((char *)"", 0)))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
sp_hcond_list sp_proc_stmt
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
sp_label_t *hlab= lex->spcont->pop_label(); /* After this hdlr */
|
|
|
|
sp_instr_hreturn *i;
|
|
|
|
|
|
|
|
if ($2 == SP_HANDLER_CONTINUE)
|
|
|
|
{
|
|
|
|
i= new sp_instr_hreturn(sp->instructions(), ctx,
|
|
|
|
ctx->current_var_count());
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{ /* EXIT or UNDO handler, just jump to the end of the block */
|
|
|
|
i= new sp_instr_hreturn(sp->instructions(), ctx, 0);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i) ||
|
|
|
|
sp->push_backpatch(i, lex->spcont->last_label())) /* Block end */
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
lex->sphead->backpatch(hlab);
|
Bug#26503 (Illegal SQL exception handler code causes the server to crash)
Before this fix, the parser would accept illegal code in SQL exceptions
handlers, that later causes the runtime to crash when executing the code,
due to memory violations in the exception handler stack.
The root cause of the problem is instructions within an exception handler
that jumps to code located outside of the handler. This is illegal according
to the SQL 2003 standard, since labels located outside the handler are not
supposed to be visible (they are "out of scope"), so any instruction that
jumps to these labels, like ITERATE or LEAVE, should not parse.
The section of the standard that is relevant for this is :
SQL:2003 SQL/PSM (ISO/IEC 9075-4:2003)
section 13.1 <compound statement>,
syntax rule 4
<quote>
The scope of the <beginning label> is CS excluding every <SQL schema
statement> contained in CS and excluding every
<local handler declaration list> contained in CS. <beginning label> shall
not be equivalent to any other <beginning label>s within that scope.
</quote>
With this fix, the C++ class sp_pcontext, which represent the "parsing
context" tree (a.k.a symbol table) of a stored procedure, has been changed
as follows:
- constructors have been cleaned up, so that only building a root node for
the tree is public; building nodes inside a tree is not public.
- a new member, m_label_scope, indicates if a given syntactic context
belongs to a DECLARE HANDLER block,
- label resolution, in the method find_label(), has been changed to
implement the restriction of scope regarding labels used in a compound
statement.
The actions in the parser, when parsing the body of a SQL exception handler,
have been changed as follows:
- the implementation of an exception handler (DECLARE HANDLER) now creates
explicitly a new sp_pcontext, to isolate the code inside the handler from
the containing compound statement context.
- registering exception handlers as a result occurs in the parent context,
see the rule sp_hcond_element
- the code in sp_hcond_list has been cleaned up, to avoid code duplication
In addition, the flags IN_SIMPLE_CASE and IN_HANDLER, declared in sp_head.h
have been removed, since they are unused and broken by design (as seen with
Bug 19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation), representing a stack in a single flag is not possible.
Tests in sp-error have been added to show that illegal constructs are now
rejected.
Tests in sp have been added for code coverage, to show that ITERATE or LEAVE
statements are legal when jumping to a label in scope, inside the body of
an exception handler.
2007-03-14 12:02:32 -06:00
|
|
|
|
|
|
|
lex->spcont= ctx->pop_context();
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
$$.vars= $$.conds= $$.curs= 0;
|
|
|
|
$$.hndlrs= $6;
|
|
|
|
lex->spcont->add_handlers($6);
|
|
|
|
}
|
|
|
|
| DECLARE_SYM ident CURSOR_SYM FOR_SYM sp_cursor_stmt
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
uint offp;
|
|
|
|
sp_instr_cpush *i;
|
|
|
|
|
|
|
|
if (ctx->find_cursor(&$2, &offp, TRUE))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_DUP_CURS, MYF(0), $2.str);
|
|
|
|
delete $5;
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-11-17 11:11:48 +01:00
|
|
|
i= new sp_instr_cpush(sp->instructions(), ctx, $5,
|
2006-04-07 16:53:15 +02:00
|
|
|
ctx->current_cursor_count());
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i) ||
|
|
|
|
ctx->push_cursor(&$2))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$.vars= $$.conds= $$.hndlrs= 0;
|
|
|
|
$$.curs= 1;
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_cursor_stmt:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Lex->sphead->reset_lex(YYTHD);
|
|
|
|
}
|
2007-10-11 17:38:40 -03:00
|
|
|
select
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-10-11 17:38:40 -03:00
|
|
|
DBUG_ASSERT(lex->sql_command == SQLCOM_SELECT);
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->result)
|
|
|
|
{
|
|
|
|
my_message(ER_SP_BAD_CURSOR_SELECT, ER(ER_SP_BAD_CURSOR_SELECT),
|
2004-11-12 14:34:00 +02:00
|
|
|
MYF(0));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sp_lex_in_use= TRUE;
|
|
|
|
$$= lex;
|
|
|
|
lex->sphead->restore_lex(YYTHD);
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_handler_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
EXIT_SYM { $$= SP_HANDLER_EXIT; }
|
|
|
|
| CONTINUE_SYM { $$= SP_HANDLER_CONTINUE; }
|
|
|
|
/*| UNDO_SYM { QQ No yet } */
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_hcond_list:
|
Bug#26503 (Illegal SQL exception handler code causes the server to crash)
Before this fix, the parser would accept illegal code in SQL exceptions
handlers, that later causes the runtime to crash when executing the code,
due to memory violations in the exception handler stack.
The root cause of the problem is instructions within an exception handler
that jumps to code located outside of the handler. This is illegal according
to the SQL 2003 standard, since labels located outside the handler are not
supposed to be visible (they are "out of scope"), so any instruction that
jumps to these labels, like ITERATE or LEAVE, should not parse.
The section of the standard that is relevant for this is :
SQL:2003 SQL/PSM (ISO/IEC 9075-4:2003)
section 13.1 <compound statement>,
syntax rule 4
<quote>
The scope of the <beginning label> is CS excluding every <SQL schema
statement> contained in CS and excluding every
<local handler declaration list> contained in CS. <beginning label> shall
not be equivalent to any other <beginning label>s within that scope.
</quote>
With this fix, the C++ class sp_pcontext, which represent the "parsing
context" tree (a.k.a symbol table) of a stored procedure, has been changed
as follows:
- constructors have been cleaned up, so that only building a root node for
the tree is public; building nodes inside a tree is not public.
- a new member, m_label_scope, indicates if a given syntactic context
belongs to a DECLARE HANDLER block,
- label resolution, in the method find_label(), has been changed to
implement the restriction of scope regarding labels used in a compound
statement.
The actions in the parser, when parsing the body of a SQL exception handler,
have been changed as follows:
- the implementation of an exception handler (DECLARE HANDLER) now creates
explicitly a new sp_pcontext, to isolate the code inside the handler from
the containing compound statement context.
- registering exception handlers as a result occurs in the parent context,
see the rule sp_hcond_element
- the code in sp_hcond_list has been cleaned up, to avoid code duplication
In addition, the flags IN_SIMPLE_CASE and IN_HANDLER, declared in sp_head.h
have been removed, since they are unused and broken by design (as seen with
Bug 19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation), representing a stack in a single flag is not possible.
Tests in sp-error have been added to show that illegal constructs are now
rejected.
Tests in sp have been added for code coverage, to show that ITERATE or LEAVE
statements are legal when jumping to a label in scope, inside the body of
an exception handler.
2007-03-14 12:02:32 -06:00
|
|
|
sp_hcond_element
|
|
|
|
{ $$= 1; }
|
|
|
|
| sp_hcond_list ',' sp_hcond_element
|
|
|
|
{ $$+= 1; }
|
|
|
|
;
|
|
|
|
|
|
|
|
sp_hcond_element:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_hcond
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont->parent_context();
|
|
|
|
|
|
|
|
if (ctx->find_handler($1))
|
|
|
|
{
|
|
|
|
my_message(ER_SP_DUP_HANDLER, ER(ER_SP_DUP_HANDLER), MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
sp_instr_hpush_jump *i=
|
2005-04-08 19:58:04 +02:00
|
|
|
(sp_instr_hpush_jump *)sp->last_instruction();
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
i->add_condition($1);
|
|
|
|
ctx->push_handler($1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_cond:
|
2007-08-14 20:31:06 -06:00
|
|
|
ulong_num
|
|
|
|
{ /* mysql errno */
|
|
|
|
$$= (sp_cond_type_t *)YYTHD->alloc(sizeof(sp_cond_type_t));
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$->type= sp_cond_type_t::number;
|
|
|
|
$$->mysqlerr= $1;
|
|
|
|
}
|
|
|
|
| SQLSTATE_SYM opt_value TEXT_STRING_literal
|
|
|
|
{ /* SQLSTATE */
|
|
|
|
if (!sp_cond_check(&$3))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BAD_SQLSTATE, MYF(0), $3.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
$$= (sp_cond_type_t *)YYTHD->alloc(sizeof(sp_cond_type_t));
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$->type= sp_cond_type_t::state;
|
|
|
|
memcpy($$->sqlstate, $3.str, 5);
|
|
|
|
$$->sqlstate[5]= '\0';
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
opt_value:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ {}
|
|
|
|
| VALUE_SYM {}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_hcond:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_cond
|
|
|
|
{
|
|
|
|
$$= $1;
|
|
|
|
}
|
|
|
|
| ident /* CONDITION name */
|
|
|
|
{
|
|
|
|
$$= Lex->spcont->find_cond(&$1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_COND_MISMATCH, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| SQLWARNING_SYM /* SQLSTATEs 01??? */
|
|
|
|
{
|
|
|
|
$$= (sp_cond_type_t *)YYTHD->alloc(sizeof(sp_cond_type_t));
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$->type= sp_cond_type_t::warning;
|
|
|
|
}
|
|
|
|
| not FOUND_SYM /* SQLSTATEs 02??? */
|
|
|
|
{
|
|
|
|
$$= (sp_cond_type_t *)YYTHD->alloc(sizeof(sp_cond_type_t));
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$->type= sp_cond_type_t::notfound;
|
|
|
|
}
|
|
|
|
| SQLEXCEPTION_SYM /* All other SQLSTATEs */
|
|
|
|
{
|
|
|
|
$$= (sp_cond_type_t *)YYTHD->alloc(sizeof(sp_cond_type_t));
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$->type= sp_cond_type_t::exception;
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_decl_idents:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
2005-12-07 17:01:17 +03:00
|
|
|
/* NOTE: field definition is filled in sp_decl section. */
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_pcontext *spc= lex->spcont;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (spc->find_variable(&$1, TRUE))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_DUP_VAR, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
spc->push_variable(&$1, (enum_field_types)0, sp_param_in);
|
|
|
|
$$= 1;
|
|
|
|
}
|
|
|
|
| sp_decl_idents ',' ident
|
|
|
|
{
|
2005-12-07 17:01:17 +03:00
|
|
|
/* NOTE: field definition is filled in sp_decl section. */
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_pcontext *spc= lex->spcont;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (spc->find_variable(&$3, TRUE))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_DUP_VAR, MYF(0), $3.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
spc->push_variable(&$3, (enum_field_types)0, sp_param_in);
|
|
|
|
$$= $1 + 1;
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_opt_default:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ { $$ = NULL; }
|
2004-11-11 19:01:46 -08:00
|
|
|
| DEFAULT expr { $$ = $2; }
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_proc_stmt:
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_proc_stmt_statement
|
2005-12-02 13:07:02 +01:00
|
|
|
| sp_proc_stmt_return
|
2007-08-14 20:31:06 -06:00
|
|
|
| sp_proc_stmt_if
|
|
|
|
| case_stmt_specification
|
2008-01-23 16:21:09 -07:00
|
|
|
| sp_labeled_block
|
|
|
|
| sp_unlabeled_block
|
2007-08-14 20:31:06 -06:00
|
|
|
| sp_labeled_control
|
|
|
|
| sp_proc_stmt_unlabeled
|
|
|
|
| sp_proc_stmt_leave
|
|
|
|
| sp_proc_stmt_iterate
|
|
|
|
| sp_proc_stmt_open
|
|
|
|
| sp_proc_stmt_fetch
|
2005-12-02 13:07:02 +01:00
|
|
|
| sp_proc_stmt_close
|
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_if:
|
2007-08-14 20:31:06 -06:00
|
|
|
IF
|
|
|
|
{ Lex->sphead->new_cont_backpatch(NULL); }
|
|
|
|
sp_if END IF
|
|
|
|
{ Lex->sphead->do_cont_backpatch(); }
|
2005-12-02 13:07:02 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_statement:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2007-04-25 21:38:12 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 15:41:30 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sphead->reset_lex(thd);
|
Bug#25411 (trigger code truncated), PART II
Bug 28127 (Some valid identifiers names are not parsed correctly)
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
This patch is the second part of a major cleanup, required to fix
Bug 25411 (trigger code truncated).
The root cause of the issue stems from the function skip_rear_comments,
which was a work around to remove "extra" "*/" characters from the query
text, when parsing a query and reusing the text fragments to represent a
view, trigger, function or stored procedure.
The reason for this work around is that "special comments",
like /*!50002 XXX */, were not parsed properly, so that a query like:
AAA /*!50002 BBB */ CCC
would be seen by the parser as "AAA BBB */ CCC" when the current version
is greater or equal to 5.0.2
The root cause of this stems from how special comments are parsed.
Special comments are really out-of-bound text that appear inside a query,
that affects how the parser behave.
In nature, /*!50002 XXX */ in MySQL is similar to the C concept
of preprocessing :
#if VERSION >= 50002
XXX
#endif
Depending on the current VERSION of the server, either the special comment
should be expanded or it should be ignored, but in all cases the "text" of
the query should be re-written to strip the "/*!50002" and "*/" markers,
which does not belong to the SQL language itself.
Prior to this fix, these markers would leak into :
- the storage format for VIEW,
- the storage format for FUNCTION,
- the storage format for FUNCTION parameters, in mysql.proc (param_list),
- the storage format for PROCEDURE,
- the storage format for PROCEDURE parameters, in mysql.proc (param_list),
- the storage format for TRIGGER,
- the binary log used for replication.
In all cases, not only this cause format corruption, but also provide a vector
for dormant security issues, by allowing to tunnel code that will be activated
after an upgrade.
The proper solution is to deal with special comments strictly during parsing,
when accepting a query from the outside world.
Once a query is parsed and an object is created with a persistant
representation, this object should not arbitrarily mutate after an upgrade.
In short, special comments are a useful but limited feature for MYSQLdump,
when used at an *interface* level to facilitate import/export,
but bloating the server *internal* storage format is *not* the proper way
to deal with configuration management of the user logic.
With this fix:
- the Lex_input_stream class now acts as a comment pre-processor,
and either expands or ignore special comments on the fly.
- MYSQLlex and sql_yacc.yy have been cleaned up to strictly use the
public interface of Lex_input_stream. In particular, how the input stream
accepts or rejects a character is private to Lex_input_stream, and the
internal buffer pointers of that class are strictly private, and should not
be tempered with during parsing.
This caused many changes mostly in sql_lex.cc.
During the code cleanup in case MY_LEX_NUMBER_IDENT,
Bug 28127 (Some valid identifiers names are not parsed correctly)
was found and fixed.
By parsing special comments properly, and removing the function
'skip_rear_comments' [sic],
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
has been fixed as well.
2007-06-12 15:23:58 -06:00
|
|
|
lex->sphead->m_tmp_query= lip->get_tok_start();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
statement
|
|
|
|
{
|
2007-04-25 21:38:12 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 15:41:30 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_head *sp= lex->sphead;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
Implement WL#2661 "Prepared Statements: Dynamic SQL in Stored Procedures".
The idea of the patch is to separate statement processing logic,
such as parsing, validation of the parsed tree, execution and cleanup,
from global query processing logic, such as logging, resetting
priorities of a thread, resetting stored procedure cache, resetting
thread count of errors and warnings.
This makes PREPARE and EXECUTE behave similarly to the rest of SQL
statements and allows their use in stored procedures.
This patch contains a change in behaviour:
until recently for each SQL prepared statement command, 2 queries
were written to the general log, e.g.
[Query] prepare stmt from @stmt_text;
[Prepare] select * from t1 <-- contents of @stmt_text
The chagne was necessary to prevent [Prepare] commands from being written
to the general log when executing a stored procedure with Dynamic SQL.
We should consider whether the old behavior is preferrable and probably
restore it.
This patch refixes Bug#7115, Bug#10975 (partially), Bug#10605 (various bugs
in Dynamic SQL reported before it was disabled).
2005-09-03 03:13:18 +04:00
|
|
|
sp->m_flags|= sp_get_flags_for_command(lex);
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sql_command == SQLCOM_CHANGE_DB)
|
|
|
|
{ /* "USE db" doesn't work in a procedure */
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "USE");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
/*
|
2005-03-04 16:35:28 +03:00
|
|
|
Don't add an instruction for SET statements, since all
|
|
|
|
instructions for them were already added during processing
|
|
|
|
of "set" rule.
|
2007-08-14 20:31:06 -06:00
|
|
|
*/
|
2005-03-04 16:35:28 +03:00
|
|
|
DBUG_ASSERT(lex->sql_command != SQLCOM_SET_OPTION ||
|
|
|
|
lex->var_list.is_empty());
|
|
|
|
if (lex->sql_command != SQLCOM_SET_OPTION)
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2005-03-04 17:46:45 +03:00
|
|
|
sp_instr_stmt *i=new sp_instr_stmt(sp->instructions(),
|
|
|
|
lex->spcont, lex);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (i == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2005-02-08 20:52:50 +01:00
|
|
|
|
2006-07-07 21:24:54 +04:00
|
|
|
/*
|
|
|
|
Extract the query statement from the tokenizer. The
|
|
|
|
end is either lex->ptr, if there was no lookahead,
|
|
|
|
lex->tok_end otherwise.
|
|
|
|
*/
|
|
|
|
if (yychar == YYEMPTY)
|
Bug#25411 (trigger code truncated), PART II
Bug 28127 (Some valid identifiers names are not parsed correctly)
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
This patch is the second part of a major cleanup, required to fix
Bug 25411 (trigger code truncated).
The root cause of the issue stems from the function skip_rear_comments,
which was a work around to remove "extra" "*/" characters from the query
text, when parsing a query and reusing the text fragments to represent a
view, trigger, function or stored procedure.
The reason for this work around is that "special comments",
like /*!50002 XXX */, were not parsed properly, so that a query like:
AAA /*!50002 BBB */ CCC
would be seen by the parser as "AAA BBB */ CCC" when the current version
is greater or equal to 5.0.2
The root cause of this stems from how special comments are parsed.
Special comments are really out-of-bound text that appear inside a query,
that affects how the parser behave.
In nature, /*!50002 XXX */ in MySQL is similar to the C concept
of preprocessing :
#if VERSION >= 50002
XXX
#endif
Depending on the current VERSION of the server, either the special comment
should be expanded or it should be ignored, but in all cases the "text" of
the query should be re-written to strip the "/*!50002" and "*/" markers,
which does not belong to the SQL language itself.
Prior to this fix, these markers would leak into :
- the storage format for VIEW,
- the storage format for FUNCTION,
- the storage format for FUNCTION parameters, in mysql.proc (param_list),
- the storage format for PROCEDURE,
- the storage format for PROCEDURE parameters, in mysql.proc (param_list),
- the storage format for TRIGGER,
- the binary log used for replication.
In all cases, not only this cause format corruption, but also provide a vector
for dormant security issues, by allowing to tunnel code that will be activated
after an upgrade.
The proper solution is to deal with special comments strictly during parsing,
when accepting a query from the outside world.
Once a query is parsed and an object is created with a persistant
representation, this object should not arbitrarily mutate after an upgrade.
In short, special comments are a useful but limited feature for MYSQLdump,
when used at an *interface* level to facilitate import/export,
but bloating the server *internal* storage format is *not* the proper way
to deal with configuration management of the user logic.
With this fix:
- the Lex_input_stream class now acts as a comment pre-processor,
and either expands or ignore special comments on the fly.
- MYSQLlex and sql_yacc.yy have been cleaned up to strictly use the
public interface of Lex_input_stream. In particular, how the input stream
accepts or rejects a character is private to Lex_input_stream, and the
internal buffer pointers of that class are strictly private, and should not
be tempered with during parsing.
This caused many changes mostly in sql_lex.cc.
During the code cleanup in case MY_LEX_NUMBER_IDENT,
Bug 28127 (Some valid identifiers names are not parsed correctly)
was found and fixed.
By parsing special comments properly, and removing the function
'skip_rear_comments' [sic],
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
has been fixed as well.
2007-06-12 15:23:58 -06:00
|
|
|
i->m_query.length= lip->get_ptr() - sp->m_tmp_query;
|
2005-03-04 17:46:45 +03:00
|
|
|
else
|
Bug#25411 (trigger code truncated), PART II
Bug 28127 (Some valid identifiers names are not parsed correctly)
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
This patch is the second part of a major cleanup, required to fix
Bug 25411 (trigger code truncated).
The root cause of the issue stems from the function skip_rear_comments,
which was a work around to remove "extra" "*/" characters from the query
text, when parsing a query and reusing the text fragments to represent a
view, trigger, function or stored procedure.
The reason for this work around is that "special comments",
like /*!50002 XXX */, were not parsed properly, so that a query like:
AAA /*!50002 BBB */ CCC
would be seen by the parser as "AAA BBB */ CCC" when the current version
is greater or equal to 5.0.2
The root cause of this stems from how special comments are parsed.
Special comments are really out-of-bound text that appear inside a query,
that affects how the parser behave.
In nature, /*!50002 XXX */ in MySQL is similar to the C concept
of preprocessing :
#if VERSION >= 50002
XXX
#endif
Depending on the current VERSION of the server, either the special comment
should be expanded or it should be ignored, but in all cases the "text" of
the query should be re-written to strip the "/*!50002" and "*/" markers,
which does not belong to the SQL language itself.
Prior to this fix, these markers would leak into :
- the storage format for VIEW,
- the storage format for FUNCTION,
- the storage format for FUNCTION parameters, in mysql.proc (param_list),
- the storage format for PROCEDURE,
- the storage format for PROCEDURE parameters, in mysql.proc (param_list),
- the storage format for TRIGGER,
- the binary log used for replication.
In all cases, not only this cause format corruption, but also provide a vector
for dormant security issues, by allowing to tunnel code that will be activated
after an upgrade.
The proper solution is to deal with special comments strictly during parsing,
when accepting a query from the outside world.
Once a query is parsed and an object is created with a persistant
representation, this object should not arbitrarily mutate after an upgrade.
In short, special comments are a useful but limited feature for MYSQLdump,
when used at an *interface* level to facilitate import/export,
but bloating the server *internal* storage format is *not* the proper way
to deal with configuration management of the user logic.
With this fix:
- the Lex_input_stream class now acts as a comment pre-processor,
and either expands or ignore special comments on the fly.
- MYSQLlex and sql_yacc.yy have been cleaned up to strictly use the
public interface of Lex_input_stream. In particular, how the input stream
accepts or rejects a character is private to Lex_input_stream, and the
internal buffer pointers of that class are strictly private, and should not
be tempered with during parsing.
This caused many changes mostly in sql_lex.cc.
During the code cleanup in case MY_LEX_NUMBER_IDENT,
Bug 28127 (Some valid identifiers names are not parsed correctly)
was found and fixed.
By parsing special comments properly, and removing the function
'skip_rear_comments' [sic],
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
has been fixed as well.
2007-06-12 15:23:58 -06:00
|
|
|
i->m_query.length= lip->get_tok_end() - sp->m_tmp_query;
|
2008-11-21 17:38:42 +04:00
|
|
|
if (!(i->m_query.str= strmake_root(thd->mem_root,
|
|
|
|
sp->m_tmp_query,
|
|
|
|
i->m_query.length)) ||
|
|
|
|
sp->add_instr(i))
|
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
sp->restore_lex(thd);
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2005-12-02 13:07:02 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_return:
|
2007-08-14 20:31:06 -06:00
|
|
|
RETURN_SYM
|
2005-03-04 16:35:28 +03:00
|
|
|
{ Lex->sphead->reset_lex(YYTHD); }
|
|
|
|
expr
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
|
|
|
|
if (sp->m_type != TYPE_ENUM_FUNCTION)
|
|
|
|
{
|
|
|
|
my_message(ER_SP_BADRETURN, ER(ER_SP_BADRETURN), MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
sp_instr_freturn *i;
|
|
|
|
|
|
|
|
i= new sp_instr_freturn(sp->instructions(), lex->spcont, $3,
|
2005-12-07 17:01:17 +03:00
|
|
|
sp->m_return_field_def.sql_type, lex);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
sp->m_flags|= sp_head::HAS_RETURN;
|
|
|
|
}
|
|
|
|
sp->restore_lex(YYTHD);
|
|
|
|
}
|
2005-12-02 13:07:02 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_unlabeled:
|
2007-08-14 20:31:06 -06:00
|
|
|
{ /* Unlabeled controls get a secret label. */
|
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->spcont->push_label((char *)"", lex->sphead->instructions());
|
|
|
|
}
|
|
|
|
sp_unlabeled_control
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sphead->backpatch(lex->spcont->pop_label());
|
|
|
|
}
|
2005-12-02 13:07:02 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_leave:
|
2007-08-14 20:31:06 -06:00
|
|
|
LEAVE_SYM label_ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp = lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
sp_label_t *lab= ctx->find_label($2.str);
|
|
|
|
|
|
|
|
if (! lab)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_LILABEL_MISMATCH, MYF(0), "LEAVE", $2.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
sp_instr_jump *i;
|
|
|
|
uint ip= sp->instructions();
|
|
|
|
uint n;
|
2008-01-23 16:21:09 -07:00
|
|
|
/*
|
|
|
|
When jumping to a BEGIN-END block end, the target jump
|
|
|
|
points to the block hpop/cpop cleanup instructions,
|
|
|
|
so we should exclude the block context here.
|
|
|
|
When jumping to something else (i.e., SP_LAB_ITER),
|
|
|
|
there are no hpop/cpop at the jump destination,
|
|
|
|
so we should include the block context here for cleanup.
|
|
|
|
*/
|
|
|
|
bool exclusive= (lab->type == SP_LAB_BEGIN);
|
2007-08-14 20:31:06 -06:00
|
|
|
|
2008-01-23 16:21:09 -07:00
|
|
|
n= ctx->diff_handlers(lab->ctx, exclusive);
|
2007-08-14 20:31:06 -06:00
|
|
|
if (n)
|
2008-01-23 16:21:09 -07:00
|
|
|
{
|
|
|
|
sp_instr_hpop *hpop= new sp_instr_hpop(ip++, ctx, n);
|
|
|
|
if (hpop == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
sp->add_instr(hpop);
|
|
|
|
}
|
|
|
|
n= ctx->diff_cursors(lab->ctx, exclusive);
|
2007-08-14 20:31:06 -06:00
|
|
|
if (n)
|
2008-01-23 16:21:09 -07:00
|
|
|
{
|
|
|
|
sp_instr_cpop *cpop= new sp_instr_cpop(ip++, ctx, n);
|
|
|
|
if (cpop == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
sp->add_instr(cpop);
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
i= new sp_instr_jump(ip, ctx);
|
2008-01-23 16:21:09 -07:00
|
|
|
if (i == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
sp->push_backpatch(i, lab); /* Jumping forward */
|
2004-11-11 19:01:46 -08:00
|
|
|
sp->add_instr(i);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
}
|
2005-12-02 13:07:02 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_iterate:
|
2007-08-14 20:31:06 -06:00
|
|
|
ITERATE_SYM label_ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
sp_label_t *lab= ctx->find_label($2.str);
|
|
|
|
|
|
|
|
if (! lab || lab->type != SP_LAB_ITER)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_LILABEL_MISMATCH, MYF(0), "ITERATE", $2.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
sp_instr_jump *i;
|
|
|
|
uint ip= sp->instructions();
|
|
|
|
uint n;
|
|
|
|
|
|
|
|
n= ctx->diff_handlers(lab->ctx, FALSE); /* Inclusive the dest. */
|
|
|
|
if (n)
|
2008-01-23 16:21:09 -07:00
|
|
|
{
|
|
|
|
sp_instr_hpop *hpop= new sp_instr_hpop(ip++, ctx, n);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (hpop == NULL ||
|
2009-04-29 07:59:10 +05:00
|
|
|
sp->add_instr(hpop))
|
2008-01-23 16:21:09 -07:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
n= ctx->diff_cursors(lab->ctx, FALSE); /* Inclusive the dest. */
|
|
|
|
if (n)
|
2008-01-23 16:21:09 -07:00
|
|
|
{
|
|
|
|
sp_instr_cpop *cpop= new sp_instr_cpop(ip++, ctx, n);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (cpop == NULL ||
|
2009-04-29 07:59:10 +05:00
|
|
|
sp->add_instr(cpop))
|
2008-01-23 16:21:09 -07:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
i= new sp_instr_jump(ip, ctx, lab->ip); /* Jump back */
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
}
|
2005-12-02 13:07:02 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_open:
|
2007-08-14 20:31:06 -06:00
|
|
|
OPEN_SYM ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
uint offset;
|
|
|
|
sp_instr_copen *i;
|
|
|
|
|
|
|
|
if (! lex->spcont->find_cursor(&$2, &offset))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_CURSOR_MISMATCH, MYF(0), $2.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
i= new sp_instr_copen(sp->instructions(), lex->spcont, offset);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
2009-04-29 07:59:10 +05:00
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2005-12-02 13:07:02 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_fetch:
|
2007-08-14 20:31:06 -06:00
|
|
|
FETCH_SYM sp_opt_fetch_noise ident INTO
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
uint offset;
|
|
|
|
sp_instr_cfetch *i;
|
|
|
|
|
|
|
|
if (! lex->spcont->find_cursor(&$3, &offset))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_CURSOR_MISMATCH, MYF(0), $3.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
i= new sp_instr_cfetch(sp->instructions(), lex->spcont, offset);
|
2009-04-29 07:59:10 +05:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
sp_fetch_list
|
|
|
|
{}
|
2005-12-02 13:07:02 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_proc_stmt_close:
|
2007-08-14 20:31:06 -06:00
|
|
|
CLOSE_SYM ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
uint offset;
|
|
|
|
sp_instr_cclose *i;
|
|
|
|
|
|
|
|
if (! lex->spcont->find_cursor(&$2, &offset))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_CURSOR_MISMATCH, MYF(0), $2.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
i= new sp_instr_cclose(sp->instructions(), lex->spcont, offset);
|
2009-04-29 07:59:10 +05:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_opt_fetch_noise:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */
|
|
|
|
| NEXT_SYM FROM
|
|
|
|
| FROM
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_fetch_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *spc= lex->spcont;
|
|
|
|
sp_variable_t *spv;
|
|
|
|
|
|
|
|
if (!spc || !(spv = spc->find_variable(&$1)))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_UNDECLARED_VAR, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* An SP local variable */
|
|
|
|
sp_instr_cfetch *i= (sp_instr_cfetch *)sp->last_instruction();
|
|
|
|
|
|
|
|
i->add_to_varlist(spv);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| sp_fetch_list ',' ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *spc= lex->spcont;
|
|
|
|
sp_variable_t *spv;
|
|
|
|
|
|
|
|
if (!spc || !(spv = spc->find_variable(&$3)))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_UNDECLARED_VAR, MYF(0), $3.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* An SP local variable */
|
|
|
|
sp_instr_cfetch *i= (sp_instr_cfetch *)sp->last_instruction();
|
|
|
|
|
|
|
|
i->add_to_varlist(spv);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_if:
|
2005-03-04 16:35:28 +03:00
|
|
|
{ Lex->sphead->reset_lex(YYTHD); }
|
|
|
|
expr THEN_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
uint ip= sp->instructions();
|
|
|
|
sp_instr_jump_if_not *i = new sp_instr_jump_if_not(ip, ctx,
|
2005-03-04 16:35:28 +03:00
|
|
|
$2, lex);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->push_backpatch(i, ctx->push_label((char *)"", 0)) ||
|
|
|
|
sp->add_cont_backpatch(i) ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2005-03-04 16:35:28 +03:00
|
|
|
sp->restore_lex(YYTHD);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
sp_proc_stmts1
|
|
|
|
{
|
|
|
|
sp_head *sp= Lex->sphead;
|
|
|
|
sp_pcontext *ctx= Lex->spcont;
|
|
|
|
uint ip= sp->instructions();
|
|
|
|
sp_instr_jump *i = new sp_instr_jump(ip, ctx);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
2009-04-29 07:59:10 +05:00
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
sp->backpatch(ctx->pop_label());
|
|
|
|
sp->push_backpatch(i, ctx->push_label((char *)"", 0));
|
|
|
|
}
|
|
|
|
sp_elseifs
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
|
|
|
|
lex->sphead->backpatch(lex->spcont->pop_label());
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_elseifs:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */
|
|
|
|
| ELSEIF_SYM sp_if
|
|
|
|
| ELSE sp_proc_stmts1
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
case_stmt_specification:
|
|
|
|
simple_case_stmt
|
|
|
|
| searched_case_stmt
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
simple_case_stmt:
|
|
|
|
CASE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
case_stmt_action_case(lex);
|
|
|
|
lex->sphead->reset_lex(YYTHD); /* For expr $3 */
|
|
|
|
}
|
|
|
|
expr
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (case_stmt_action_expr(lex, $3))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-12-07 17:01:17 +03:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
lex->sphead->restore_lex(YYTHD); /* For expr $3 */
|
|
|
|
}
|
|
|
|
simple_when_clause_list
|
|
|
|
else_clause_opt
|
|
|
|
END
|
|
|
|
CASE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
case_stmt_action_end_case(lex, true);
|
|
|
|
}
|
|
|
|
;
|
2005-12-07 17:01:17 +03:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
searched_case_stmt:
|
|
|
|
CASE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
case_stmt_action_case(lex);
|
|
|
|
}
|
|
|
|
searched_when_clause_list
|
|
|
|
else_clause_opt
|
|
|
|
END
|
|
|
|
CASE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
case_stmt_action_end_case(lex, false);
|
|
|
|
}
|
|
|
|
;
|
2005-12-07 17:01:17 +03:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
simple_when_clause_list:
|
|
|
|
simple_when_clause
|
|
|
|
| simple_when_clause_list simple_when_clause
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
searched_when_clause_list:
|
|
|
|
searched_when_clause
|
|
|
|
| searched_when_clause_list searched_when_clause
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
simple_when_clause:
|
|
|
|
WHEN_SYM
|
|
|
|
{
|
|
|
|
Lex->sphead->reset_lex(YYTHD); /* For expr $3 */
|
|
|
|
}
|
|
|
|
expr
|
|
|
|
{
|
|
|
|
/* Simple case: <caseval> = <whenval> */
|
2004-11-11 19:01:46 -08:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
LEX *lex= Lex;
|
2008-11-21 17:38:42 +04:00
|
|
|
if (case_stmt_action_when(lex, $3, true))
|
|
|
|
MYSQL_YYABORT;
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
lex->sphead->restore_lex(YYTHD); /* For expr $3 */
|
|
|
|
}
|
|
|
|
THEN_SYM
|
|
|
|
sp_proc_stmts1
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2008-11-21 17:38:42 +04:00
|
|
|
if (case_stmt_action_then(lex))
|
|
|
|
MYSQL_YYABORT;
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
searched_when_clause:
|
|
|
|
WHEN_SYM
|
|
|
|
{
|
|
|
|
Lex->sphead->reset_lex(YYTHD); /* For expr $3 */
|
|
|
|
}
|
|
|
|
expr
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2008-11-21 17:38:42 +04:00
|
|
|
if (case_stmt_action_when(lex, $3, false))
|
|
|
|
MYSQL_YYABORT;
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
lex->sphead->restore_lex(YYTHD); /* For expr $3 */
|
|
|
|
}
|
|
|
|
THEN_SYM
|
|
|
|
sp_proc_stmts1
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2008-11-21 17:38:42 +04:00
|
|
|
if (case_stmt_action_then(lex))
|
|
|
|
MYSQL_YYABORT;
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
else_clause_opt:
|
|
|
|
/* empty */
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
uint ip= sp->instructions();
|
|
|
|
sp_instr_error *i= new sp_instr_error(ip, lex->spcont,
|
|
|
|
ER_SP_CASE_NOT_FOUND);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
}
|
|
|
|
| ELSE sp_proc_stmts1
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
sp_labeled_control:
|
2007-08-14 20:31:06 -06:00
|
|
|
label_ident ':'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
sp_label_t *lab= ctx->find_label($1.str);
|
|
|
|
|
|
|
|
if (lab)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_LABEL_REDEFINE, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
lab= lex->spcont->push_label($1.str,
|
|
|
|
lex->sphead->instructions());
|
|
|
|
lab->type= SP_LAB_ITER;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sp_unlabeled_control sp_opt_label
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2008-01-23 16:21:09 -07:00
|
|
|
sp_label_t *lab= lex->spcont->pop_label();
|
2007-08-14 20:31:06 -06:00
|
|
|
|
|
|
|
if ($5.str)
|
|
|
|
{
|
2008-01-23 16:21:09 -07:00
|
|
|
if (my_strcasecmp(system_charset_info, $5.str, lab->name) != 0)
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
my_error(ER_SP_LABEL_MISMATCH, MYF(0), $5.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
2008-01-23 16:21:09 -07:00
|
|
|
lex->sphead->backpatch(lab);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
sp_opt_label:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ { $$= null_lex_str; }
|
2005-07-06 16:37:57 +02:00
|
|
|
| label_ident { $$= $1; }
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2008-01-23 16:21:09 -07:00
|
|
|
sp_labeled_block:
|
|
|
|
label_ident ':'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
sp_label_t *lab= ctx->find_label($1.str);
|
|
|
|
|
|
|
|
if (lab)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_LABEL_REDEFINE, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
|
|
|
|
lab= lex->spcont->push_label($1.str,
|
|
|
|
lex->sphead->instructions());
|
|
|
|
lab->type= SP_LAB_BEGIN;
|
|
|
|
}
|
|
|
|
sp_block_content sp_opt_label
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_label_t *lab= lex->spcont->pop_label();
|
|
|
|
|
|
|
|
if ($5.str)
|
|
|
|
{
|
|
|
|
if (my_strcasecmp(system_charset_info, $5.str, lab->name) != 0)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_LABEL_MISMATCH, MYF(0), $5.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
sp_unlabeled_block:
|
|
|
|
{ /* Unlabeled blocks get a secret label. */
|
|
|
|
LEX *lex= Lex;
|
|
|
|
uint ip= lex->sphead->instructions();
|
|
|
|
sp_label_t *lab= lex->spcont->push_label((char *)"", ip);
|
|
|
|
lab->type= SP_LAB_BEGIN;
|
|
|
|
}
|
|
|
|
sp_block_content
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->spcont->pop_label();
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
sp_block_content:
|
2007-08-14 20:31:06 -06:00
|
|
|
BEGIN_SYM
|
|
|
|
{ /* QQ This is just a dummy for grouping declarations and statements
|
|
|
|
together. No [[NOT] ATOMIC] yet, and we need to figure out how
|
|
|
|
make it coexist with the existing BEGIN COMMIT/ROLLBACK. */
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->spcont= lex->spcont->push_context(LABEL_DEFAULT_SCOPE);
|
|
|
|
}
|
|
|
|
sp_decls
|
|
|
|
sp_proc_stmts
|
|
|
|
END
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
sp_instr *i;
|
2007-08-14 20:31:06 -06:00
|
|
|
|
|
|
|
sp->backpatch(ctx->last_label()); /* We always have a label */
|
|
|
|
if ($3.hndlrs)
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
i= new sp_instr_hpop(sp->instructions(), ctx, $3.hndlrs);
|
2009-04-29 07:59:10 +05:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
if ($3.curs)
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
i= new sp_instr_cpop(sp->instructions(), ctx, $3.curs);
|
2009-04-29 07:59:10 +05:00
|
|
|
if (i == NULL ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->spcont= ctx->pop_context();
|
|
|
|
}
|
2008-01-23 16:21:09 -07:00
|
|
|
;
|
|
|
|
|
|
|
|
sp_unlabeled_control:
|
|
|
|
LOOP_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_proc_stmts1 END LOOP_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
uint ip= lex->sphead->instructions();
|
|
|
|
sp_label_t *lab= lex->spcont->last_label(); /* Jumping back */
|
|
|
|
sp_instr_jump *i = new sp_instr_jump(ip, lex->spcont, lab->ip);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
2009-04-29 07:59:10 +05:00
|
|
|
lex->sphead->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2000-07-31 21:29:14 +02:00
|
|
|
}
|
2005-03-04 16:35:28 +03:00
|
|
|
| WHILE_SYM
|
|
|
|
{ Lex->sphead->reset_lex(YYTHD); }
|
|
|
|
expr DO_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
uint ip= sp->instructions();
|
|
|
|
sp_instr_jump_if_not *i = new sp_instr_jump_if_not(ip, lex->spcont,
|
|
|
|
$3, lex);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
2004-11-11 19:01:46 -08:00
|
|
|
/* Jumping forward */
|
2008-11-21 17:38:42 +04:00
|
|
|
sp->push_backpatch(i, lex->spcont->last_label()) ||
|
|
|
|
sp->new_cont_backpatch(i) ||
|
|
|
|
sp->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2005-03-04 16:35:28 +03:00
|
|
|
sp->restore_lex(YYTHD);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
sp_proc_stmts1 END WHILE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
uint ip= lex->sphead->instructions();
|
|
|
|
sp_label_t *lab= lex->spcont->last_label(); /* Jumping back */
|
|
|
|
sp_instr_jump *i = new sp_instr_jump(ip, lex->spcont, lab->ip);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
2009-04-29 07:59:10 +05:00
|
|
|
lex->sphead->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2005-11-04 15:37:39 +01:00
|
|
|
lex->sphead->do_cont_backpatch();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2005-03-04 16:35:28 +03:00
|
|
|
| REPEAT_SYM sp_proc_stmts1 UNTIL_SYM
|
|
|
|
{ Lex->sphead->reset_lex(YYTHD); }
|
|
|
|
expr END REPEAT_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
uint ip= lex->sphead->instructions();
|
|
|
|
sp_label_t *lab= lex->spcont->last_label(); /* Jumping back */
|
|
|
|
sp_instr_jump_if_not *i = new sp_instr_jump_if_not(ip, lex->spcont,
|
2005-03-04 16:35:28 +03:00
|
|
|
$5, lab->ip,
|
|
|
|
lex);
|
2008-11-21 17:38:42 +04:00
|
|
|
if (i == NULL ||
|
|
|
|
lex->sphead->add_instr(i))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2005-03-04 16:35:28 +03:00
|
|
|
lex->sphead->restore_lex(YYTHD);
|
2005-11-04 15:37:39 +01:00
|
|
|
/* We can shortcut the cont_backpatch here */
|
|
|
|
i->m_cont_dest= ip+1;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
trg_action_time:
|
2007-08-14 20:31:06 -06:00
|
|
|
BEFORE_SYM
|
2004-11-11 19:01:46 -08:00
|
|
|
{ Lex->trg_chistics.action_time= TRG_ACTION_BEFORE; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| AFTER_SYM
|
2004-11-11 19:01:46 -08:00
|
|
|
{ Lex->trg_chistics.action_time= TRG_ACTION_AFTER; }
|
|
|
|
;
|
|
|
|
|
|
|
|
trg_event:
|
2007-08-14 20:31:06 -06:00
|
|
|
INSERT
|
2004-11-11 19:01:46 -08:00
|
|
|
{ Lex->trg_chistics.event= TRG_EVENT_INSERT; }
|
|
|
|
| UPDATE_SYM
|
|
|
|
{ Lex->trg_chistics.event= TRG_EVENT_UPDATE; }
|
|
|
|
| DELETE_SYM
|
|
|
|
{ Lex->trg_chistics.event= TRG_EVENT_DELETE; }
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
/*
|
|
|
|
This part of the parser contains common code for all TABLESPACE
|
|
|
|
commands.
|
|
|
|
CREATE TABLESPACE name ...
|
|
|
|
ALTER TABLESPACE name CHANGE DATAFILE ...
|
|
|
|
ALTER TABLESPACE name ADD DATAFILE ...
|
|
|
|
ALTER TABLESPACE name access_mode
|
2007-02-23 22:48:15 +02:00
|
|
|
CREATE LOGFILE GROUP_SYM name ...
|
|
|
|
ALTER LOGFILE GROUP_SYM name ADD UNDOFILE ..
|
|
|
|
ALTER LOGFILE GROUP_SYM name ADD REDOFILE ..
|
2006-01-11 11:35:25 +01:00
|
|
|
DROP TABLESPACE name
|
2007-02-23 22:48:15 +02:00
|
|
|
DROP LOGFILE GROUP_SYM name
|
2006-01-11 11:35:25 +01:00
|
|
|
*/
|
|
|
|
change_tablespace_access:
|
|
|
|
tablespace_name
|
|
|
|
ts_access_mode
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
change_tablespace_info:
|
|
|
|
tablespace_name
|
|
|
|
CHANGE ts_datafile
|
|
|
|
change_ts_option_list
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
tablespace_info:
|
|
|
|
tablespace_name
|
|
|
|
ADD ts_datafile
|
|
|
|
opt_logfile_group_name
|
|
|
|
tablespace_option_list
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_logfile_group_name:
|
|
|
|
/* empty */ {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| USE_SYM LOGFILE_SYM GROUP_SYM ident
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->logfile_group_name= $4.str;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
alter_tablespace_info:
|
|
|
|
tablespace_name
|
|
|
|
ADD ts_datafile
|
2007-08-14 20:31:06 -06:00
|
|
|
alter_tablespace_option_list
|
|
|
|
{
|
|
|
|
Lex->alter_tablespace_info->ts_alter_tablespace_type= ALTER_TABLESPACE_ADD_FILE;
|
2006-01-11 11:35:25 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| tablespace_name
|
2006-01-11 11:35:25 +01:00
|
|
|
DROP ts_datafile
|
2007-08-14 20:31:06 -06:00
|
|
|
alter_tablespace_option_list
|
|
|
|
{
|
|
|
|
Lex->alter_tablespace_info->ts_alter_tablespace_type= ALTER_TABLESPACE_DROP_FILE;
|
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
logfile_group_info:
|
|
|
|
logfile_group_name
|
|
|
|
add_log_file
|
|
|
|
logfile_group_option_list
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
alter_logfile_group_info:
|
|
|
|
logfile_group_name
|
|
|
|
add_log_file
|
|
|
|
alter_logfile_group_option_list
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
add_log_file:
|
|
|
|
ADD lg_undofile
|
2007-08-14 20:31:06 -06:00
|
|
|
| ADD lg_redofile
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
change_ts_option_list:
|
|
|
|
/* empty */ {}
|
|
|
|
change_ts_options
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
change_ts_options:
|
|
|
|
change_ts_option
|
2007-08-14 20:31:06 -06:00
|
|
|
| change_ts_options change_ts_option
|
|
|
|
| change_ts_options ',' change_ts_option
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
change_ts_option:
|
|
|
|
opt_ts_initial_size
|
2007-08-14 20:31:06 -06:00
|
|
|
| opt_ts_autoextend_size
|
|
|
|
| opt_ts_max_size
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
tablespace_option_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
tablespace_options
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
tablespace_options:
|
|
|
|
tablespace_option
|
2007-08-14 20:31:06 -06:00
|
|
|
| tablespace_options tablespace_option
|
|
|
|
| tablespace_options ',' tablespace_option
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
tablespace_option:
|
|
|
|
opt_ts_initial_size
|
2007-08-14 20:31:06 -06:00
|
|
|
| opt_ts_autoextend_size
|
|
|
|
| opt_ts_max_size
|
|
|
|
| opt_ts_extent_size
|
|
|
|
| opt_ts_nodegroup
|
|
|
|
| opt_ts_engine
|
|
|
|
| ts_wait
|
|
|
|
| opt_ts_comment
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
alter_tablespace_option_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
alter_tablespace_options
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
alter_tablespace_options:
|
|
|
|
alter_tablespace_option
|
2007-08-14 20:31:06 -06:00
|
|
|
| alter_tablespace_options alter_tablespace_option
|
|
|
|
| alter_tablespace_options ',' alter_tablespace_option
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
alter_tablespace_option:
|
|
|
|
opt_ts_initial_size
|
2007-08-14 20:31:06 -06:00
|
|
|
| opt_ts_autoextend_size
|
|
|
|
| opt_ts_max_size
|
|
|
|
| opt_ts_engine
|
|
|
|
| ts_wait
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
logfile_group_option_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
logfile_group_options
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
logfile_group_options:
|
|
|
|
logfile_group_option
|
2007-08-14 20:31:06 -06:00
|
|
|
| logfile_group_options logfile_group_option
|
|
|
|
| logfile_group_options ',' logfile_group_option
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
logfile_group_option:
|
|
|
|
opt_ts_initial_size
|
2007-08-14 20:31:06 -06:00
|
|
|
| opt_ts_undo_buffer_size
|
|
|
|
| opt_ts_redo_buffer_size
|
|
|
|
| opt_ts_nodegroup
|
|
|
|
| opt_ts_engine
|
|
|
|
| ts_wait
|
|
|
|
| opt_ts_comment
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
alter_logfile_group_option_list:
|
|
|
|
alter_logfile_group_options
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
alter_logfile_group_options:
|
|
|
|
alter_logfile_group_option
|
2007-08-14 20:31:06 -06:00
|
|
|
| alter_logfile_group_options alter_logfile_group_option
|
|
|
|
| alter_logfile_group_options ',' alter_logfile_group_option
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
alter_logfile_group_option:
|
|
|
|
opt_ts_initial_size
|
2007-08-14 20:31:06 -06:00
|
|
|
| opt_ts_engine
|
|
|
|
| ts_wait
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
|
|
|
|
ts_datafile:
|
|
|
|
DATAFILE_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->data_file_name= $2.str;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
lg_undofile:
|
|
|
|
UNDOFILE_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->undo_file_name= $2.str;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
lg_redofile:
|
|
|
|
REDOFILE_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->redo_file_name= $2.str;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
tablespace_name:
|
|
|
|
ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info= new st_alter_tablespace();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (lex->alter_tablespace_info == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
lex->alter_tablespace_info->tablespace_name= $1.str;
|
|
|
|
lex->sql_command= SQLCOM_ALTER_TABLESPACE;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
logfile_group_name:
|
|
|
|
ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info= new st_alter_tablespace();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (lex->alter_tablespace_info == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
lex->alter_tablespace_info->logfile_group_name= $1.str;
|
|
|
|
lex->sql_command= SQLCOM_ALTER_TABLESPACE;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
ts_access_mode:
|
|
|
|
READ_ONLY_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_access_mode= TS_READ_ONLY;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| READ_WRITE_SYM
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_access_mode= TS_READ_WRITE;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| NOT_SYM ACCESSIBLE_SYM
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_access_mode= TS_NOT_ACCESSIBLE;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_initial_size:
|
|
|
|
INITIAL_SIZE_SYM opt_equal size_number
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->initial_size= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_autoextend_size:
|
|
|
|
AUTOEXTEND_SIZE_SYM opt_equal size_number
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->autoextend_size= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_max_size:
|
|
|
|
MAX_SIZE_SYM opt_equal size_number
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->max_size= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_extent_size:
|
|
|
|
EXTENT_SIZE_SYM opt_equal size_number
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->extent_size= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_undo_buffer_size:
|
|
|
|
UNDO_BUFFER_SIZE_SYM opt_equal size_number
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->undo_buffer_size= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_redo_buffer_size:
|
|
|
|
REDO_BUFFER_SIZE_SYM opt_equal size_number
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->redo_buffer_size= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_nodegroup:
|
2006-08-07 12:02:28 -04:00
|
|
|
NODEGROUP_SYM opt_equal real_ulong_num
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->alter_tablespace_info->nodegroup_id != UNDEF_NODEGROUP)
|
|
|
|
{
|
2006-02-06 21:52:27 +01:00
|
|
|
my_error(ER_FILEGROUP_OPTION_ONLY_ONCE,MYF(0),"NODEGROUP");
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
}
|
|
|
|
lex->alter_tablespace_info->nodegroup_id= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_comment:
|
|
|
|
COMMENT_SYM opt_equal TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->alter_tablespace_info->ts_comment != NULL)
|
|
|
|
{
|
2006-02-06 21:52:27 +01:00
|
|
|
my_error(ER_FILEGROUP_OPTION_ONLY_ONCE,MYF(0),"COMMENT");
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
}
|
|
|
|
lex->alter_tablespace_info->ts_comment= $3.str;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_engine:
|
|
|
|
opt_storage ENGINE_SYM opt_equal storage_engines
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-04-24 18:26:30 +02:00
|
|
|
if (lex->alter_tablespace_info->storage_engine != NULL)
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
2006-02-06 21:52:27 +01:00
|
|
|
my_error(ER_FILEGROUP_OPTION_ONLY_ONCE,MYF(0),
|
2006-01-11 11:35:25 +01:00
|
|
|
"STORAGE ENGINE");
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
}
|
2006-05-28 14:51:01 +02:00
|
|
|
lex->alter_tablespace_info->storage_engine= $4;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
opt_ts_wait:
|
2006-05-28 14:51:01 +02:00
|
|
|
/* empty */
|
2007-08-14 20:31:06 -06:00
|
|
|
| ts_wait
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
ts_wait:
|
|
|
|
WAIT_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->wait_until_completed= TRUE;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| NO_WAIT_SYM
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (!(lex->alter_tablespace_info->wait_until_completed))
|
|
|
|
{
|
2006-02-06 21:52:27 +01:00
|
|
|
my_error(ER_FILEGROUP_OPTION_ONLY_ONCE,MYF(0),"NO_WAIT");
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
}
|
|
|
|
lex->alter_tablespace_info->wait_until_completed= FALSE;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
size_number:
|
2006-08-07 12:02:28 -04:00
|
|
|
real_ulong_num { $$= $1;}
|
2007-08-14 20:31:06 -06:00
|
|
|
| IDENT
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
2006-11-30 03:40:42 +02:00
|
|
|
ulonglong number;
|
2006-01-11 11:35:25 +01:00
|
|
|
uint text_shift_number= 0;
|
|
|
|
longlong prefix_number;
|
|
|
|
char *start_ptr= $1.str;
|
2006-10-16 19:57:33 +03:00
|
|
|
uint str_len= $1.length;
|
2006-01-23 09:31:03 +01:00
|
|
|
char *end_ptr= start_ptr + str_len;
|
2006-01-11 11:35:25 +01:00
|
|
|
int error;
|
|
|
|
prefix_number= my_strtoll10(start_ptr, &end_ptr, &error);
|
|
|
|
if ((start_ptr + str_len - 1) == end_ptr)
|
|
|
|
{
|
|
|
|
switch (end_ptr[0])
|
|
|
|
{
|
|
|
|
case 'g':
|
|
|
|
case 'G':
|
|
|
|
text_shift_number+=10;
|
|
|
|
case 'm':
|
|
|
|
case 'M':
|
|
|
|
text_shift_number+=10;
|
|
|
|
case 'k':
|
|
|
|
case 'K':
|
|
|
|
text_shift_number+=10;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_SIZE_NUMBER, MYF(0));
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if (prefix_number >> 31)
|
|
|
|
{
|
|
|
|
my_error(ER_SIZE_OVERFLOW_ERROR, MYF(0));
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
}
|
|
|
|
number= prefix_number << text_shift_number;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_SIZE_NUMBER, MYF(0));
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-01-11 11:35:25 +01:00
|
|
|
}
|
|
|
|
$$= number;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 11:35:25 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
End tablespace part
|
|
|
|
*/
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
create2:
|
2007-08-14 20:31:06 -06:00
|
|
|
'(' create2a {}
|
2005-07-18 13:31:02 +02:00
|
|
|
| opt_create_table_options
|
2007-09-12 12:42:02 -06:00
|
|
|
opt_partitioning
|
2005-07-18 13:31:02 +02:00
|
|
|
create3 {}
|
2004-09-13 11:19:38 +02:00
|
|
|
| LIKE table_ident
|
|
|
|
{
|
2007-01-27 03:46:45 +02:00
|
|
|
THD *thd= YYTHD;
|
2008-04-17 03:27:14 +04:00
|
|
|
TABLE_LIST *src_table;
|
2007-01-27 03:46:45 +02:00
|
|
|
LEX *lex= thd->lex;
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
|
|
|
|
lex->create_info.options|= HA_LEX_CREATE_TABLE_LIKE;
|
2008-04-17 03:27:14 +04:00
|
|
|
src_table= lex->select_lex.add_table_to_list(thd, $2, NULL, 0,
|
|
|
|
TL_READ);
|
|
|
|
if (! src_table)
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2008-04-17 03:27:14 +04:00
|
|
|
/* CREATE TABLE ... LIKE is not allowed for views. */
|
|
|
|
src_table->required_type= FRMTYPE_TABLE;
|
2004-09-13 11:19:38 +02:00
|
|
|
}
|
|
|
|
| '(' LIKE table_ident ')'
|
|
|
|
{
|
2007-01-27 03:46:45 +02:00
|
|
|
THD *thd= YYTHD;
|
2008-04-17 03:27:14 +04:00
|
|
|
TABLE_LIST *src_table;
|
2007-01-27 03:46:45 +02:00
|
|
|
LEX *lex= thd->lex;
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
|
|
|
|
lex->create_info.options|= HA_LEX_CREATE_TABLE_LIKE;
|
2008-04-17 03:27:14 +04:00
|
|
|
src_table= lex->select_lex.add_table_to_list(thd, $3, NULL, 0,
|
|
|
|
TL_READ);
|
|
|
|
if (! src_table)
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2008-04-17 03:27:14 +04:00
|
|
|
/* CREATE TABLE ... LIKE is not allowed for views. */
|
|
|
|
src_table->required_type= FRMTYPE_TABLE;
|
2004-09-13 11:19:38 +02:00
|
|
|
}
|
2003-08-11 22:44:43 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-06-30 22:24:03 +02:00
|
|
|
create2a:
|
2007-08-14 20:31:06 -06:00
|
|
|
field_list ')' opt_create_table_options
|
2007-09-12 12:42:02 -06:00
|
|
|
opt_partitioning
|
2005-07-18 13:31:02 +02:00
|
|
|
create3 {}
|
2007-09-12 12:42:02 -06:00
|
|
|
| opt_partitioning
|
2005-07-18 13:31:02 +02:00
|
|
|
create_select ')'
|
2007-09-12 12:42:02 -06:00
|
|
|
{ Select->set_braces(1);}
|
|
|
|
union_opt {}
|
2003-06-17 16:20:07 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
create3:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| opt_duplicate opt_as create_select
|
2007-09-12 12:42:02 -06:00
|
|
|
{ Select->set_braces(0);}
|
|
|
|
union_clause {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| opt_duplicate opt_as '(' create_select ')'
|
2007-09-12 12:42:02 -06:00
|
|
|
{ Select->set_braces(1);}
|
|
|
|
union_opt {}
|
2003-06-17 16:20:07 +03:00
|
|
|
;
|
|
|
|
|
2005-07-18 13:31:02 +02:00
|
|
|
/*
|
|
|
|
This part of the parser is about handling of the partition information.
|
|
|
|
|
2005-11-18 16:38:01 +01:00
|
|
|
It's first version was written by Mikael Ronström with lots of answers to
|
2005-07-18 13:31:02 +02:00
|
|
|
questions provided by Antony Curtis.
|
|
|
|
|
|
|
|
The partition grammar can be called from three places.
|
|
|
|
1) CREATE TABLE ... PARTITION ..
|
|
|
|
2) ALTER TABLE table_name PARTITION ...
|
|
|
|
3) PARTITION ...
|
|
|
|
|
|
|
|
The first place is called when a new table is created from a MySQL client.
|
|
|
|
The second place is called when a table is altered with the ALTER TABLE
|
|
|
|
command from a MySQL client.
|
|
|
|
The third place is called when opening an frm file and finding partition
|
|
|
|
info in the .frm file. It is necessary to avoid allowing PARTITION to be
|
|
|
|
an allowed entry point for SQL client queries. This is arranged by setting
|
|
|
|
some state variables before arriving here.
|
|
|
|
|
|
|
|
To be able to handle errors we will only set error code in this code
|
|
|
|
and handle the error condition in the function calling the parser. This
|
|
|
|
is necessary to ensure we can also handle errors when calling the parser
|
|
|
|
from the openfrm function.
|
|
|
|
*/
|
|
|
|
opt_partitioning:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
2005-07-18 13:31:02 +02:00
|
|
|
| partitioning
|
|
|
|
;
|
|
|
|
|
|
|
|
partitioning:
|
2007-08-14 20:31:06 -06:00
|
|
|
PARTITION_SYM
|
2005-08-19 10:26:05 -04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
#ifdef WITH_PARTITION_STORAGE_ENGINE
|
|
|
|
LEX *lex= Lex;
|
|
|
|
LEX_STRING partition_name={C_STRING_WITH_LEN("partition")};
|
|
|
|
if (!plugin_is_ready(&partition_name, MYSQL_STORAGE_ENGINE_PLUGIN))
|
|
|
|
{
|
|
|
|
my_error(ER_FEATURE_DISABLED, MYF(0),
|
|
|
|
"partitioning", "--with-partition");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->part_info= new partition_info();
|
|
|
|
if (!lex->part_info)
|
|
|
|
{
|
|
|
|
mem_alloc_error(sizeof(partition_info));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (lex->sql_command == SQLCOM_ALTER_TABLE)
|
|
|
|
{
|
|
|
|
lex->alter_info.flags|= ALTER_PARTITION;
|
|
|
|
}
|
2006-10-26 19:11:09 +02:00
|
|
|
#else
|
2007-03-02 08:43:45 -08:00
|
|
|
my_error(ER_FEATURE_DISABLED, MYF(0),
|
|
|
|
"partitioning", "--with-partition");
|
2007-04-16 10:37:50 +02:00
|
|
|
MYSQL_YYABORT;
|
2006-10-26 19:11:09 +02:00
|
|
|
#endif
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
partition
|
2005-07-18 13:31:02 +02:00
|
|
|
;
|
|
|
|
|
|
|
|
partition_entry:
|
2007-08-14 20:31:06 -06:00
|
|
|
PARTITION_SYM
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
if (!lex->part_info)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_PARTITION_ENTRY_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
We enter here when opening the frm file to translate
|
|
|
|
partition info string into part_info data structure.
|
|
|
|
*/
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
partition {}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
partition:
|
2007-09-12 12:42:02 -06:00
|
|
|
BY part_type_def opt_no_parts opt_sub_part part_defs
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_type_def:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_linear KEY_SYM '(' part_field_list ')'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->part_info->list_of_part_fields= TRUE;
|
|
|
|
lex->part_info->part_type= HASH_PARTITION;
|
|
|
|
}
|
2005-07-18 13:31:02 +02:00
|
|
|
| opt_linear HASH_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->part_type= HASH_PARTITION; }
|
|
|
|
part_func {}
|
2005-07-18 13:31:02 +02:00
|
|
|
| RANGE_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->part_type= RANGE_PARTITION; }
|
|
|
|
part_func {}
|
2005-07-18 13:31:02 +02:00
|
|
|
| LIST_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->part_type= LIST_PARTITION; }
|
|
|
|
part_func {}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
opt_linear:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
2005-07-18 13:31:02 +02:00
|
|
|
| LINEAR_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->linear_hash_ind= TRUE;}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_field_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
2006-01-17 08:40:00 +01:00
|
|
|
| part_field_item_list {}
|
|
|
|
;
|
|
|
|
|
|
|
|
part_field_item_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
part_field_item {}
|
2006-01-17 08:40:00 +01:00
|
|
|
| part_field_item_list ',' part_field_item {}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_field_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
2006-01-17 08:40:00 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (Lex->part_info->part_field_list.push_back($1.str))
|
|
|
|
{
|
|
|
|
mem_alloc_error(1);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-01-17 08:40:00 +01:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_func:
|
2007-08-14 20:31:06 -06:00
|
|
|
'(' remember_name part_func_expr remember_end ')'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
uint expr_len= (uint)($4 - $2) - 1;
|
|
|
|
lex->part_info->list_of_part_fields= FALSE;
|
|
|
|
lex->part_info->part_expr= $3;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
char *func_string= (char*) sql_memdup($2+1, expr_len);
|
|
|
|
if (func_string == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->part_info->part_func_string= func_string;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->part_info->part_func_len= expr_len;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
sub_part_func:
|
2007-08-14 20:31:06 -06:00
|
|
|
'(' remember_name part_func_expr remember_end ')'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
uint expr_len= (uint)($4 - $2) - 1;
|
|
|
|
lex->part_info->list_of_subpart_fields= FALSE;
|
|
|
|
lex->part_info->subpart_expr= $3;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
char *func_string= (char*) sql_memdup($2+1, expr_len);
|
|
|
|
if (func_string == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->part_info->subpart_func_string= func_string;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->part_info->subpart_func_len= expr_len;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
|
|
|
|
opt_no_parts:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| PARTITIONS_SYM real_ulong_num
|
|
|
|
{
|
|
|
|
uint no_parts= $2;
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (no_parts == 0)
|
|
|
|
{
|
|
|
|
my_error(ER_NO_PARTS_ERROR, MYF(0), "partitions");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-01-17 08:40:00 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->part_info->no_parts= no_parts;
|
|
|
|
lex->part_info->use_default_no_partitions= FALSE;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
opt_sub_part:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
2005-07-18 13:31:02 +02:00
|
|
|
| SUBPARTITION_SYM BY opt_linear HASH_SYM sub_part_func
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->subpart_type= HASH_PARTITION; }
|
|
|
|
opt_no_subparts {}
|
2005-07-18 13:31:02 +02:00
|
|
|
| SUBPARTITION_SYM BY opt_linear KEY_SYM
|
|
|
|
'(' sub_part_field_list ')'
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->part_info->subpart_type= HASH_PARTITION;
|
|
|
|
lex->part_info->list_of_subpart_fields= TRUE;
|
|
|
|
}
|
|
|
|
opt_no_subparts {}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
sub_part_field_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
sub_part_field_item {}
|
2005-08-19 10:26:05 -04:00
|
|
|
| sub_part_field_list ',' sub_part_field_item {}
|
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
sub_part_field_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
2006-01-17 08:40:00 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (Lex->part_info->subpart_field_list.push_back($1.str))
|
|
|
|
{
|
|
|
|
mem_alloc_error(1);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-01-17 08:40:00 +01:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_func_expr:
|
2007-08-14 20:31:06 -06:00
|
|
|
bit_expr
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
bool not_corr_func;
|
|
|
|
not_corr_func= !lex->safe_to_cache_query;
|
|
|
|
lex->safe_to_cache_query= 1;
|
|
|
|
if (not_corr_func)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_CONST_EXPR_IN_PARTITION_FUNC_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
$$=$1;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
opt_no_subparts:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
2006-08-07 12:02:28 -04:00
|
|
|
| SUBPARTITIONS_SYM real_ulong_num
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
uint no_parts= $2;
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (no_parts == 0)
|
|
|
|
{
|
|
|
|
my_error(ER_NO_PARTS_ERROR, MYF(0), "subpartitions");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->part_info->no_subparts= no_parts;
|
|
|
|
lex->part_info->use_default_no_subpartitions= FALSE;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_defs:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{}
|
2005-07-18 13:31:02 +02:00
|
|
|
| '(' part_def_list ')'
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
partition_info *part_info= lex->part_info;
|
|
|
|
uint count_curr_parts= part_info->partitions.elements;
|
|
|
|
if (part_info->no_parts != 0)
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (part_info->no_parts !=
|
|
|
|
count_curr_parts)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_PARTITION_WRONG_NO_PART_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else if (count_curr_parts > 0)
|
|
|
|
{
|
|
|
|
part_info->no_parts= count_curr_parts;
|
|
|
|
}
|
|
|
|
part_info->count_curr_subparts= 0;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_def_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
part_definition {}
|
2005-08-19 10:26:05 -04:00
|
|
|
| part_def_list ',' part_definition {}
|
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_definition:
|
2007-08-14 20:31:06 -06:00
|
|
|
PARTITION_SYM
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
partition_info *part_info= lex->part_info;
|
|
|
|
partition_element *p_elem= new partition_element();
|
|
|
|
|
|
|
|
if (!p_elem || part_info->partitions.push_back(p_elem))
|
|
|
|
{
|
|
|
|
mem_alloc_error(sizeof(partition_element));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
p_elem->part_state= PART_NORMAL;
|
|
|
|
part_info->curr_part_elem= p_elem;
|
|
|
|
part_info->current_partition= p_elem;
|
|
|
|
part_info->use_default_partitions= FALSE;
|
|
|
|
part_info->use_default_no_partitions= FALSE;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2007-09-12 12:42:02 -06:00
|
|
|
part_name
|
|
|
|
opt_part_values
|
|
|
|
opt_part_options
|
|
|
|
opt_sub_partition
|
|
|
|
{}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
partition_info *part_info= lex->part_info;
|
|
|
|
partition_element *p_elem= part_info->curr_part_elem;
|
|
|
|
p_elem->partition_name= $1.str;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
opt_part_values:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
if (! lex->is_partition_management())
|
2005-08-19 10:26:05 -04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->part_info->part_type == RANGE_PARTITION)
|
|
|
|
{
|
|
|
|
my_error(ER_PARTITION_REQUIRES_VALUES_ERROR, MYF(0),
|
|
|
|
"RANGE", "LESS THAN");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (lex->part_info->part_type == LIST_PARTITION)
|
|
|
|
{
|
|
|
|
my_error(ER_PARTITION_REQUIRES_VALUES_ERROR, MYF(0),
|
|
|
|
"LIST", "IN");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else
|
|
|
|
lex->part_info->part_type= HASH_PARTITION;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
|
|
|
| VALUES LESS_SYM THAN_SYM part_func_max
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
if (! lex->is_partition_management())
|
2005-08-19 10:26:05 -04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (Lex->part_info->part_type != RANGE_PARTITION)
|
|
|
|
{
|
|
|
|
my_error(ER_PARTITION_WRONG_VALUES_ERROR, MYF(0),
|
|
|
|
"RANGE", "LESS THAN");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else
|
|
|
|
lex->part_info->part_type= RANGE_PARTITION;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
|
|
|
| VALUES IN_SYM '(' part_list_func ')'
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
if (! lex->is_partition_management())
|
2005-08-19 10:26:05 -04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (Lex->part_info->part_type != LIST_PARTITION)
|
|
|
|
{
|
|
|
|
my_error(ER_PARTITION_WRONG_VALUES_ERROR, MYF(0),
|
|
|
|
"LIST", "IN");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else
|
|
|
|
lex->part_info->part_type= LIST_PARTITION;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_func_max:
|
2007-08-14 20:31:06 -06:00
|
|
|
max_value_sym
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->part_info->defined_max_value)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_PARTITION_MAXVALUE_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->part_info->defined_max_value= TRUE;
|
|
|
|
lex->part_info->curr_part_elem->max_value= TRUE;
|
|
|
|
lex->part_info->curr_part_elem->range_value= LONGLONG_MAX;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
|
|
|
| part_range_func
|
2006-04-10 22:29:11 -04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (Lex->part_info->defined_max_value)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_PARTITION_MAXVALUE_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (Lex->part_info->curr_part_elem->has_null_value)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_NULL_IN_VALUES_LESS_THAN));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-04-10 22:29:11 -04:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
2006-06-05 14:55:22 -04:00
|
|
|
max_value_sym:
|
2007-08-14 20:31:06 -06:00
|
|
|
MAX_VALUE_SYM
|
2006-06-05 14:55:22 -04:00
|
|
|
| '(' MAX_VALUE_SYM ')'
|
|
|
|
;
|
|
|
|
|
2005-07-18 13:31:02 +02:00
|
|
|
part_range_func:
|
2007-08-14 20:31:06 -06:00
|
|
|
'(' part_bit_expr ')'
|
|
|
|
{
|
|
|
|
partition_info *part_info= Lex->part_info;
|
|
|
|
if (!($2->unsigned_flag))
|
|
|
|
part_info->curr_part_elem->signed_flag= TRUE;
|
|
|
|
part_info->curr_part_elem->range_value= $2->value;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_list_func:
|
2007-08-14 20:31:06 -06:00
|
|
|
part_list_item {}
|
2005-08-19 10:26:05 -04:00
|
|
|
| part_list_func ',' part_list_item {}
|
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_list_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
part_bit_expr
|
|
|
|
{
|
|
|
|
part_elem_value *value_ptr= $1;
|
|
|
|
partition_info *part_info= Lex->part_info;
|
|
|
|
if (!value_ptr->unsigned_flag)
|
|
|
|
part_info->curr_part_elem->signed_flag= TRUE;
|
|
|
|
if (!value_ptr->null_value &&
|
|
|
|
part_info->curr_part_elem->
|
|
|
|
list_val_list.push_back(value_ptr))
|
|
|
|
{
|
|
|
|
mem_alloc_error(sizeof(part_elem_value));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-07-22 14:47:05 -04:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
part_bit_expr:
|
2007-08-14 20:31:06 -06:00
|
|
|
bit_expr
|
2006-03-07 15:25:08 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Item *part_expr= $1;
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
Name_resolution_context *context= &lex->current_select->context;
|
|
|
|
TABLE_LIST *save_list= context->table_list;
|
|
|
|
const char *save_where= thd->where;
|
|
|
|
|
|
|
|
context->table_list= 0;
|
|
|
|
thd->where= "partition function";
|
|
|
|
|
|
|
|
part_elem_value *value_ptr=
|
|
|
|
(part_elem_value*)sql_alloc(sizeof(part_elem_value));
|
|
|
|
if (!value_ptr)
|
2006-03-07 15:25:08 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
mem_alloc_error(sizeof(part_elem_value));
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-03-07 15:25:08 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
if (part_expr->walk(&Item::check_partition_func_processor, 0,
|
|
|
|
NULL))
|
|
|
|
{
|
|
|
|
my_error(ER_PARTITION_FUNCTION_IS_NOT_ALLOWED, MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (part_expr->fix_fields(YYTHD, (Item**)0) ||
|
|
|
|
((context->table_list= save_list), FALSE) ||
|
|
|
|
(!part_expr->const_item()) ||
|
|
|
|
(!lex->safe_to_cache_query))
|
|
|
|
{
|
|
|
|
my_error(ER_NO_CONST_EXPR_IN_RANGE_OR_LIST_ERROR, MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
thd->where= save_where;
|
|
|
|
value_ptr->value= part_expr->val_int();
|
|
|
|
value_ptr->unsigned_flag= TRUE;
|
|
|
|
if (!part_expr->unsigned_flag &&
|
|
|
|
value_ptr->value < 0)
|
|
|
|
value_ptr->unsigned_flag= FALSE;
|
|
|
|
if ((value_ptr->null_value= part_expr->null_value))
|
|
|
|
{
|
|
|
|
if (Lex->part_info->curr_part_elem->has_null_value)
|
|
|
|
{
|
|
|
|
my_error(ER_MULTIPLE_DEF_CONST_IN_LIST_PART_ERROR, MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
Lex->part_info->curr_part_elem->has_null_value= TRUE;
|
|
|
|
}
|
|
|
|
else if (part_expr->result_type() != INT_RESULT)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_INCONSISTENT_TYPE_OF_FUNCTIONS_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
$$= value_ptr;
|
2005-07-22 14:47:05 -04:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
opt_sub_partition:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (Lex->part_info->no_subparts != 0 &&
|
|
|
|
!Lex->part_info->use_default_subpartitions)
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2009-07-29 17:56:32 +02:00
|
|
|
/*
|
|
|
|
We come here when we have defined subpartitions on the first
|
|
|
|
partition but not on all the subsequent partitions.
|
|
|
|
*/
|
2007-03-07 16:08:36 +03:00
|
|
|
my_parse_error(ER(ER_PARTITION_WRONG_NO_SUBPART_ERROR));
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| '(' sub_part_list ')'
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
partition_info *part_info= lex->part_info;
|
|
|
|
if (part_info->no_subparts != 0)
|
2006-03-13 02:36:02 -08:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (part_info->no_subparts !=
|
|
|
|
part_info->count_curr_subparts)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_PARTITION_WRONG_NO_SUBPART_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-03-13 02:36:02 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else if (part_info->count_curr_subparts > 0)
|
|
|
|
{
|
|
|
|
if (part_info->partitions.elements > 1)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_PARTITION_WRONG_NO_SUBPART_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
part_info->no_subparts= part_info->count_curr_subparts;
|
2006-03-13 02:36:02 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
part_info->count_curr_subparts= 0;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
sub_part_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
sub_part_definition {}
|
2005-08-19 10:26:05 -04:00
|
|
|
| sub_part_list ',' sub_part_definition {}
|
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
sub_part_definition:
|
2007-08-14 20:31:06 -06:00
|
|
|
SUBPARTITION_SYM
|
2005-07-18 13:31:02 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
partition_info *part_info= lex->part_info;
|
|
|
|
partition_element *curr_part= part_info->current_partition;
|
|
|
|
partition_element *sub_p_elem= new partition_element(curr_part);
|
2009-07-29 17:56:32 +02:00
|
|
|
if (part_info->use_default_subpartitions &&
|
|
|
|
part_info->partitions.elements >= 2)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
create table t1 (a int)
|
|
|
|
partition by list (a) subpartition by hash (a)
|
|
|
|
(partition p0 values in (1),
|
|
|
|
partition p1 values in (2) subpartition sp11);
|
|
|
|
causes use to arrive since we are on the second
|
|
|
|
partition, but still use_default_subpartitions
|
|
|
|
is set. When we come here we're processing at least
|
|
|
|
the second partition (the current partition processed
|
|
|
|
have already been put into the partitions list.
|
|
|
|
*/
|
|
|
|
my_parse_error(ER(ER_PARTITION_WRONG_NO_SUBPART_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
if (!sub_p_elem ||
|
|
|
|
curr_part->subpartitions.push_back(sub_p_elem))
|
|
|
|
{
|
|
|
|
mem_alloc_error(sizeof(partition_element));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
part_info->curr_part_elem= sub_p_elem;
|
|
|
|
part_info->use_default_subpartitions= FALSE;
|
|
|
|
part_info->use_default_no_subpartitions= FALSE;
|
|
|
|
part_info->count_curr_subparts++;
|
2005-07-18 13:31:02 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
sub_name opt_part_options {}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
sub_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_or_text
|
|
|
|
{ Lex->part_info->curr_part_elem->partition_name= $1.str; }
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
opt_part_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
2005-08-19 10:26:05 -04:00
|
|
|
| opt_part_option_list {}
|
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
opt_part_option_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_part_option_list opt_part_option {}
|
2005-08-19 10:26:05 -04:00
|
|
|
| opt_part_option {}
|
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
opt_part_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
TABLESPACE opt_equal ident_or_text
|
|
|
|
{ Lex->part_info->curr_part_elem->tablespace_name= $3.str; }
|
2005-07-18 13:31:02 +02:00
|
|
|
| opt_storage ENGINE_SYM opt_equal storage_engines
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->part_info->curr_part_elem->engine_type= $4;
|
|
|
|
lex->part_info->default_engine_type= $4;
|
|
|
|
}
|
2006-08-07 12:02:28 -04:00
|
|
|
| NODEGROUP_SYM opt_equal real_ulong_num
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->curr_part_elem->nodegroup_id= (uint16) $3; }
|
2006-08-07 12:02:28 -04:00
|
|
|
| MAX_ROWS opt_equal real_ulonglong_num
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->curr_part_elem->part_max_rows= (ha_rows) $3; }
|
2006-08-07 12:02:28 -04:00
|
|
|
| MIN_ROWS opt_equal real_ulonglong_num
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->curr_part_elem->part_min_rows= (ha_rows) $3; }
|
2005-07-18 13:31:02 +02:00
|
|
|
| DATA_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->curr_part_elem->data_file_name= $4.str; }
|
2005-07-18 13:31:02 +02:00
|
|
|
| INDEX_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->curr_part_elem->index_file_name= $4.str; }
|
2005-07-18 13:31:02 +02:00
|
|
|
| COMMENT_SYM opt_equal TEXT_STRING_sys
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->part_info->curr_part_elem->part_comment= $3.str; }
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
2005-07-18 13:31:02 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
End of partition parser part
|
|
|
|
*/
|
|
|
|
|
2003-06-30 22:24:03 +02:00
|
|
|
create_select:
|
2003-06-17 16:20:07 +03:00
|
|
|
SELECT_SYM
|
2000-07-31 21:29:14 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
2008-09-29 10:53:40 -03:00
|
|
|
lex->lock_option= TL_READ_DEFAULT;
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sql_command == SQLCOM_INSERT)
|
|
|
|
lex->sql_command= SQLCOM_INSERT_SELECT;
|
|
|
|
else if (lex->sql_command == SQLCOM_REPLACE)
|
|
|
|
lex->sql_command= SQLCOM_REPLACE_SELECT;
|
|
|
|
/*
|
2004-11-11 19:01:46 -08:00
|
|
|
The following work only with the local list, the global list
|
|
|
|
is created correctly in this case
|
2007-08-14 20:31:06 -06:00
|
|
|
*/
|
|
|
|
lex->current_select->table_list.save_and_clear(&lex->save_list);
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->current_select->parsing_place= SELECT_LIST;
|
2000-07-31 21:29:14 +02:00
|
|
|
}
|
2003-05-17 10:05:07 +03:00
|
|
|
select_options select_item_list
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Select->parsing_place= NO_MATTER;
|
|
|
|
}
|
|
|
|
opt_select_from
|
|
|
|
{
|
|
|
|
/*
|
2004-11-11 19:01:46 -08:00
|
|
|
The following work only with the local list, the global list
|
|
|
|
is created correctly in this case
|
2007-08-14 20:31:06 -06:00
|
|
|
*/
|
|
|
|
Lex->current_select->table_list.push_front(&Lex->save_list);
|
|
|
|
}
|
2003-08-11 22:44:43 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2000-10-14 03:16:35 +03:00
|
|
|
opt_as:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| AS {}
|
|
|
|
;
|
2000-10-14 03:16:35 +03:00
|
|
|
|
2003-01-09 15:37:59 +04:00
|
|
|
opt_create_database_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| create_database_options {}
|
|
|
|
;
|
2003-01-09 15:37:59 +04:00
|
|
|
|
|
|
|
create_database_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
create_database_option {}
|
|
|
|
| create_database_options create_database_option {}
|
|
|
|
;
|
2003-01-09 15:37:59 +04:00
|
|
|
|
|
|
|
create_database_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
default_collation {}
|
|
|
|
| default_charset {}
|
|
|
|
;
|
2003-01-09 15:37:59 +04:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
opt_table_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= 0; }
|
|
|
|
| table_options { $$= $1;}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
table_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_option { $$=$1; }
|
|
|
|
| table_option table_options { $$= $1 | $2; }
|
|
|
|
;
|
2000-08-22 00:39:08 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
table_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
TEMPORARY { $$=HA_LEX_CREATE_TMP_TABLE; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_if_not_exists:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= 0; }
|
|
|
|
| IF not EXISTS { $$=HA_LEX_CREATE_IF_NOT_EXISTS; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_create_table_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| create_table_options
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-10-23 19:18:54 +05:00
|
|
|
create_table_options_space_separated:
|
2007-08-14 20:31:06 -06:00
|
|
|
create_table_option
|
|
|
|
| create_table_option create_table_options_space_separated
|
|
|
|
;
|
2002-10-23 19:18:54 +05:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
create_table_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
create_table_option
|
|
|
|
| create_table_option create_table_options
|
|
|
|
| create_table_option ',' create_table_options
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
create_table_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
ENGINE_SYM opt_equal storage_engines
|
|
|
|
{
|
|
|
|
Lex->create_info.db_type= $3;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_ENGINE;
|
|
|
|
}
|
|
|
|
| TYPE_SYM opt_equal storage_engines
|
2006-03-01 21:36:05 +01:00
|
|
|
{
|
|
|
|
Lex->create_info.db_type= $3;
|
2009-02-16 08:38:15 -03:00
|
|
|
WARN_DEPRECATED(yythd, "6.0", "TYPE=storage_engine",
|
2006-03-01 21:36:05 +01:00
|
|
|
"'ENGINE=storage_engine'");
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_ENGINE;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MAX_ROWS opt_equal ulonglong_num
|
|
|
|
{
|
|
|
|
Lex->create_info.max_rows= $3;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_MAX_ROWS;
|
|
|
|
}
|
|
|
|
| MIN_ROWS opt_equal ulonglong_num
|
|
|
|
{
|
|
|
|
Lex->create_info.min_rows= $3;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_MIN_ROWS;
|
|
|
|
}
|
|
|
|
| AVG_ROW_LENGTH opt_equal ulong_num
|
|
|
|
{
|
|
|
|
Lex->create_info.avg_row_length=$3;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_AVG_ROW_LENGTH;
|
|
|
|
}
|
|
|
|
| PASSWORD opt_equal TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->create_info.password=$3.str;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_PASSWORD;
|
|
|
|
}
|
|
|
|
| COMMENT_SYM opt_equal TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->create_info.comment=$3;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_COMMENT;
|
|
|
|
}
|
|
|
|
| AUTO_INC opt_equal ulonglong_num
|
|
|
|
{
|
|
|
|
Lex->create_info.auto_increment_value=$3;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_AUTO;
|
|
|
|
}
|
2005-08-29 17:24:07 +02:00
|
|
|
| PACK_KEYS_SYM opt_equal ulong_num
|
|
|
|
{
|
|
|
|
switch($3) {
|
|
|
|
case 0:
|
|
|
|
Lex->create_info.table_options|= HA_OPTION_NO_PACK_KEYS;
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
Lex->create_info.table_options|= HA_OPTION_PACK_KEYS;
|
|
|
|
break;
|
|
|
|
default:
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
2005-08-29 17:24:07 +02:00
|
|
|
}
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_PACK_KEYS;
|
|
|
|
}
|
|
|
|
| PACK_KEYS_SYM opt_equal DEFAULT
|
|
|
|
{
|
|
|
|
Lex->create_info.table_options&=
|
|
|
|
~(HA_OPTION_PACK_KEYS | HA_OPTION_NO_PACK_KEYS);
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_PACK_KEYS;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CHECKSUM_SYM opt_equal ulong_num
|
|
|
|
{
|
|
|
|
Lex->create_info.table_options|= $3 ? HA_OPTION_CHECKSUM : HA_OPTION_NO_CHECKSUM;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_CHECKSUM;
|
|
|
|
}
|
2007-10-11 18:07:40 +03:00
|
|
|
| TABLE_CHECKSUM_SYM opt_equal ulong_num
|
|
|
|
{
|
|
|
|
Lex->create_info.table_options|= $3 ? HA_OPTION_CHECKSUM : HA_OPTION_NO_CHECKSUM;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_CHECKSUM;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DELAY_KEY_WRITE_SYM opt_equal ulong_num
|
|
|
|
{
|
|
|
|
Lex->create_info.table_options|= $3 ? HA_OPTION_DELAY_KEY_WRITE : HA_OPTION_NO_DELAY_KEY_WRITE;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_DELAY_KEY_WRITE;
|
|
|
|
}
|
|
|
|
| ROW_FORMAT_SYM opt_equal row_types
|
|
|
|
{
|
|
|
|
Lex->create_info.row_type= $3;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_ROW_FORMAT;
|
|
|
|
}
|
2008-03-14 19:30:49 +01:00
|
|
|
| UNION_SYM opt_equal '(' opt_table_list ')'
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
/* Move the union list to the merge_list */
|
|
|
|
LEX *lex=Lex;
|
|
|
|
TABLE_LIST *table_list= lex->select_lex.get_table_list();
|
|
|
|
lex->create_info.merge_list= lex->select_lex.table_list;
|
|
|
|
lex->create_info.merge_list.elements--;
|
|
|
|
lex->create_info.merge_list.first=
|
|
|
|
(uchar*) (table_list->next_local);
|
|
|
|
lex->select_lex.table_list.elements=1;
|
|
|
|
lex->select_lex.table_list.next=
|
|
|
|
(uchar**) &(table_list->next_local);
|
|
|
|
table_list->next_local= 0;
|
|
|
|
lex->create_info.used_fields|= HA_CREATE_USED_UNION;
|
|
|
|
}
|
|
|
|
| default_charset
|
|
|
|
| default_collation
|
|
|
|
| INSERT_METHOD opt_equal merge_insert_types
|
|
|
|
{
|
|
|
|
Lex->create_info.merge_insert_method= $3;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_INSERT_METHOD;
|
|
|
|
}
|
|
|
|
| DATA_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->create_info.data_file_name= $4.str;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_DATADIR;
|
|
|
|
}
|
|
|
|
| INDEX_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->create_info.index_file_name= $4.str;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_INDEXDIR;
|
|
|
|
}
|
|
|
|
| TABLESPACE ident
|
|
|
|
{Lex->create_info.tablespace= $2.str;}
|
|
|
|
| STORAGE_SYM DISK_SYM
|
|
|
|
{Lex->create_info.storage_media= HA_SM_DISK;}
|
|
|
|
| STORAGE_SYM MEMORY_SYM
|
|
|
|
{Lex->create_info.storage_media= HA_SM_MEMORY;}
|
|
|
|
| CONNECTION_SYM opt_equal TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->create_info.connect_string.str= $3.str;
|
|
|
|
Lex->create_info.connect_string.length= $3.length;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_CONNECTION;
|
|
|
|
}
|
|
|
|
| KEY_BLOCK_SIZE opt_equal ulong_num
|
|
|
|
{
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_KEY_BLOCK_SIZE;
|
|
|
|
Lex->create_info.key_block_size= $3;
|
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-08-27 20:48:19 +05:00
|
|
|
default_charset:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_default charset opt_equal charset_name_or_default
|
|
|
|
{
|
|
|
|
HA_CREATE_INFO *cinfo= &Lex->create_info;
|
|
|
|
if ((cinfo->used_fields & HA_CREATE_USED_DEFAULT_CHARSET) &&
|
|
|
|
cinfo->default_table_charset && $4 &&
|
|
|
|
!my_charset_same(cinfo->default_table_charset,$4))
|
2004-08-27 20:48:19 +05:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
my_error(ER_CONFLICTING_DECLARATIONS, MYF(0),
|
|
|
|
"CHARACTER SET ", cinfo->default_table_charset->csname,
|
|
|
|
"CHARACTER SET ", $4->csname);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-08-27 20:48:19 +05:00
|
|
|
}
|
|
|
|
Lex->create_info.default_table_charset= $4;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_DEFAULT_CHARSET;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2004-08-27 20:48:19 +05:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
default_collation:
|
|
|
|
opt_default COLLATE_SYM opt_equal collation_name_or_default
|
Bug#24392 (SHOW ENGINE MUTEX STATUS is a synonym for SHOW INNODB STATUS)
Before this fix, the command SHOW ENGINE <name> STATUS would:
- print a warning if the engine name is unknown,
- proceed and implement the same behavior as SHOW ENGINE ALL STATUS,
and list the status of all the storage engines registered.
In particular, this behavior caused confusion about the command :
SHOW ENGINE MUTEX STATUS, which as a side effect would print the status
of the innodb engine when that engine is registered.
Also, before this fix, every time an unknown engine name was substituted by
the default engine (which happen unless SQL_MODE NO_ENGINE_SUBSTITUTION is
set), a malformed warning was raised.
For example, the command ALTER TABLE T1 ENGINE = X would print :
Warnings:
Error 1286 Unknown table engine 'X'
With this fix:
SHOW ENGINE <name> STATUS|LOGS|MUTEX
always fails with an error when the engine <name> is unknown.
For other commands, warnings about unknown engines are raised as:
Warnings:
Warning 1286 Unknown table engine 'X'
In other words, engine substitution never affect the SHOW ENGINE command,
since this would lead to very confusing results.
2007-01-23 15:14:08 -07:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
HA_CREATE_INFO *cinfo= &Lex->create_info;
|
|
|
|
if ((cinfo->used_fields & HA_CREATE_USED_DEFAULT_CHARSET) &&
|
|
|
|
cinfo->default_table_charset && $4 &&
|
|
|
|
!my_charset_same(cinfo->default_table_charset,$4))
|
|
|
|
{
|
|
|
|
my_error(ER_COLLATION_CHARSET_MISMATCH, MYF(0),
|
|
|
|
$4->name, cinfo->default_table_charset->csname);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
Lex->create_info.default_table_charset= $4;
|
|
|
|
Lex->create_info.used_fields|= HA_CREATE_USED_DEFAULT_CHARSET;
|
Bug#24392 (SHOW ENGINE MUTEX STATUS is a synonym for SHOW INNODB STATUS)
Before this fix, the command SHOW ENGINE <name> STATUS would:
- print a warning if the engine name is unknown,
- proceed and implement the same behavior as SHOW ENGINE ALL STATUS,
and list the status of all the storage engines registered.
In particular, this behavior caused confusion about the command :
SHOW ENGINE MUTEX STATUS, which as a side effect would print the status
of the innodb engine when that engine is registered.
Also, before this fix, every time an unknown engine name was substituted by
the default engine (which happen unless SQL_MODE NO_ENGINE_SUBSTITUTION is
set), a malformed warning was raised.
For example, the command ALTER TABLE T1 ENGINE = X would print :
Warnings:
Error 1286 Unknown table engine 'X'
With this fix:
SHOW ENGINE <name> STATUS|LOGS|MUTEX
always fails with an error when the engine <name> is unknown.
For other commands, warnings about unknown engines are raised as:
Warnings:
Warning 1286 Unknown table engine 'X'
In other words, engine substitution never affect the SHOW ENGINE command,
since this would lead to very confusing results.
2007-01-23 15:14:08 -07:00
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2003-12-17 22:52:03 +00:00
|
|
|
storage_engines:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_or_text
|
2006-05-28 14:51:01 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
plugin_ref plugin= ha_resolve_by_name(YYTHD, &$1);
|
|
|
|
|
|
|
|
if (plugin)
|
|
|
|
$$= plugin_data(plugin, handlerton*);
|
|
|
|
else
|
2007-04-16 10:37:50 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (YYTHD->variables.sql_mode & MODE_NO_ENGINE_SUBSTITUTION)
|
|
|
|
{
|
|
|
|
my_error(ER_UNKNOWN_STORAGE_ENGINE, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
$$= 0;
|
|
|
|
push_warning_printf(YYTHD, MYSQL_ERROR::WARN_LEVEL_WARN,
|
|
|
|
ER_UNKNOWN_STORAGE_ENGINE,
|
|
|
|
ER(ER_UNKNOWN_STORAGE_ENGINE),
|
|
|
|
$1.str);
|
2007-04-16 10:37:50 +02:00
|
|
|
}
|
2006-05-28 14:51:01 +02:00
|
|
|
}
|
2007-04-16 18:16:17 +02:00
|
|
|
;
|
Bug#24392 (SHOW ENGINE MUTEX STATUS is a synonym for SHOW INNODB STATUS)
Before this fix, the command SHOW ENGINE <name> STATUS would:
- print a warning if the engine name is unknown,
- proceed and implement the same behavior as SHOW ENGINE ALL STATUS,
and list the status of all the storage engines registered.
In particular, this behavior caused confusion about the command :
SHOW ENGINE MUTEX STATUS, which as a side effect would print the status
of the innodb engine when that engine is registered.
Also, before this fix, every time an unknown engine name was substituted by
the default engine (which happen unless SQL_MODE NO_ENGINE_SUBSTITUTION is
set), a malformed warning was raised.
For example, the command ALTER TABLE T1 ENGINE = X would print :
Warnings:
Error 1286 Unknown table engine 'X'
With this fix:
SHOW ENGINE <name> STATUS|LOGS|MUTEX
always fails with an error when the engine <name> is unknown.
For other commands, warnings about unknown engines are raised as:
Warnings:
Warning 1286 Unknown table engine 'X'
In other words, engine substitution never affect the SHOW ENGINE command,
since this would lead to very confusing results.
2007-01-23 15:14:08 -07:00
|
|
|
|
2007-04-16 10:37:50 +02:00
|
|
|
known_storage_engines:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_or_text
|
|
|
|
{
|
|
|
|
plugin_ref plugin;
|
|
|
|
if ((plugin= ha_resolve_by_name(YYTHD, &$1)))
|
|
|
|
$$= plugin_data(plugin, handlerton*);
|
|
|
|
else
|
|
|
|
{
|
|
|
|
my_error(ER_UNKNOWN_STORAGE_ENGINE, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-05-28 14:51:01 +02:00
|
|
|
}
|
2007-04-16 10:37:50 +02:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
row_types:
|
2007-08-14 20:31:06 -06:00
|
|
|
DEFAULT { $$= ROW_TYPE_DEFAULT; }
|
|
|
|
| FIXED_SYM { $$= ROW_TYPE_FIXED; }
|
|
|
|
| DYNAMIC_SYM { $$= ROW_TYPE_DYNAMIC; }
|
|
|
|
| COMPRESSED_SYM { $$= ROW_TYPE_COMPRESSED; }
|
|
|
|
| REDUNDANT_SYM { $$= ROW_TYPE_REDUNDANT; }
|
|
|
|
| COMPACT_SYM { $$= ROW_TYPE_COMPACT; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-09-22 17:40:57 +03:00
|
|
|
merge_insert_types:
|
2007-08-14 20:31:06 -06:00
|
|
|
NO_SYM { $$= MERGE_INSERT_DISABLED; }
|
2001-09-22 17:40:57 +03:00
|
|
|
| FIRST_SYM { $$= MERGE_INSERT_TO_FIRST; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| LAST_SYM { $$= MERGE_INSERT_TO_LAST; }
|
|
|
|
;
|
2001-09-22 17:40:57 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
opt_select_from:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_limit_clause {}
|
|
|
|
| select_from select_lock_type
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
udf_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
STRING_SYM {$$ = (int) STRING_RESULT; }
|
|
|
|
| REAL {$$ = (int) REAL_RESULT; }
|
2005-02-09 02:50:45 +04:00
|
|
|
| DECIMAL_SYM {$$ = (int) DECIMAL_RESULT; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| INT_SYM {$$ = (int) INT_RESULT; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
field_list_item
|
|
|
|
| field_list ',' field_list_item
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_list_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
column_def
|
|
|
|
| key_def
|
|
|
|
;
|
2003-02-22 01:07:17 +01:00
|
|
|
|
|
|
|
column_def:
|
2007-08-14 20:31:06 -06:00
|
|
|
field_spec opt_check_constraint
|
|
|
|
| field_spec references
|
|
|
|
{
|
|
|
|
Lex->col_list.empty(); /* Alloced by sql_alloc */
|
|
|
|
}
|
|
|
|
;
|
2003-02-22 01:07:17 +01:00
|
|
|
|
|
|
|
key_def:
|
2007-08-14 20:31:06 -06:00
|
|
|
key_type opt_ident key_alg '(' key_list ')' key_options
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if ($1 != Key::FULLTEXT && lex->key_create_info.parser_name.str)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
Key *key= new Key($1, $2, &lex->key_create_info, 0,
|
|
|
|
lex->col_list);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (key == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.key_list.push_back(key);
|
|
|
|
lex->col_list.empty(); /* Alloced by sql_alloc */
|
|
|
|
}
|
|
|
|
| opt_constraint constraint_key_type opt_ident key_alg
|
|
|
|
'(' key_list ')' key_options
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
const char *key_name= $3 ? $3 : $1;
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
Key *key= new Key($2, key_name, &lex->key_create_info, 0,
|
|
|
|
lex->col_list);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (key == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.key_list.push_back(key);
|
|
|
|
lex->col_list.empty(); /* Alloced by sql_alloc */
|
|
|
|
}
|
|
|
|
| opt_constraint FOREIGN KEY_SYM opt_ident '(' key_list ')' references
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2007-09-13 19:22:08 -03:00
|
|
|
const char *key_name= $1 ? $1 : $4;
|
|
|
|
const char *fkey_name = $4 ? $4 : key_name;
|
|
|
|
Key *key= new Foreign_key(fkey_name, lex->col_list,
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
$8,
|
|
|
|
lex->ref_list,
|
|
|
|
lex->fk_delete_opt,
|
|
|
|
lex->fk_update_opt,
|
|
|
|
lex->fk_match_option);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (key == NULL)
|
|
|
|
MYSQL_YYABORT;
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
lex->alter_info.key_list.push_back(key);
|
|
|
|
key= new Key(Key::MULTIPLE, key_name,
|
|
|
|
&default_key_create_info, 1,
|
|
|
|
lex->col_list);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (key == NULL)
|
|
|
|
MYSQL_YYABORT;
|
5.1 version of a fix and test cases for bugs:
Bug#4968 ""Stored procedure crash if cursor opened on altered table"
Bug#6895 "Prepared Statements: ALTER TABLE DROP COLUMN does nothing"
Bug#19182 "CREATE TABLE bar (m INT) SELECT n FROM foo; doesn't work from
stored procedure."
Bug#19733 "Repeated alter, or repeated create/drop, fails"
Bug#22060 "ALTER TABLE x AUTO_INCREMENT=y in SP crashes server"
Bug#24879 "Prepared Statements: CREATE TABLE (UTF8 KEY) produces a
growing key length" (this bug is not fixed in 5.0)
Re-execution of CREATE DATABASE, CREATE TABLE and ALTER TABLE
statements in stored routines or as prepared statements caused
incorrect results (and crashes in versions prior to 5.0.25).
In 5.1 the problem occured only for CREATE DATABASE, CREATE TABLE
SELECT and CREATE TABLE with INDEX/DATA DIRECTOY options).
The problem of bugs 4968, 19733, 19282 and 6895 was that functions
mysql_prepare_table, mysql_create_table and mysql_alter_table are not
re-execution friendly: during their operation they modify contents
of LEX (members create_info, alter_info, key_list, create_list),
thus making the LEX unusable for the next execution.
In particular, these functions removed processed columns and keys from
create_list, key_list and drop_list. Search the code in sql_table.cc
for drop_it.remove() and similar patterns to find evidence.
The fix is to supply to these functions a usable copy of each of the
above structures at every re-execution of an SQL statement.
To simplify memory management, LEX::key_list and LEX::create_list
were added to LEX::alter_info, a fresh copy of which is created for
every execution.
The problem of crashing bug 22060 stemmed from the fact that the above
metnioned functions were not only modifying HA_CREATE_INFO structure
in LEX, but also were changing it to point to areas in volatile memory
of the execution memory root.
The patch solves this problem by creating and using an on-stack
copy of HA_CREATE_INFO in mysql_execute_command.
Additionally, this patch splits the part of mysql_alter_table
that analizes and rewrites information from the parser into
a separate function - mysql_prepare_alter_table, in analogy with
mysql_prepare_table, which is renamed to mysql_prepare_create_table.
2007-05-28 15:30:01 +04:00
|
|
|
lex->alter_info.key_list.push_back(key);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->col_list.empty(); /* Alloced by sql_alloc */
|
2006-03-30 20:55:54 +02:00
|
|
|
/* Only used for ALTER TABLE. Ignored otherwise. */
|
|
|
|
lex->alter_info.flags|= ALTER_FOREIGN_KEY;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| constraint opt_check_constraint
|
|
|
|
{
|
|
|
|
Lex->col_list.empty(); /* Alloced by sql_alloc */
|
|
|
|
}
|
|
|
|
| opt_constraint check_constraint
|
|
|
|
{
|
|
|
|
Lex->col_list.empty(); /* Alloced by sql_alloc */
|
|
|
|
}
|
|
|
|
;
|
2002-11-24 15:47:19 +02:00
|
|
|
|
2004-04-28 16:14:53 +01:00
|
|
|
opt_check_constraint:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| check_constraint
|
|
|
|
;
|
2004-04-28 16:14:53 +01:00
|
|
|
|
|
|
|
check_constraint:
|
2007-08-14 20:31:06 -06:00
|
|
|
CHECK_SYM expr
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_constraint:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=(char*) 0; }
|
|
|
|
| constraint { $$= $1; }
|
|
|
|
;
|
2004-05-05 21:24:21 +03:00
|
|
|
|
|
|
|
constraint:
|
2007-08-14 20:31:06 -06:00
|
|
|
CONSTRAINT opt_ident { $$=$2; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_spec:
|
2007-08-14 20:31:06 -06:00
|
|
|
field_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->length=lex->dec=0;
|
|
|
|
lex->type=0;
|
|
|
|
lex->default_value= lex->on_update_value= 0;
|
|
|
|
lex->comment=null_lex_str;
|
|
|
|
lex->charset=NULL;
|
|
|
|
}
|
|
|
|
type opt_attribute
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (add_field_to_list(lex->thd, &$1, (enum enum_field_types) $3,
|
|
|
|
lex->length,lex->dec,lex->type,
|
|
|
|
lex->default_value, lex->on_update_value,
|
|
|
|
&lex->comment,
|
|
|
|
lex->change,&lex->interval_list,lex->charset,
|
|
|
|
lex->uint_geom_type))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
type:
|
2008-04-01 12:19:20 -04:00
|
|
|
int_type opt_field_length field_options { $$=$1; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| real_type opt_precision field_options { $$=$1; }
|
|
|
|
| FLOAT_SYM float_options field_options { $$=MYSQL_TYPE_FLOAT; }
|
|
|
|
| BIT_SYM
|
2004-10-20 04:04:37 +03:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->length= (char*) "1";
|
|
|
|
$$=MYSQL_TYPE_BIT;
|
2004-10-20 04:04:37 +03:00
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| BIT_SYM field_length
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
$$=MYSQL_TYPE_BIT;
|
|
|
|
}
|
|
|
|
| BOOL_SYM
|
|
|
|
{
|
2008-04-09 18:24:50 -04:00
|
|
|
Lex->length= (char*) "1";
|
2007-08-14 20:31:06 -06:00
|
|
|
$$=MYSQL_TYPE_TINY;
|
|
|
|
}
|
|
|
|
| BOOLEAN_SYM
|
|
|
|
{
|
2008-04-09 18:24:50 -04:00
|
|
|
Lex->length= (char*) "1";
|
2007-08-14 20:31:06 -06:00
|
|
|
$$=MYSQL_TYPE_TINY;
|
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| char field_length opt_binary
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
$$=MYSQL_TYPE_STRING;
|
|
|
|
}
|
|
|
|
| char opt_binary
|
|
|
|
{
|
2008-04-09 18:24:50 -04:00
|
|
|
Lex->length= (char*) "1";
|
2007-08-14 20:31:06 -06:00
|
|
|
$$=MYSQL_TYPE_STRING;
|
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| nchar field_length opt_bin_mod
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
$$=MYSQL_TYPE_STRING;
|
|
|
|
Lex->charset=national_charset_info;
|
|
|
|
}
|
|
|
|
| nchar opt_bin_mod
|
|
|
|
{
|
2008-04-09 18:24:50 -04:00
|
|
|
Lex->length= (char*) "1";
|
2007-08-14 20:31:06 -06:00
|
|
|
$$=MYSQL_TYPE_STRING;
|
|
|
|
Lex->charset=national_charset_info;
|
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| BINARY field_length
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
$$=MYSQL_TYPE_STRING;
|
|
|
|
}
|
|
|
|
| BINARY
|
|
|
|
{
|
|
|
|
Lex->length= (char*) "1";
|
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
$$=MYSQL_TYPE_STRING;
|
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| varchar field_length opt_binary
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
$$= MYSQL_TYPE_VARCHAR;
|
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| nvarchar field_length opt_bin_mod
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
$$= MYSQL_TYPE_VARCHAR;
|
|
|
|
Lex->charset=national_charset_info;
|
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| VARBINARY field_length
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
$$= MYSQL_TYPE_VARCHAR;
|
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| YEAR_SYM opt_field_length field_options
|
2007-08-14 20:31:06 -06:00
|
|
|
{ $$=MYSQL_TYPE_YEAR; }
|
|
|
|
| DATE_SYM
|
|
|
|
{ $$=MYSQL_TYPE_DATE; }
|
|
|
|
| TIME_SYM
|
|
|
|
{ $$=MYSQL_TYPE_TIME; }
|
2008-04-01 12:19:20 -04:00
|
|
|
| TIMESTAMP opt_field_length
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
if (YYTHD->variables.sql_mode & MODE_MAXDB)
|
|
|
|
$$=MYSQL_TYPE_DATETIME;
|
|
|
|
else
|
2004-10-01 18:54:06 +04:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
Unlike other types TIMESTAMP fields are NOT NULL by default.
|
|
|
|
*/
|
|
|
|
Lex->type|= NOT_NULL_FLAG;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$=MYSQL_TYPE_TIMESTAMP;
|
2004-10-01 18:54:06 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| DATETIME
|
|
|
|
{ $$=MYSQL_TYPE_DATETIME; }
|
|
|
|
| TINYBLOB
|
|
|
|
{
|
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
$$=MYSQL_TYPE_TINY_BLOB;
|
|
|
|
}
|
2008-04-01 12:19:20 -04:00
|
|
|
| BLOB_SYM opt_field_length
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
$$=MYSQL_TYPE_BLOB;
|
|
|
|
}
|
|
|
|
| spatial_type
|
2004-10-20 04:04:37 +03:00
|
|
|
{
|
2004-01-15 21:06:22 +04:00
|
|
|
#ifdef HAVE_SPATIAL
|
2004-10-20 04:04:37 +03:00
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
Lex->uint_geom_type= (uint)$1;
|
2006-12-01 17:26:52 -08:00
|
|
|
$$=MYSQL_TYPE_GEOMETRY;
|
2004-01-15 21:06:22 +04:00
|
|
|
#else
|
2005-02-19 10:51:49 +01:00
|
|
|
my_error(ER_FEATURE_DISABLED, MYF(0),
|
2004-11-13 19:35:51 +02:00
|
|
|
sym_group_geom.name, sym_group_geom.needed_define);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-01-15 21:06:22 +04:00
|
|
|
#endif
|
2004-10-20 04:04:37 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MEDIUMBLOB
|
|
|
|
{
|
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
$$=MYSQL_TYPE_MEDIUM_BLOB;
|
|
|
|
}
|
|
|
|
| LONGBLOB
|
|
|
|
{
|
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
$$=MYSQL_TYPE_LONG_BLOB;
|
|
|
|
}
|
|
|
|
| LONG_SYM VARBINARY
|
|
|
|
{
|
|
|
|
Lex->charset=&my_charset_bin;
|
|
|
|
$$=MYSQL_TYPE_MEDIUM_BLOB;
|
|
|
|
}
|
|
|
|
| LONG_SYM varchar opt_binary
|
|
|
|
{ $$=MYSQL_TYPE_MEDIUM_BLOB; }
|
|
|
|
| TINYTEXT opt_binary
|
|
|
|
{ $$=MYSQL_TYPE_TINY_BLOB; }
|
2008-04-01 12:19:20 -04:00
|
|
|
| TEXT_SYM opt_field_length opt_binary
|
2007-08-14 20:31:06 -06:00
|
|
|
{ $$=MYSQL_TYPE_BLOB; }
|
|
|
|
| MEDIUMTEXT opt_binary
|
|
|
|
{ $$=MYSQL_TYPE_MEDIUM_BLOB; }
|
|
|
|
| LONGTEXT opt_binary
|
|
|
|
{ $$=MYSQL_TYPE_LONG_BLOB; }
|
|
|
|
| DECIMAL_SYM float_options field_options
|
|
|
|
{ $$=MYSQL_TYPE_NEWDECIMAL;}
|
|
|
|
| NUMERIC_SYM float_options field_options
|
|
|
|
{ $$=MYSQL_TYPE_NEWDECIMAL;}
|
|
|
|
| FIXED_SYM float_options field_options
|
|
|
|
{ $$=MYSQL_TYPE_NEWDECIMAL;}
|
|
|
|
| ENUM
|
|
|
|
{Lex->interval_list.empty();}
|
|
|
|
'(' string_list ')' opt_binary
|
|
|
|
{ $$=MYSQL_TYPE_ENUM; }
|
|
|
|
| SET
|
|
|
|
{ Lex->interval_list.empty();}
|
|
|
|
'(' string_list ')' opt_binary
|
|
|
|
{ $$=MYSQL_TYPE_SET; }
|
|
|
|
| LONG_SYM opt_binary
|
|
|
|
{ $$=MYSQL_TYPE_MEDIUM_BLOB; }
|
|
|
|
| SERIAL_SYM
|
|
|
|
{
|
|
|
|
$$=MYSQL_TYPE_LONGLONG;
|
|
|
|
Lex->type|= (AUTO_INCREMENT_FLAG | NOT_NULL_FLAG | UNSIGNED_FLAG |
|
|
|
|
UNIQUE_FLAG);
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-01-15 21:06:22 +04:00
|
|
|
spatial_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
GEOMETRY_SYM { $$= Field::GEOM_GEOMETRY; }
|
|
|
|
| GEOMETRYCOLLECTION { $$= Field::GEOM_GEOMETRYCOLLECTION; }
|
|
|
|
| POINT_SYM
|
|
|
|
{
|
2007-10-23 11:44:14 +03:00
|
|
|
Lex->length= (char*)"25";
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= Field::GEOM_POINT;
|
|
|
|
}
|
|
|
|
| MULTIPOINT { $$= Field::GEOM_MULTIPOINT; }
|
|
|
|
| LINESTRING { $$= Field::GEOM_LINESTRING; }
|
|
|
|
| MULTILINESTRING { $$= Field::GEOM_MULTILINESTRING; }
|
|
|
|
| POLYGON { $$= Field::GEOM_POLYGON; }
|
|
|
|
| MULTIPOLYGON { $$= Field::GEOM_MULTIPOLYGON; }
|
|
|
|
;
|
2004-01-15 21:06:22 +04:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
char:
|
2007-08-14 20:31:06 -06:00
|
|
|
CHAR_SYM {}
|
|
|
|
;
|
2003-03-20 19:31:01 +04:00
|
|
|
|
|
|
|
nchar:
|
2007-08-14 20:31:06 -06:00
|
|
|
NCHAR_SYM {}
|
|
|
|
| NATIONAL_SYM CHAR_SYM {}
|
|
|
|
;
|
2000-08-22 00:39:08 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
varchar:
|
2007-08-14 20:31:06 -06:00
|
|
|
char VARYING {}
|
|
|
|
| VARCHAR {}
|
|
|
|
;
|
2003-03-20 20:04:21 +04:00
|
|
|
|
|
|
|
nvarchar:
|
2007-08-14 20:31:06 -06:00
|
|
|
NATIONAL_SYM VARCHAR {}
|
|
|
|
| NVARCHAR_SYM {}
|
|
|
|
| NCHAR_SYM VARCHAR {}
|
|
|
|
| NATIONAL_SYM CHAR_SYM VARYING {}
|
|
|
|
| NCHAR_SYM VARYING {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
int_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
INT_SYM { $$=MYSQL_TYPE_LONG; }
|
|
|
|
| TINYINT { $$=MYSQL_TYPE_TINY; }
|
|
|
|
| SMALLINT { $$=MYSQL_TYPE_SHORT; }
|
|
|
|
| MEDIUMINT { $$=MYSQL_TYPE_INT24; }
|
|
|
|
| BIGINT { $$=MYSQL_TYPE_LONGLONG; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
real_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
REAL
|
|
|
|
{
|
|
|
|
$$= YYTHD->variables.sql_mode & MODE_REAL_AS_FLOAT ?
|
|
|
|
MYSQL_TYPE_FLOAT : MYSQL_TYPE_DOUBLE;
|
|
|
|
}
|
|
|
|
| DOUBLE_SYM
|
|
|
|
{ $$=MYSQL_TYPE_DOUBLE; }
|
|
|
|
| DOUBLE_SYM PRECISION
|
|
|
|
{ $$=MYSQL_TYPE_DOUBLE; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
float_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{ Lex->dec=Lex->length= (char*)0; }
|
2008-04-01 12:19:20 -04:00
|
|
|
| field_length
|
|
|
|
{ Lex->dec= (char*)0; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| precision
|
|
|
|
{}
|
|
|
|
;
|
2001-06-15 05:03:15 +03:00
|
|
|
|
|
|
|
precision:
|
2007-08-14 20:31:06 -06:00
|
|
|
'(' NUM ',' NUM ')'
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->length=$2.str;
|
|
|
|
lex->dec=$4.str;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| field_opt_list {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_opt_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
field_opt_list field_option {}
|
|
|
|
| field_option {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
SIGNED_SYM {}
|
|
|
|
| UNSIGNED { Lex->type|= UNSIGNED_FLAG;}
|
|
|
|
| ZEROFILL { Lex->type|= UNSIGNED_FLAG | ZEROFILL_FLAG; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2008-04-01 12:19:20 -04:00
|
|
|
field_length:
|
|
|
|
'(' LONG_NUM ')' { Lex->length= $2.str; }
|
|
|
|
| '(' ULONGLONG_NUM ')' { Lex->length= $2.str; }
|
|
|
|
| '(' DECIMAL_NUM ')' { Lex->length= $2.str; }
|
|
|
|
| '(' NUM ')' { Lex->length= $2.str; };
|
|
|
|
|
|
|
|
opt_field_length:
|
|
|
|
/* empty */ { Lex->length=(char*) 0; /* use default length */ }
|
|
|
|
| field_length { }
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_precision:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| precision {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_attribute:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| opt_attribute_list {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_attribute_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_attribute_list attribute {}
|
|
|
|
| attribute
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
attribute:
|
2007-08-14 20:31:06 -06:00
|
|
|
NULL_SYM { Lex->type&= ~ NOT_NULL_FLAG; }
|
|
|
|
| not NULL_SYM { Lex->type|= NOT_NULL_FLAG; }
|
|
|
|
| DEFAULT now_or_signed_literal { Lex->default_value=$2; }
|
|
|
|
| ON UPDATE_SYM NOW_SYM optional_braces
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
Item *item= new (YYTHD->mem_root) Item_func_now_local();
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->on_update_value= item;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| AUTO_INC { Lex->type|= AUTO_INCREMENT_FLAG | NOT_NULL_FLAG; }
|
|
|
|
| SERIAL_SYM DEFAULT VALUE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->type|= AUTO_INCREMENT_FLAG | NOT_NULL_FLAG | UNIQUE_FLAG;
|
|
|
|
lex->alter_info.flags|= ALTER_ADD_INDEX;
|
|
|
|
}
|
|
|
|
| opt_primary KEY_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->type|= PRI_KEY_FLAG | NOT_NULL_FLAG;
|
|
|
|
lex->alter_info.flags|= ALTER_ADD_INDEX;
|
|
|
|
}
|
|
|
|
| UNIQUE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->type|= UNIQUE_FLAG;
|
|
|
|
lex->alter_info.flags|= ALTER_ADD_INDEX;
|
|
|
|
}
|
|
|
|
| UNIQUE_SYM KEY_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->type|= UNIQUE_KEY_FLAG;
|
|
|
|
lex->alter_info.flags|= ALTER_ADD_INDEX;
|
|
|
|
}
|
|
|
|
| COMMENT_SYM TEXT_STRING_sys { Lex->comment= $2; }
|
|
|
|
| COLLATE_SYM collation_name
|
|
|
|
{
|
|
|
|
if (Lex->charset && !my_charset_same(Lex->charset,$2))
|
|
|
|
{
|
|
|
|
my_error(ER_COLLATION_CHARSET_MISMATCH, MYF(0),
|
2004-11-13 19:35:51 +02:00
|
|
|
$2->name,Lex->charset->csname);
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
Lex->charset=$2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-04-02 10:12:53 +04:00
|
|
|
now_or_signed_literal:
|
2007-08-14 20:31:06 -06:00
|
|
|
NOW_SYM optional_braces
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_now_local();
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| signed_literal
|
|
|
|
{ $$=$1; }
|
2004-04-02 10:12:53 +04:00
|
|
|
;
|
|
|
|
|
2003-03-05 16:43:10 +04:00
|
|
|
charset:
|
2007-08-14 20:31:06 -06:00
|
|
|
CHAR_SYM SET {}
|
|
|
|
| CHARSET {}
|
|
|
|
;
|
2002-11-25 12:11:16 +02:00
|
|
|
|
2002-09-12 19:36:22 +05:00
|
|
|
charset_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_or_text
|
|
|
|
{
|
|
|
|
if (!($$=get_charset_by_csname($1.str,MY_CS_PRIMARY,MYF(0))))
|
|
|
|
{
|
|
|
|
my_error(ER_UNKNOWN_CHARACTER_SET, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| BINARY { $$= &my_charset_bin; }
|
|
|
|
;
|
2002-06-20 18:47:55 +05:00
|
|
|
|
2002-09-12 19:36:22 +05:00
|
|
|
charset_name_or_default:
|
2007-08-14 20:31:06 -06:00
|
|
|
charset_name { $$=$1; }
|
|
|
|
| DEFAULT { $$=NULL; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-02-28 17:06:57 +04:00
|
|
|
opt_load_data_charset:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ { $$= NULL; }
|
|
|
|
| charset charset_name_or_default { $$= $2; }
|
|
|
|
;
|
2003-04-05 18:56:15 +05:00
|
|
|
|
|
|
|
old_or_new_charset_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_or_text
|
|
|
|
{
|
|
|
|
if (!($$=get_charset_by_csname($1.str,MY_CS_PRIMARY,MYF(0))) &&
|
|
|
|
!($$=get_old_charset_by_name($1.str)))
|
|
|
|
{
|
|
|
|
my_error(ER_UNKNOWN_CHARACTER_SET, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| BINARY { $$= &my_charset_bin; }
|
|
|
|
;
|
2003-04-05 18:56:15 +05:00
|
|
|
|
|
|
|
old_or_new_charset_name_or_default:
|
2007-08-14 20:31:06 -06:00
|
|
|
old_or_new_charset_name { $$=$1; }
|
|
|
|
| DEFAULT { $$=NULL; }
|
|
|
|
;
|
2003-04-05 18:56:15 +05:00
|
|
|
|
2003-01-09 15:37:59 +04:00
|
|
|
collation_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_or_text
|
|
|
|
{
|
|
|
|
if (!($$=get_charset_by_name($1.str,MYF(0))))
|
|
|
|
{
|
|
|
|
my_error(ER_UNKNOWN_COLLATION, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
2003-01-09 15:37:59 +04:00
|
|
|
|
2003-03-05 12:37:39 +04:00
|
|
|
opt_collate:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=NULL; }
|
|
|
|
| COLLATE_SYM collation_name_or_default { $$=$2; }
|
|
|
|
;
|
2003-03-05 12:37:39 +04:00
|
|
|
|
2003-01-09 15:37:59 +04:00
|
|
|
collation_name_or_default:
|
2007-08-14 20:31:06 -06:00
|
|
|
collation_name { $$=$1; }
|
|
|
|
| DEFAULT { $$=NULL; }
|
|
|
|
;
|
2003-01-09 15:37:59 +04:00
|
|
|
|
2002-10-24 14:22:42 +05:00
|
|
|
opt_default:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| DEFAULT {}
|
|
|
|
;
|
2002-10-24 14:22:42 +05:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
opt_binary:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->charset=NULL; }
|
|
|
|
| ASCII_SYM opt_bin_mod { Lex->charset=&my_charset_latin1; }
|
|
|
|
| BYTE_SYM { Lex->charset=&my_charset_bin; }
|
|
|
|
| UNICODE_SYM opt_bin_mod
|
|
|
|
{
|
|
|
|
if (!(Lex->charset=get_charset_by_csname("ucs2",
|
|
|
|
MY_CS_PRIMARY,MYF(0))))
|
|
|
|
{
|
|
|
|
my_error(ER_UNKNOWN_CHARACTER_SET, MYF(0), "ucs2");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| charset charset_name opt_bin_mod { Lex->charset=$2; }
|
|
|
|
| BINARY opt_bin_charset { Lex->type|= BINCMP_FLAG; }
|
|
|
|
;
|
2005-08-27 07:26:14 +01:00
|
|
|
|
|
|
|
opt_bin_mod:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { }
|
|
|
|
| BINARY { Lex->type|= BINCMP_FLAG; }
|
|
|
|
;
|
2005-08-27 07:26:14 +01:00
|
|
|
|
|
|
|
opt_bin_charset:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->charset= NULL; }
|
|
|
|
| ASCII_SYM { Lex->charset=&my_charset_latin1; }
|
|
|
|
| UNICODE_SYM
|
|
|
|
{
|
|
|
|
if (!(Lex->charset=get_charset_by_csname("ucs2",
|
|
|
|
MY_CS_PRIMARY,MYF(0))))
|
|
|
|
{
|
|
|
|
my_error(ER_UNKNOWN_CHARACTER_SET, MYF(0), "ucs2");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
2007-08-24 09:08:11 -06:00
|
|
|
| charset charset_name { Lex->charset=$2; }
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-11-25 12:11:16 +02:00
|
|
|
opt_primary:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| PRIMARY_SYM
|
|
|
|
;
|
2002-11-25 12:11:16 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
references:
|
2007-08-14 20:31:06 -06:00
|
|
|
REFERENCES table_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->fk_delete_opt= lex->fk_update_opt= lex->fk_match_option= 0;
|
|
|
|
lex->ref_list.empty();
|
|
|
|
}
|
|
|
|
opt_ref_list
|
|
|
|
{
|
|
|
|
$$=$2;
|
|
|
|
}
|
|
|
|
;
|
2002-12-05 01:14:51 +03:00
|
|
|
|
2002-06-02 21:22:20 +03:00
|
|
|
opt_ref_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ opt_on_delete {}
|
|
|
|
| '(' ref_list ')' opt_on_delete {}
|
|
|
|
;
|
2002-06-02 21:22:20 +03:00
|
|
|
|
|
|
|
ref_list:
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
ref_list ',' ident
|
|
|
|
{
|
|
|
|
Key_part_spec *key= new Key_part_spec($3.str);
|
|
|
|
if (key == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->ref_list.push_back(key);
|
|
|
|
}
|
|
|
|
| ident
|
|
|
|
{
|
|
|
|
Key_part_spec *key= new Key_part_spec($1.str);
|
|
|
|
if (key == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->ref_list.push_back(key);
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_on_delete:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| opt_on_delete_list {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_on_delete_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_on_delete_list opt_on_delete_item {}
|
|
|
|
| opt_on_delete_item {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_on_delete_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
ON DELETE_SYM delete_option { Lex->fk_delete_opt= $3; }
|
|
|
|
| ON UPDATE_SYM delete_option { Lex->fk_update_opt= $3; }
|
|
|
|
| MATCH FULL { Lex->fk_match_option= Foreign_key::FK_MATCH_FULL; }
|
|
|
|
| MATCH PARTIAL { Lex->fk_match_option= Foreign_key::FK_MATCH_PARTIAL; }
|
|
|
|
| MATCH SIMPLE_SYM { Lex->fk_match_option= Foreign_key::FK_MATCH_SIMPLE; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
delete_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
RESTRICT { $$= (int) Foreign_key::FK_OPTION_RESTRICT; }
|
|
|
|
| CASCADE { $$= (int) Foreign_key::FK_OPTION_CASCADE; }
|
|
|
|
| SET NULL_SYM { $$= (int) Foreign_key::FK_OPTION_SET_NULL; }
|
|
|
|
| NO_SYM ACTION { $$= (int) Foreign_key::FK_OPTION_NO_ACTION; }
|
|
|
|
| SET DEFAULT { $$= (int) Foreign_key::FK_OPTION_DEFAULT; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
key_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
key_or_index { $$= Key::MULTIPLE; }
|
|
|
|
| FULLTEXT_SYM opt_key_or_index { $$= Key::FULLTEXT; }
|
|
|
|
| SPATIAL_SYM opt_key_or_index
|
|
|
|
{
|
2004-01-15 21:06:22 +04:00
|
|
|
#ifdef HAVE_SPATIAL
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= Key::SPATIAL;
|
2004-01-15 21:06:22 +04:00
|
|
|
#else
|
2007-08-14 20:31:06 -06:00
|
|
|
my_error(ER_FEATURE_DISABLED, MYF(0),
|
2004-11-13 19:35:51 +02:00
|
|
|
sym_group_geom.name, sym_group_geom.needed_define);
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
2004-01-15 21:06:22 +04:00
|
|
|
#endif
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2003-12-02 19:06:24 +04:00
|
|
|
|
|
|
|
constraint_key_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
PRIMARY_SYM KEY_SYM { $$= Key::PRIMARY; }
|
|
|
|
| UNIQUE_SYM opt_key_or_index { $$= Key::UNIQUE; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
key_or_index:
|
2007-08-14 20:31:06 -06:00
|
|
|
KEY_SYM {}
|
|
|
|
| INDEX_SYM {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-01-23 16:02:57 +04:00
|
|
|
opt_key_or_index:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| key_or_index
|
|
|
|
;
|
2004-01-23 16:02:57 +04:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
keys_or_index:
|
2007-08-14 20:31:06 -06:00
|
|
|
KEYS {}
|
|
|
|
| INDEX_SYM {}
|
|
|
|
| INDEXES {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2000-08-28 17:43:58 +04:00
|
|
|
opt_unique_or_fulltext:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= Key::MULTIPLE; }
|
|
|
|
| UNIQUE_SYM { $$= Key::UNIQUE; }
|
|
|
|
| FULLTEXT_SYM { $$= Key::FULLTEXT;}
|
|
|
|
| SPATIAL_SYM
|
|
|
|
{
|
2004-01-15 21:06:22 +04:00
|
|
|
#ifdef HAVE_SPATIAL
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= Key::SPATIAL;
|
2004-01-15 21:06:22 +04:00
|
|
|
#else
|
2005-02-19 10:51:49 +01:00
|
|
|
my_error(ER_FEATURE_DISABLED, MYF(0),
|
2004-10-20 04:04:37 +03:00
|
|
|
sym_group_geom.name, sym_group_geom.needed_define);
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
2004-01-15 21:06:22 +04:00
|
|
|
#endif
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2003-06-16 00:13:23 +02:00
|
|
|
;
|
2002-02-22 15:24:42 +04:00
|
|
|
|
2006-05-03 15:59:17 +03:00
|
|
|
init_key_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Lex->key_create_info= default_key_create_info;
|
|
|
|
}
|
|
|
|
;
|
2006-05-03 15:59:17 +03:00
|
|
|
|
|
|
|
/*
|
2006-05-03 19:40:52 +03:00
|
|
|
For now, key_alg initializies lex->key_create_info.
|
2006-05-03 15:59:17 +03:00
|
|
|
In the future, when all key options are after key definition,
|
|
|
|
we can remove key_alg and move init_key_options to key_options
|
|
|
|
*/
|
|
|
|
|
2002-02-22 15:24:42 +04:00
|
|
|
key_alg:
|
2007-08-14 20:31:06 -06:00
|
|
|
init_key_options
|
|
|
|
| init_key_options key_using_alg
|
|
|
|
;
|
2006-05-03 15:59:17 +03:00
|
|
|
|
|
|
|
key_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| key_opts
|
|
|
|
;
|
2006-05-03 15:59:17 +03:00
|
|
|
|
|
|
|
key_opts:
|
2007-08-14 20:31:06 -06:00
|
|
|
key_opt
|
|
|
|
| key_opts key_opt
|
|
|
|
;
|
2006-05-08 16:06:16 -04:00
|
|
|
|
|
|
|
key_using_alg:
|
2007-08-14 20:31:06 -06:00
|
|
|
USING btree_or_rtree { Lex->key_create_info.algorithm= $2; }
|
|
|
|
| TYPE_SYM btree_or_rtree { Lex->key_create_info.algorithm= $2; }
|
2006-05-08 16:06:16 -04:00
|
|
|
;
|
|
|
|
|
2006-05-03 15:59:17 +03:00
|
|
|
key_opt:
|
2007-08-14 20:31:06 -06:00
|
|
|
key_using_alg
|
|
|
|
| KEY_BLOCK_SIZE opt_equal ulong_num
|
|
|
|
{ Lex->key_create_info.block_size= $3; }
|
|
|
|
| WITH PARSER_SYM IDENT_sys
|
2006-05-03 15:59:17 +03:00
|
|
|
{
|
|
|
|
if (plugin_is_ready(&$3, MYSQL_FTPARSER_PLUGIN))
|
2006-05-03 19:40:52 +03:00
|
|
|
Lex->key_create_info.parser_name= $3;
|
2006-05-03 15:59:17 +03:00
|
|
|
else
|
|
|
|
{
|
|
|
|
my_error(ER_FUNCTION_NOT_DEFINED, MYF(0), $3.str);
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-05-03 15:59:17 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2006-05-08 16:06:16 -04:00
|
|
|
btree_or_rtree:
|
2007-08-14 20:31:06 -06:00
|
|
|
BTREE_SYM { $$= HA_KEY_ALG_BTREE; }
|
|
|
|
| RTREE_SYM { $$= HA_KEY_ALG_RTREE; }
|
|
|
|
| HASH_SYM { $$= HA_KEY_ALG_HASH; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
key_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
key_list ',' key_part order_dir { Lex->col_list.push_back($3); }
|
|
|
|
| key_part order_dir { Lex->col_list.push_back($1); }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
key_part:
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
$$= new Key_part_spec($1.str);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ident '(' NUM ')'
|
2004-10-26 12:16:35 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
int key_part_len= atoi($3.str);
|
|
|
|
if (!key_part_len)
|
|
|
|
{
|
|
|
|
my_error(ER_KEY_PART_0, MYF(0), $1.str);
|
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new Key_part_spec($1.str,(uint) key_part_len);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2004-10-26 12:16:35 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=(char*) 0; /* Default length */ }
|
|
|
|
| field_ident { $$=$1.str; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-07-06 19:09:57 +03:00
|
|
|
opt_component:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= null_lex_str; }
|
|
|
|
| '.' ident { $$= $2; }
|
|
|
|
;
|
2003-09-03 11:34:32 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
string_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
text_string { Lex->interval_list.push_back($1); }
|
|
|
|
| string_list ',' text_string { Lex->interval_list.push_back($3); };
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
** Alter table
|
|
|
|
*/
|
|
|
|
|
|
|
|
alter:
|
2007-08-14 20:31:06 -06:00
|
|
|
ALTER opt_ignore TABLE_SYM table_ident
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
lex->name.str= 0;
|
|
|
|
lex->name.length= 0;
|
|
|
|
lex->sql_command= SQLCOM_ALTER_TABLE;
|
|
|
|
lex->duplicates= DUP_ERROR;
|
|
|
|
if (!lex->select_lex.add_table_to_list(thd, $4, NULL,
|
|
|
|
TL_OPTION_UPDATING))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->alter_info.reset();
|
|
|
|
lex->col_list.empty();
|
|
|
|
lex->select_lex.init_order();
|
|
|
|
lex->select_lex.db=
|
|
|
|
((TABLE_LIST*) lex->select_lex.table_list.first)->db;
|
|
|
|
bzero((char*) &lex->create_info,sizeof(lex->create_info));
|
|
|
|
lex->create_info.db_type= 0;
|
|
|
|
lex->create_info.default_table_charset= NULL;
|
|
|
|
lex->create_info.row_type= ROW_TYPE_NOT_USED;
|
|
|
|
lex->alter_info.reset();
|
|
|
|
lex->no_write_to_binlog= 0;
|
2007-08-24 09:08:11 -06:00
|
|
|
lex->create_info.storage_media= HA_SM_DEFAULT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
alter_commands
|
|
|
|
{}
|
|
|
|
| ALTER DATABASE ident_or_empty
|
2004-08-27 20:48:19 +05:00
|
|
|
{
|
|
|
|
Lex->create_info.default_table_charset= NULL;
|
|
|
|
Lex->create_info.used_fields= 0;
|
|
|
|
}
|
2007-07-12 01:10:29 +04:00
|
|
|
create_database_options
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command=SQLCOM_ALTER_DB;
|
|
|
|
lex->name= $3;
|
2006-10-16 19:57:33 +03:00
|
|
|
if (lex->name.str == NULL &&
|
2007-07-16 23:31:36 +04:00
|
|
|
lex->copy_db_to(&lex->name.str, &lex->name.length))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-09-10 16:10:37 -06:00
|
|
|
| ALTER DATABASE ident UPGRADE_SYM DATA_SYM DIRECTORY_SYM NAME_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_DROP_SP, MYF(0), "DATABASE");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command= SQLCOM_ALTER_DB_UPGRADE;
|
|
|
|
lex->name= $3;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ALTER PROCEDURE sp_name
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_DROP_SP, MYF(0), "PROCEDURE");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
bzero((char *)&lex->sp_chistics, sizeof(st_sp_chistics));
|
|
|
|
}
|
|
|
|
sp_a_chistics
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2002-06-27 14:41:02 +05:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sql_command= SQLCOM_ALTER_PROCEDURE;
|
|
|
|
lex->spname= $3;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ALTER FUNCTION_SYM sp_name
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_DROP_SP, MYF(0), "FUNCTION");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
bzero((char *)&lex->sp_chistics, sizeof(st_sp_chistics));
|
|
|
|
}
|
|
|
|
sp_a_chistics
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
|
|
|
|
lex->sql_command= SQLCOM_ALTER_FUNCTION;
|
|
|
|
lex->spname= $3;
|
|
|
|
}
|
2007-10-16 20:47:08 -06:00
|
|
|
| ALTER view_algorithm definer_opt
|
2007-03-09 15:52:50 +03:00
|
|
|
{
|
2007-06-22 15:23:51 +02:00
|
|
|
LEX *lex= Lex;
|
|
|
|
|
|
|
|
if (lex->sphead)
|
2007-06-22 11:55:48 +02:00
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "ALTER VIEW");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-06-22 15:23:51 +02:00
|
|
|
lex->create_view_mode= VIEW_ALTER;
|
2007-03-09 15:52:50 +03:00
|
|
|
}
|
|
|
|
view_tail
|
|
|
|
{}
|
2007-10-16 20:47:08 -06:00
|
|
|
| ALTER definer_opt
|
2007-03-09 15:52:50 +03:00
|
|
|
/*
|
|
|
|
We have two separate rules for ALTER VIEW rather that
|
|
|
|
optional view_algorithm above, to resolve the ambiguity
|
|
|
|
with the ALTER EVENT below.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2007-06-22 15:38:23 +02:00
|
|
|
|
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "ALTER VIEW");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-03-09 15:52:50 +03:00
|
|
|
lex->create_view_algorithm= VIEW_ALGORITHM_UNDEFINED;
|
|
|
|
lex->create_view_mode= VIEW_ALTER;
|
|
|
|
}
|
|
|
|
view_tail
|
|
|
|
{}
|
2007-10-16 20:47:08 -06:00
|
|
|
| ALTER definer_opt EVENT_SYM sp_name
|
2005-12-02 13:07:02 +01:00
|
|
|
{
|
2006-07-13 10:59:58 +02:00
|
|
|
/*
|
2006-08-17 14:22:59 +02:00
|
|
|
It is safe to use Lex->spname because
|
|
|
|
ALTER EVENT xxx RENATE TO yyy DO ALTER EVENT RENAME TO
|
|
|
|
is not allowed. Lex->spname is used in the case of RENAME TO
|
|
|
|
If it had to be supported spname had to be added to
|
|
|
|
Event_parse_data.
|
2006-07-13 10:59:58 +02:00
|
|
|
*/
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2006-06-27 10:53:26 +02:00
|
|
|
if (!(Lex->event_parse_data= Event_parse_data::new_instance(YYTHD)))
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-02-02 20:43:33 +03:00
|
|
|
Lex->event_parse_data->identifier= $4;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2006-06-29 11:53:51 +02:00
|
|
|
Lex->sql_command= SQLCOM_ALTER_EVENT;
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
2006-01-20 16:12:44 +01:00
|
|
|
ev_alter_on_schedule_completion
|
|
|
|
opt_ev_rename_to
|
|
|
|
opt_ev_status
|
|
|
|
opt_ev_comment
|
|
|
|
opt_ev_sql_stmt
|
2005-12-02 13:07:02 +01:00
|
|
|
{
|
2007-02-02 20:43:33 +03:00
|
|
|
if (!($6 || $7 || $8 || $9 || $10))
|
2005-12-28 13:43:27 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-12-28 13:43:27 +02:00
|
|
|
}
|
2006-06-29 11:53:51 +02:00
|
|
|
/*
|
|
|
|
sql_command is set here because some rules in ev_sql_stmt
|
|
|
|
can overwrite it
|
|
|
|
*/
|
2005-12-05 11:45:04 +01:00
|
|
|
Lex->sql_command= SQLCOM_ALTER_EVENT;
|
2006-01-11 12:01:36 +01:00
|
|
|
}
|
2006-01-11 11:35:25 +01:00
|
|
|
| ALTER TABLESPACE alter_tablespace_info
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_cmd_type= ALTER_TABLESPACE;
|
|
|
|
}
|
2007-02-23 22:48:15 +02:00
|
|
|
| ALTER LOGFILE_SYM GROUP_SYM alter_logfile_group_info
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_cmd_type= ALTER_LOGFILE_GROUP;
|
|
|
|
}
|
|
|
|
| ALTER TABLESPACE change_tablespace_info
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_cmd_type= CHANGE_FILE_TABLESPACE;
|
|
|
|
}
|
2006-02-14 13:19:54 +01:00
|
|
|
| ALTER TABLESPACE change_tablespace_access
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_cmd_type= ALTER_ACCESS_MODE_TABLESPACE;
|
|
|
|
}
|
2006-12-01 19:47:45 -05:00
|
|
|
| ALTER SERVER_SYM ident_or_text OPTIONS_SYM '(' server_options_list ')'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2007-01-29 01:47:35 +02:00
|
|
|
lex->sql_command= SQLCOM_ALTER_SERVER;
|
|
|
|
lex->server_options.server_name= $3.str;
|
|
|
|
lex->server_options.server_name_length= $3.length;
|
2006-12-01 19:47:45 -05:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2005-12-02 13:07:02 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
ev_alter_on_schedule_completion:
|
|
|
|
/* empty */ { $$= 0;}
|
2006-02-14 13:19:54 +01:00
|
|
|
| ON SCHEDULE_SYM ev_schedule_time { $$= 1; }
|
|
|
|
| ev_on_completion { $$= 1; }
|
|
|
|
| ON SCHEDULE_SYM ev_schedule_time ev_on_completion { $$= 1; }
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-01-11 12:49:56 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_ev_rename_to:
|
|
|
|
/* empty */ { $$= 0;}
|
2005-12-02 13:07:02 +01:00
|
|
|
| RENAME TO_SYM sp_name
|
|
|
|
{
|
2006-08-17 14:22:59 +02:00
|
|
|
/*
|
|
|
|
Use lex's spname to hold the new name.
|
|
|
|
The original name is in the Event_parse_data object
|
|
|
|
*/
|
|
|
|
Lex->spname= $3;
|
2006-02-14 13:19:54 +01:00
|
|
|
$$= 1;
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_ev_sql_stmt:
|
|
|
|
/* empty*/ { $$= 0;}
|
2006-02-14 13:19:54 +01:00
|
|
|
| DO_SYM ev_sql_stmt { $$= 1; }
|
2006-01-11 12:49:56 +01:00
|
|
|
;
|
2005-12-28 13:43:27 +02:00
|
|
|
|
2004-12-06 19:01:51 +03:00
|
|
|
ident_or_empty:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$.str= 0; $$.length= 0; }
|
|
|
|
| ident { $$= $1; }
|
|
|
|
;
|
2004-12-06 19:01:51 +03:00
|
|
|
|
2005-07-18 13:31:02 +02:00
|
|
|
alter_commands:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| DISCARD TABLESPACE { Lex->alter_info.tablespace_op= DISCARD_TABLESPACE; }
|
|
|
|
| IMPORT TABLESPACE { Lex->alter_info.tablespace_op= IMPORT_TABLESPACE; }
|
2005-07-18 13:31:02 +02:00
|
|
|
| alter_list
|
2006-01-17 08:40:00 +01:00
|
|
|
opt_partitioning
|
2006-03-20 14:36:21 -05:00
|
|
|
| alter_list
|
|
|
|
remove_partitioning
|
|
|
|
| remove_partitioning
|
2005-07-18 13:31:02 +02:00
|
|
|
| partitioning
|
2005-08-19 10:26:05 -04:00
|
|
|
/*
|
2006-12-07 13:57:39 +01:00
|
|
|
This part was added for release 5.1 by Mikael Ronström.
|
2005-08-19 10:26:05 -04:00
|
|
|
From here we insert a number of commands to manage the partitions of a
|
|
|
|
partitioned table such as adding partitions, dropping partitions,
|
|
|
|
reorganising partitions in various manners. In future releases the list
|
|
|
|
will be longer and also include moving partitions to a
|
|
|
|
new table and so forth.
|
|
|
|
*/
|
|
|
|
| add_partition_rule
|
|
|
|
| DROP PARTITION_SYM alt_part_name_list
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->alter_info.flags|= ALTER_DROP_PARTITION;
|
2005-08-19 10:26:05 -04:00
|
|
|
}
|
2006-01-17 08:40:00 +01:00
|
|
|
| REBUILD_SYM PARTITION_SYM opt_no_write_to_binlog
|
|
|
|
all_or_alt_part_name_list
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_REBUILD_PARTITION;
|
2006-01-17 08:40:00 +01:00
|
|
|
lex->no_write_to_binlog= $3;
|
|
|
|
}
|
|
|
|
| OPTIMIZE PARTITION_SYM opt_no_write_to_binlog
|
|
|
|
all_or_alt_part_name_list
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2008-08-11 20:02:03 +02:00
|
|
|
lex->sql_command = SQLCOM_OPTIMIZE;
|
2008-10-10 20:12:38 +02:00
|
|
|
lex->alter_info.flags|= ALTER_ADMIN_PARTITION;
|
2006-01-17 08:40:00 +01:00
|
|
|
lex->no_write_to_binlog= $3;
|
|
|
|
lex->check_opt.init();
|
|
|
|
}
|
2007-11-27 10:14:46 +04:00
|
|
|
opt_no_write_to_binlog
|
2006-01-17 08:40:00 +01:00
|
|
|
| ANALYZE_SYM PARTITION_SYM opt_no_write_to_binlog
|
|
|
|
all_or_alt_part_name_list
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2008-08-11 20:02:03 +02:00
|
|
|
lex->sql_command = SQLCOM_ANALYZE;
|
2008-10-10 20:12:38 +02:00
|
|
|
lex->alter_info.flags|= ALTER_ADMIN_PARTITION;
|
2006-01-17 08:40:00 +01:00
|
|
|
lex->no_write_to_binlog= $3;
|
|
|
|
lex->check_opt.init();
|
|
|
|
}
|
|
|
|
| CHECK_SYM PARTITION_SYM all_or_alt_part_name_list
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2008-08-11 20:02:03 +02:00
|
|
|
lex->sql_command = SQLCOM_CHECK;
|
2008-10-10 20:12:38 +02:00
|
|
|
lex->alter_info.flags|= ALTER_ADMIN_PARTITION;
|
2006-01-17 08:40:00 +01:00
|
|
|
lex->check_opt.init();
|
|
|
|
}
|
|
|
|
opt_mi_check_type
|
|
|
|
| REPAIR PARTITION_SYM opt_no_write_to_binlog
|
|
|
|
all_or_alt_part_name_list
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2008-08-11 20:02:03 +02:00
|
|
|
lex->sql_command = SQLCOM_REPAIR;
|
2008-10-10 20:12:38 +02:00
|
|
|
lex->alter_info.flags|= ALTER_ADMIN_PARTITION;
|
2006-01-17 08:40:00 +01:00
|
|
|
lex->no_write_to_binlog= $3;
|
|
|
|
lex->check_opt.init();
|
|
|
|
}
|
|
|
|
opt_mi_repair_type
|
2006-08-07 12:02:28 -04:00
|
|
|
| COALESCE PARTITION_SYM opt_no_write_to_binlog real_ulong_num
|
2005-08-19 10:26:05 -04:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_COALESCE_PARTITION;
|
2006-01-17 08:40:00 +01:00
|
|
|
lex->no_write_to_binlog= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.no_parts= $4;
|
2005-08-19 10:26:05 -04:00
|
|
|
}
|
|
|
|
| reorg_partition_rule
|
2005-07-18 13:31:02 +02:00
|
|
|
;
|
|
|
|
|
2006-03-20 14:36:21 -05:00
|
|
|
remove_partitioning:
|
2007-08-14 20:31:06 -06:00
|
|
|
REMOVE_SYM PARTITIONING_SYM
|
|
|
|
{
|
|
|
|
Lex->alter_info.flags|= ALTER_REMOVE_PARTITIONING;
|
|
|
|
}
|
2006-03-20 14:36:21 -05:00
|
|
|
;
|
|
|
|
|
2006-01-17 08:40:00 +01:00
|
|
|
all_or_alt_part_name_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
ALL
|
|
|
|
{
|
|
|
|
Lex->alter_info.flags|= ALTER_ALL_PARTITION;
|
|
|
|
}
|
2006-01-17 08:40:00 +01:00
|
|
|
| alt_part_name_list
|
|
|
|
;
|
|
|
|
|
2005-08-19 10:26:05 -04:00
|
|
|
add_partition_rule:
|
2007-08-14 20:31:06 -06:00
|
|
|
ADD PARTITION_SYM opt_no_write_to_binlog
|
2005-08-19 10:26:05 -04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->part_info= new partition_info();
|
|
|
|
if (!lex->part_info)
|
|
|
|
{
|
|
|
|
mem_alloc_error(sizeof(partition_info));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->alter_info.flags|= ALTER_ADD_PARTITION;
|
|
|
|
lex->no_write_to_binlog= $3;
|
2005-08-19 10:26:05 -04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
add_part_extra
|
|
|
|
{}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
|
|
|
|
|
|
|
add_part_extra:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
2005-08-19 10:26:05 -04:00
|
|
|
| '(' part_def_list ')'
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->part_info->no_parts= lex->part_info->partitions.elements;
|
|
|
|
}
|
2006-08-07 12:02:28 -04:00
|
|
|
| PARTITIONS_SYM real_ulong_num
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->part_info->no_parts= $2;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
|
|
|
|
|
|
|
reorg_partition_rule:
|
2007-08-14 20:31:06 -06:00
|
|
|
REORGANIZE_SYM PARTITION_SYM opt_no_write_to_binlog
|
2005-08-19 10:26:05 -04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->part_info= new partition_info();
|
|
|
|
if (!lex->part_info)
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
mem_alloc_error(sizeof(partition_info));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->no_write_to_binlog= $3;
|
2005-08-19 10:26:05 -04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
reorg_parts_rule
|
2006-01-17 08:40:00 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
reorg_parts_rule:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{
|
|
|
|
Lex->alter_info.flags|= ALTER_TABLE_REORG;
|
|
|
|
}
|
|
|
|
| alt_part_name_list
|
|
|
|
{
|
|
|
|
Lex->alter_info.flags|= ALTER_REORGANIZE_PARTITION;
|
|
|
|
}
|
|
|
|
INTO '(' part_def_list ')'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->part_info->no_parts= lex->part_info->partitions.elements;
|
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
|
|
|
|
|
|
|
alt_part_name_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
alt_part_name_item {}
|
2005-08-19 10:26:05 -04:00
|
|
|
| alt_part_name_list ',' alt_part_name_item {}
|
|
|
|
;
|
|
|
|
|
|
|
|
alt_part_name_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
2006-01-17 08:40:00 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (Lex->alter_info.partition_names.push_back($1.str))
|
|
|
|
{
|
|
|
|
mem_alloc_error(1);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-01-17 08:40:00 +01:00
|
|
|
}
|
2005-08-19 10:26:05 -04:00
|
|
|
;
|
|
|
|
|
|
|
|
/*
|
|
|
|
End of management of partition commands
|
|
|
|
*/
|
|
|
|
|
2005-07-18 13:31:02 +02:00
|
|
|
alter_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
alter_list_item
|
|
|
|
| alter_list ',' alter_list_item
|
2005-07-18 13:31:02 +02:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
add_column:
|
2007-08-14 20:31:06 -06:00
|
|
|
ADD opt_column
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->change=0;
|
|
|
|
lex->alter_info.flags|= ALTER_ADD_COLUMN;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
alter_list_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
add_column column_def opt_place { }
|
|
|
|
| ADD key_def
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->alter_info.flags|= ALTER_ADD_INDEX;
|
|
|
|
}
|
|
|
|
| add_column '(' field_list ')'
|
|
|
|
{
|
|
|
|
Lex->alter_info.flags|= ALTER_ADD_COLUMN | ALTER_ADD_INDEX;
|
|
|
|
}
|
|
|
|
| CHANGE opt_column field_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->change= $3.str;
|
|
|
|
lex->alter_info.flags|= ALTER_CHANGE_COLUMN;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2001-10-29 10:49:35 +02:00
|
|
|
field_spec opt_place
|
2002-06-04 08:23:57 +03:00
|
|
|
| MODIFY_SYM opt_column field_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2004-12-02 12:48:43 +04:00
|
|
|
lex->length=lex->dec=0; lex->type=0;
|
2004-04-02 10:12:53 +04:00
|
|
|
lex->default_value= lex->on_update_value= 0;
|
2005-01-16 13:16:23 +01:00
|
|
|
lex->comment=null_lex_str;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->charset= NULL;
|
|
|
|
lex->alter_info.flags|= ALTER_CHANGE_COLUMN;
|
2002-06-04 08:23:57 +03:00
|
|
|
}
|
|
|
|
type opt_attribute
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2007-04-03 16:13:27 +05:00
|
|
|
if (add_field_to_list(lex->thd,&$3,
|
2002-06-04 08:23:57 +03:00
|
|
|
(enum enum_field_types) $5,
|
|
|
|
lex->length,lex->dec,lex->type,
|
2004-04-02 10:12:53 +04:00
|
|
|
lex->default_value, lex->on_update_value,
|
2005-01-16 13:16:23 +01:00
|
|
|
&lex->comment,
|
2007-08-14 20:31:06 -06:00
|
|
|
$3.str, &lex->interval_list, lex->charset,
|
|
|
|
lex->uint_geom_type))
|
|
|
|
MYSQL_YYABORT;
|
2002-06-04 08:23:57 +03:00
|
|
|
}
|
|
|
|
opt_place
|
2007-08-14 20:31:06 -06:00
|
|
|
| DROP opt_column field_ident opt_restrict
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Alter_drop *ad= new Alter_drop(Alter_drop::COLUMN, $3.str);
|
|
|
|
if (ad == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->alter_info.drop_list.push_back(ad);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_DROP_COLUMN;
|
|
|
|
}
|
|
|
|
| DROP FOREIGN KEY_SYM opt_ident
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->alter_info.flags|= ALTER_DROP_INDEX | ALTER_FOREIGN_KEY;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DROP PRIMARY_SYM KEY_SYM
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Alter_drop *ad= new Alter_drop(Alter_drop::KEY, primary_key_name);
|
|
|
|
if (ad == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->alter_info.drop_list.push_back(ad);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_DROP_INDEX;
|
|
|
|
}
|
|
|
|
| DROP key_or_index field_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Alter_drop *ad= new Alter_drop(Alter_drop::KEY, $3.str);
|
|
|
|
if (ad == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->alter_info.drop_list.push_back(ad);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_DROP_INDEX;
|
|
|
|
}
|
|
|
|
| DISABLE_SYM KEYS
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
lex->alter_info.keys_onoff= DISABLE;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_KEYS_ONOFF;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ENABLE_SYM KEYS
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
lex->alter_info.keys_onoff= ENABLE;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_KEYS_ONOFF;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ALTER opt_column field_ident SET DEFAULT signed_literal
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Alter_column *ac= new Alter_column($3.str,$6);
|
|
|
|
if (ac == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->alter_info.alter_list.push_back(ac);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_CHANGE_COLUMN_DEFAULT;
|
|
|
|
}
|
|
|
|
| ALTER opt_column field_ident DROP DEFAULT
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Alter_column *ac= new Alter_column($3.str, (Item*) 0);
|
|
|
|
if (ac == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->alter_info.alter_list.push_back(ac);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->alter_info.flags|= ALTER_CHANGE_COLUMN_DEFAULT;
|
|
|
|
}
|
|
|
|
| RENAME opt_to table_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
size_t dummy;
|
|
|
|
lex->select_lex.db=$3->db.str;
|
A fix and a test case for
Bug#19022 "Memory bug when switching db during trigger execution"
Bug#17199 "Problem when view calls function from another database."
Bug#18444 "Fully qualified stored function names don't work correctly in
SELECT statements"
Documentation note: this patch introduces a change in behaviour of prepared
statements.
This patch adds a few new invariants with regard to how THD::db should
be used. These invariants should be preserved in future:
- one should never refer to THD::db by pointer and always make a deep copy
(strmake, strdup)
- one should never compare two databases by pointer, but use strncmp or
my_strncasecmp
- TABLE_LIST object table->db should be always initialized in the parser or
by creator of the object.
For prepared statements it means that if the current database is changed
after a statement is prepared, the database that was current at prepare
remains active. This also means that you can not prepare a statement that
implicitly refers to the current database if the latter is not set.
This is not documented, and therefore needs documentation. This is NOT a
change in behavior for almost all SQL statements except:
- ALTER TABLE t1 RENAME t2
- OPTIMIZE TABLE t1
- ANALYZE TABLE t1
- TRUNCATE TABLE t1 --
until this patch t1 or t2 could be evaluated at the first execution of
prepared statement.
CURRENT_DATABASE() still works OK and is evaluated at every execution
of prepared statement.
Note, that in stored routines this is not an issue as the default
database is the database of the stored procedure and "use" statement
is prohibited in stored routines.
This patch makes obsolete the use of check_db_used (it was never used in the
old code too) and all other places that check for table->db and assign it
from THD::db if it's NULL, except the parser.
How this patch was created: THD::{db,db_length} were replaced with a
LEX_STRING, THD::db. All the places that refer to THD::{db,db_length} were
manually checked and:
- if the place uses thd->db by pointer, it was fixed to make a deep copy
- if a place compared two db pointers, it was fixed to compare them by value
(via strcmp/my_strcasecmp, whatever was approproate)
Then this intermediate patch was used to write a smaller patch that does the
same thing but without a rename.
TODO in 5.1:
- remove check_db_used
- deploy THD::set_db in mysql_change_db
See also comments to individual files.
2006-06-27 00:47:52 +04:00
|
|
|
if (lex->select_lex.db == NULL &&
|
2007-07-16 23:31:36 +04:00
|
|
|
lex->copy_db_to(&lex->select_lex.db, &dummy))
|
A fix and a test case for
Bug#19022 "Memory bug when switching db during trigger execution"
Bug#17199 "Problem when view calls function from another database."
Bug#18444 "Fully qualified stored function names don't work correctly in
SELECT statements"
Documentation note: this patch introduces a change in behaviour of prepared
statements.
This patch adds a few new invariants with regard to how THD::db should
be used. These invariants should be preserved in future:
- one should never refer to THD::db by pointer and always make a deep copy
(strmake, strdup)
- one should never compare two databases by pointer, but use strncmp or
my_strncasecmp
- TABLE_LIST object table->db should be always initialized in the parser or
by creator of the object.
For prepared statements it means that if the current database is changed
after a statement is prepared, the database that was current at prepare
remains active. This also means that you can not prepare a statement that
implicitly refers to the current database if the latter is not set.
This is not documented, and therefore needs documentation. This is NOT a
change in behavior for almost all SQL statements except:
- ALTER TABLE t1 RENAME t2
- OPTIMIZE TABLE t1
- ANALYZE TABLE t1
- TRUNCATE TABLE t1 --
until this patch t1 or t2 could be evaluated at the first execution of
prepared statement.
CURRENT_DATABASE() still works OK and is evaluated at every execution
of prepared statement.
Note, that in stored routines this is not an issue as the default
database is the database of the stored procedure and "use" statement
is prohibited in stored routines.
This patch makes obsolete the use of check_db_used (it was never used in the
old code too) and all other places that check for table->db and assign it
from THD::db if it's NULL, except the parser.
How this patch was created: THD::{db,db_length} were replaced with a
LEX_STRING, THD::db. All the places that refer to THD::{db,db_length} were
manually checked and:
- if the place uses thd->db by pointer, it was fixed to make a deep copy
- if a place compared two db pointers, it was fixed to compare them by value
(via strcmp/my_strcasecmp, whatever was approproate)
Then this intermediate patch was used to write a smaller patch that does the
same thing but without a rename.
TODO in 5.1:
- remove check_db_used
- deploy THD::set_db in mysql_change_db
See also comments to individual files.
2006-06-27 00:47:52 +04:00
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
A fix and a test case for
Bug#19022 "Memory bug when switching db during trigger execution"
Bug#17199 "Problem when view calls function from another database."
Bug#18444 "Fully qualified stored function names don't work correctly in
SELECT statements"
Documentation note: this patch introduces a change in behaviour of prepared
statements.
This patch adds a few new invariants with regard to how THD::db should
be used. These invariants should be preserved in future:
- one should never refer to THD::db by pointer and always make a deep copy
(strmake, strdup)
- one should never compare two databases by pointer, but use strncmp or
my_strncasecmp
- TABLE_LIST object table->db should be always initialized in the parser or
by creator of the object.
For prepared statements it means that if the current database is changed
after a statement is prepared, the database that was current at prepare
remains active. This also means that you can not prepare a statement that
implicitly refers to the current database if the latter is not set.
This is not documented, and therefore needs documentation. This is NOT a
change in behavior for almost all SQL statements except:
- ALTER TABLE t1 RENAME t2
- OPTIMIZE TABLE t1
- ANALYZE TABLE t1
- TRUNCATE TABLE t1 --
until this patch t1 or t2 could be evaluated at the first execution of
prepared statement.
CURRENT_DATABASE() still works OK and is evaluated at every execution
of prepared statement.
Note, that in stored routines this is not an issue as the default
database is the database of the stored procedure and "use" statement
is prohibited in stored routines.
This patch makes obsolete the use of check_db_used (it was never used in the
old code too) and all other places that check for table->db and assign it
from THD::db if it's NULL, except the parser.
How this patch was created: THD::{db,db_length} were replaced with a
LEX_STRING, THD::db. All the places that refer to THD::{db,db_length} were
manually checked and:
- if the place uses thd->db by pointer, it was fixed to make a deep copy
- if a place compared two db pointers, it was fixed to compare them by value
(via strcmp/my_strcasecmp, whatever was approproate)
Then this intermediate patch was used to write a smaller patch that does the
same thing but without a rename.
TODO in 5.1:
- remove check_db_used
- deploy THD::set_db in mysql_change_db
See also comments to individual files.
2006-06-27 00:47:52 +04:00
|
|
|
}
|
2004-07-26 10:52:40 +02:00
|
|
|
if (check_table_name($3->table.str,$3->table.length) ||
|
2009-06-17 16:56:44 +02:00
|
|
|
($3->db.str && check_db_name(&$3->db)))
|
2004-07-26 10:52:40 +02:00
|
|
|
{
|
2004-11-13 19:35:51 +02:00
|
|
|
my_error(ER_WRONG_TABLE_NAME, MYF(0), $3->table.str);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-07-26 10:52:40 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->name= $3->table;
|
|
|
|
lex->alter_info.flags|= ALTER_RENAME;
|
|
|
|
}
|
|
|
|
| CONVERT_SYM TO_SYM charset charset_name_or_default opt_collate
|
|
|
|
{
|
|
|
|
if (!$4)
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
$4= thd->variables.collation_database;
|
|
|
|
}
|
|
|
|
$5= $5 ? $5 : $4;
|
|
|
|
if (!my_charset_same($4,$5))
|
|
|
|
{
|
|
|
|
my_error(ER_COLLATION_CHARSET_MISMATCH, MYF(0),
|
2004-11-13 19:35:51 +02:00
|
|
|
$5->name, $4->csname);
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->create_info.table_charset=
|
|
|
|
lex->create_info.default_table_charset= $5;
|
|
|
|
lex->create_info.used_fields|= (HA_CREATE_USED_CHARSET |
|
|
|
|
HA_CREATE_USED_DEFAULT_CHARSET);
|
|
|
|
lex->alter_info.flags|= ALTER_CONVERT;
|
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
| create_table_options_space_separated
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->alter_info.flags|= ALTER_OPTIONS;
|
|
|
|
}
|
|
|
|
| FORCE_SYM
|
|
|
|
{
|
|
|
|
Lex->alter_info.flags|= ALTER_FORCE;
|
|
|
|
}
|
|
|
|
| alter_order_clause
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->alter_info.flags|= ALTER_ORDER;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_column:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| COLUMN_SYM {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_ignore:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->ignore= 0;}
|
|
|
|
| IGNORE_SYM { Lex->ignore= 1;}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_restrict:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->drop_mode= DROP_DEFAULT; }
|
|
|
|
| RESTRICT { Lex->drop_mode= DROP_RESTRICT; }
|
|
|
|
| CASCADE { Lex->drop_mode= DROP_CASCADE; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_place:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| AFTER_SYM ident { store_position_for_column($2.str); }
|
|
|
|
| FIRST_SYM { store_position_for_column(first_keyword); }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_to:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| TO_SYM {}
|
|
|
|
| EQ {}
|
|
|
|
| AS {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-10-24 03:52:51 -06:00
|
|
|
/*
|
2003-09-15 12:43:31 +02:00
|
|
|
SLAVE START and SLAVE STOP are deprecated. We keep them for compatibility.
|
2002-11-21 15:56:48 +02:00
|
|
|
*/
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
slave:
|
2007-08-14 20:31:06 -06:00
|
|
|
START_SYM SLAVE slave_thread_opts
|
2003-09-14 00:13:41 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
2003-09-14 00:13:41 +04:00
|
|
|
lex->sql_command = SQLCOM_SLAVE_START;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->type = 0;
|
|
|
|
/* We'll use mi structure for UNTIL options */
|
|
|
|
bzero((char*) &lex->mi, sizeof(lex->mi));
|
2004-01-26 20:16:37 +01:00
|
|
|
/* If you change this code don't forget to update SLAVE START too */
|
2003-09-14 00:13:41 +04:00
|
|
|
}
|
|
|
|
slave_until
|
|
|
|
{}
|
2002-11-21 15:56:48 +02:00
|
|
|
| STOP_SYM SLAVE slave_thread_opts
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
2002-11-21 15:56:48 +02:00
|
|
|
lex->sql_command = SQLCOM_SLAVE_STOP;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->type = 0;
|
2004-01-26 20:16:37 +01:00
|
|
|
/* If you change this code don't forget to update SLAVE STOP too */
|
2002-11-21 15:56:48 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SLAVE START_SYM slave_thread_opts
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_SLAVE_START;
|
|
|
|
lex->type = 0;
|
|
|
|
/* We'll use mi structure for UNTIL options */
|
|
|
|
bzero((char*) &lex->mi, sizeof(lex->mi));
|
2004-01-26 19:39:00 +01:00
|
|
|
}
|
|
|
|
slave_until
|
|
|
|
{}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SLAVE STOP_SYM slave_thread_opts
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_SLAVE_STOP;
|
|
|
|
lex->type = 0;
|
|
|
|
}
|
2003-09-15 12:43:31 +02:00
|
|
|
;
|
|
|
|
|
2003-02-06 16:55:59 +02:00
|
|
|
start:
|
2007-08-14 20:31:06 -06:00
|
|
|
START_SYM TRANSACTION_SYM start_transaction_opts
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_BEGIN;
|
|
|
|
lex->start_transaction_opt= $3;
|
|
|
|
}
|
|
|
|
;
|
2003-02-06 16:55:59 +02:00
|
|
|
|
2004-11-10 17:56:45 +01:00
|
|
|
start_transaction_opts:
|
2007-08-14 20:31:06 -06:00
|
|
|
/*empty*/ { $$ = 0; }
|
2004-11-10 17:56:45 +01:00
|
|
|
| WITH CONSISTENT_SYM SNAPSHOT_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
$$= MYSQL_START_TRANS_OPT_WITH_CONS_SNAPSHOT;
|
|
|
|
}
|
2004-11-11 10:50:46 +04:00
|
|
|
;
|
2004-11-10 17:56:45 +01:00
|
|
|
|
2002-07-23 18:31:22 +03:00
|
|
|
slave_thread_opts:
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Lex->slave_thd_opt= 0; }
|
|
|
|
slave_thread_opt_list
|
|
|
|
{}
|
|
|
|
;
|
2003-02-12 21:55:37 +02:00
|
|
|
|
|
|
|
slave_thread_opt_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
slave_thread_opt
|
|
|
|
| slave_thread_opt_list ',' slave_thread_opt
|
|
|
|
;
|
2002-03-09 21:48:06 -07:00
|
|
|
|
|
|
|
slave_thread_opt:
|
2007-08-14 20:31:06 -06:00
|
|
|
/*empty*/ {}
|
|
|
|
| SQL_THREAD { Lex->slave_thd_opt|=SLAVE_SQL; }
|
|
|
|
| RELAY_THREAD { Lex->slave_thd_opt|=SLAVE_IO; }
|
|
|
|
;
|
2002-12-05 01:14:51 +03:00
|
|
|
|
2003-09-14 00:13:41 +04:00
|
|
|
slave_until:
|
2007-08-14 20:31:06 -06:00
|
|
|
/*empty*/ {}
|
|
|
|
| UNTIL_SYM slave_until_opts
|
2003-09-14 00:13:41 +04:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2009-06-10 16:04:07 +02:00
|
|
|
if (((lex->mi.log_file_name || lex->mi.pos) &&
|
|
|
|
(lex->mi.relay_log_name || lex->mi.relay_log_pos)) ||
|
2003-09-14 00:13:41 +04:00
|
|
|
!((lex->mi.log_file_name && lex->mi.pos) ||
|
|
|
|
(lex->mi.relay_log_name && lex->mi.relay_log_pos)))
|
|
|
|
{
|
2004-11-12 14:34:00 +02:00
|
|
|
my_message(ER_BAD_SLAVE_UNTIL_COND,
|
|
|
|
ER(ER_BAD_SLAVE_UNTIL_COND), MYF(0));
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2003-09-14 00:13:41 +04:00
|
|
|
}
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2003-09-14 00:13:41 +04:00
|
|
|
|
|
|
|
slave_until_opts:
|
2007-08-14 20:31:06 -06:00
|
|
|
master_file_def
|
|
|
|
| slave_until_opts ',' master_file_def
|
|
|
|
;
|
2003-09-14 00:13:41 +04:00
|
|
|
|
2000-09-14 16:34:50 -06:00
|
|
|
restore:
|
2007-08-14 20:31:06 -06:00
|
|
|
RESTORE_SYM table_or_tables
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_RESTORE_TABLE;
|
|
|
|
}
|
|
|
|
table_list FROM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->backup_dir = $6.str;
|
|
|
|
}
|
|
|
|
;
|
2002-07-23 18:31:22 +03:00
|
|
|
|
2000-09-14 16:34:50 -06:00
|
|
|
backup:
|
2007-08-14 20:31:06 -06:00
|
|
|
BACKUP_SYM table_or_tables
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_BACKUP_TABLE;
|
|
|
|
}
|
|
|
|
table_list TO_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->backup_dir = $6.str;
|
|
|
|
}
|
|
|
|
;
|
2000-09-14 16:34:50 -06:00
|
|
|
|
2003-08-21 16:15:06 +02:00
|
|
|
checksum:
|
2007-08-14 20:31:06 -06:00
|
|
|
CHECKSUM_SYM table_or_tables
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_CHECKSUM;
|
|
|
|
}
|
|
|
|
table_list opt_checksum_type
|
|
|
|
{}
|
|
|
|
;
|
2003-08-21 16:15:06 +02:00
|
|
|
|
2003-09-03 11:34:32 +02:00
|
|
|
opt_checksum_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* nothing */ { Lex->check_opt.flags= 0; }
|
|
|
|
| QUICK { Lex->check_opt.flags= T_QUICK; }
|
|
|
|
| EXTENDED_SYM { Lex->check_opt.flags= T_EXTEND; }
|
2003-09-03 11:34:32 +02:00
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
repair:
|
2007-08-14 20:31:06 -06:00
|
|
|
REPAIR opt_no_write_to_binlog table_or_tables
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_REPAIR;
|
|
|
|
lex->no_write_to_binlog= $2;
|
|
|
|
lex->check_opt.init();
|
2008-08-11 20:02:03 +02:00
|
|
|
lex->alter_info.reset();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
table_list opt_mi_repair_type
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-03-13 17:20:17 +00:00
|
|
|
opt_mi_repair_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->check_opt.flags = T_MEDIUM; }
|
|
|
|
| mi_repair_types {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-03-13 17:20:17 +00:00
|
|
|
mi_repair_types:
|
2007-08-14 20:31:06 -06:00
|
|
|
mi_repair_type {}
|
|
|
|
| mi_repair_type mi_repair_types {}
|
|
|
|
;
|
2000-10-11 00:06:37 +03:00
|
|
|
|
2002-03-13 17:20:17 +00:00
|
|
|
mi_repair_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
QUICK { Lex->check_opt.flags|= T_QUICK; }
|
|
|
|
| EXTENDED_SYM { Lex->check_opt.flags|= T_EXTEND; }
|
|
|
|
| USE_FRM { Lex->check_opt.sql_flags|= TT_USEFRM; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
analyze:
|
2007-08-14 20:31:06 -06:00
|
|
|
ANALYZE_SYM opt_no_write_to_binlog table_or_tables
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_ANALYZE;
|
|
|
|
lex->no_write_to_binlog= $2;
|
|
|
|
lex->check_opt.init();
|
2008-08-11 20:02:03 +02:00
|
|
|
lex->alter_info.reset();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2007-11-27 10:14:46 +04:00
|
|
|
table_list
|
2007-08-14 20:31:06 -06:00
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-12-22 06:39:02 +01:00
|
|
|
binlog_base64_event:
|
2007-08-14 20:31:06 -06:00
|
|
|
BINLOG_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_BINLOG_BASE64_EVENT;
|
|
|
|
Lex->comment= $2;
|
|
|
|
}
|
2005-12-26 17:22:12 +04:00
|
|
|
;
|
2005-12-22 06:39:02 +01:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
check:
|
2007-08-14 20:31:06 -06:00
|
|
|
CHECK_SYM table_or_tables
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2005-03-30 17:43:52 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "CHECK");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command = SQLCOM_CHECK;
|
|
|
|
lex->check_opt.init();
|
2008-08-11 20:02:03 +02:00
|
|
|
lex->alter_info.reset();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
table_list opt_mi_check_type
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-03-13 17:20:17 +00:00
|
|
|
opt_mi_check_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->check_opt.flags = T_MEDIUM; }
|
|
|
|
| mi_check_types {}
|
|
|
|
;
|
2002-03-13 17:20:17 +00:00
|
|
|
|
|
|
|
mi_check_types:
|
2007-08-14 20:31:06 -06:00
|
|
|
mi_check_type {}
|
|
|
|
| mi_check_type mi_check_types {}
|
|
|
|
;
|
2002-03-13 17:20:17 +00:00
|
|
|
|
|
|
|
mi_check_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
QUICK { Lex->check_opt.flags|= T_QUICK; }
|
|
|
|
| FAST_SYM { Lex->check_opt.flags|= T_FAST; }
|
|
|
|
| MEDIUM_SYM { Lex->check_opt.flags|= T_MEDIUM; }
|
|
|
|
| EXTENDED_SYM { Lex->check_opt.flags|= T_EXTEND; }
|
|
|
|
| CHANGED { Lex->check_opt.flags|= T_CHECK_ONLY_CHANGED; }
|
|
|
|
| FOR_SYM UPGRADE_SYM { Lex->check_opt.sql_flags|= TT_FOR_UPGRADE; }
|
|
|
|
;
|
2002-03-13 17:20:17 +00:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
optimize:
|
2007-08-14 20:31:06 -06:00
|
|
|
OPTIMIZE opt_no_write_to_binlog table_or_tables
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_OPTIMIZE;
|
|
|
|
lex->no_write_to_binlog= $2;
|
|
|
|
lex->check_opt.init();
|
2008-08-11 20:02:03 +02:00
|
|
|
lex->alter_info.reset();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2007-11-27 10:14:46 +04:00
|
|
|
table_list
|
2007-08-14 20:31:06 -06:00
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-05-15 18:35:39 +02:00
|
|
|
opt_no_write_to_binlog:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= 0; }
|
|
|
|
| NO_WRITE_TO_BINLOG { $$= 1; }
|
|
|
|
| LOCAL_SYM { $$= 1; }
|
|
|
|
;
|
2003-05-15 18:35:39 +02:00
|
|
|
|
2000-08-21 03:00:52 +03:00
|
|
|
rename:
|
2007-08-14 20:31:06 -06:00
|
|
|
RENAME table_or_tables
|
2006-02-13 11:49:28 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->sql_command= SQLCOM_RENAME_TABLE;
|
|
|
|
}
|
|
|
|
table_to_table_list
|
|
|
|
{}
|
|
|
|
| RENAME USER clear_privileges rename_list
|
2004-11-25 21:55:49 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->sql_command = SQLCOM_RENAME_USER;
|
2004-11-25 21:55:49 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-08-21 03:00:52 +03:00
|
|
|
|
2004-11-25 21:55:49 +01:00
|
|
|
rename_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
user TO_SYM user
|
|
|
|
{
|
|
|
|
if (Lex->users_list.push_back($1) || Lex->users_list.push_back($3))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2004-11-25 21:55:49 +01:00
|
|
|
| rename_list ',' user TO_SYM user
|
|
|
|
{
|
|
|
|
if (Lex->users_list.push_back($3) || Lex->users_list.push_back($5))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-25 21:55:49 +01:00
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2000-08-21 03:00:52 +03:00
|
|
|
table_to_table_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_to_table
|
|
|
|
| table_to_table_list ',' table_to_table
|
|
|
|
;
|
2000-08-21 03:00:52 +03:00
|
|
|
|
|
|
|
table_to_table:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_ident TO_SYM table_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
SELECT_LEX *sl= lex->current_select;
|
|
|
|
if (!sl->add_table_to_list(lex->thd, $1,NULL,TL_OPTION_UPDATING,
|
|
|
|
TL_IGNORE) ||
|
|
|
|
!sl->add_table_to_list(lex->thd, $3,NULL,TL_OPTION_UPDATING,
|
|
|
|
TL_IGNORE))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2000-08-21 03:00:52 +03:00
|
|
|
|
2003-08-26 00:15:49 -07:00
|
|
|
keycache:
|
2007-08-14 20:31:06 -06:00
|
|
|
CACHE_SYM INDEX_SYM keycache_list IN_SYM key_cache_name
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_ASSIGN_TO_KEYCACHE;
|
|
|
|
lex->ident= $5;
|
|
|
|
}
|
2003-08-26 00:15:49 -07:00
|
|
|
;
|
|
|
|
|
|
|
|
keycache_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
assign_to_keycache
|
|
|
|
| keycache_list ',' assign_to_keycache
|
|
|
|
;
|
2003-08-26 00:15:49 -07:00
|
|
|
|
|
|
|
assign_to_keycache:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_ident cache_keys_spec
|
|
|
|
{
|
|
|
|
if (!Select->add_table_to_list(YYTHD, $1, NULL, 0, TL_READ,
|
|
|
|
Select->pop_index_hints()))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2003-08-26 00:15:49 -07:00
|
|
|
;
|
|
|
|
|
2003-11-18 13:47:27 +02:00
|
|
|
key_cache_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident { $$= $1; }
|
|
|
|
| DEFAULT { $$ = default_key_cache_base; }
|
|
|
|
;
|
2003-11-18 13:47:27 +02:00
|
|
|
|
2003-06-12 04:29:02 -07:00
|
|
|
preload:
|
2007-08-14 20:31:06 -06:00
|
|
|
LOAD INDEX_SYM INTO CACHE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command=SQLCOM_PRELOAD_KEYS;
|
|
|
|
}
|
|
|
|
preload_list
|
|
|
|
{}
|
|
|
|
;
|
2003-06-12 04:29:02 -07:00
|
|
|
|
|
|
|
preload_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
preload_keys
|
|
|
|
| preload_list ',' preload_keys
|
|
|
|
;
|
2003-06-12 04:29:02 -07:00
|
|
|
|
|
|
|
preload_keys:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_ident cache_keys_spec opt_ignore_leaves
|
|
|
|
{
|
|
|
|
if (!Select->add_table_to_list(YYTHD, $1, NULL, $3, TL_READ,
|
|
|
|
Select->pop_index_hints()))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2003-06-12 04:29:02 -07:00
|
|
|
|
2003-08-26 15:14:13 -07:00
|
|
|
cache_keys_spec:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Lex->select_lex.alloc_index_hints(YYTHD);
|
|
|
|
Select->set_index_hint_type(INDEX_HINT_USE,
|
|
|
|
global_system_variables.old_mode ?
|
2007-03-05 19:08:41 +02:00
|
|
|
INDEX_HINT_MASK_JOIN :
|
|
|
|
INDEX_HINT_MASK_ALL);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
cache_key_list_or_empty
|
2003-08-26 15:14:13 -07:00
|
|
|
;
|
2003-06-12 04:29:02 -07:00
|
|
|
|
2003-08-26 00:15:49 -07:00
|
|
|
cache_key_list_or_empty:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { }
|
|
|
|
| key_or_index '(' opt_key_usage_list ')'
|
|
|
|
;
|
2003-06-12 04:29:02 -07:00
|
|
|
|
2003-06-19 02:34:33 -07:00
|
|
|
opt_ignore_leaves:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{ $$= 0; }
|
|
|
|
| IGNORE_SYM LEAVES { $$= TL_OPTION_IGNORE_LEAVES; }
|
|
|
|
;
|
2003-06-12 04:29:02 -07:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/*
|
2001-12-17 19:59:20 +02:00
|
|
|
Select : retrieve data from table
|
2000-07-31 21:29:14 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
select:
|
2007-08-14 20:31:06 -06:00
|
|
|
select_init
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_SELECT;
|
|
|
|
}
|
|
|
|
;
|
2001-12-13 02:31:19 +02:00
|
|
|
|
2002-11-28 16:10:29 +01:00
|
|
|
/* Need select_init2 for subselects. */
|
2001-12-13 02:31:19 +02:00
|
|
|
select_init:
|
2007-08-14 20:31:06 -06:00
|
|
|
SELECT_SYM select_init2
|
|
|
|
| '(' select_paren ')' union_opt
|
|
|
|
;
|
2005-02-13 22:35:52 +00:00
|
|
|
|
|
|
|
select_paren:
|
2007-08-14 20:31:06 -06:00
|
|
|
SELECT_SYM select_part2
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2003-07-03 02:30:52 +03:00
|
|
|
SELECT_LEX * sel= lex->current_select;
|
2007-08-14 20:31:06 -06:00
|
|
|
if (sel->set_braces(1))
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-08-31 18:00:25 +03:00
|
|
|
if (sel->linkage == UNION_TYPE &&
|
|
|
|
!sel->master_unit()->first_select()->braces &&
|
|
|
|
sel->master_unit()->first_select()->linkage ==
|
|
|
|
UNION_TYPE)
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
2006-08-31 18:00:25 +03:00
|
|
|
}
|
2007-12-14 13:42:46 -08:00
|
|
|
if (sel->linkage == UNION_TYPE &&
|
|
|
|
sel->olap != UNSPECIFIED_OLAP_TYPE &&
|
|
|
|
sel->master_unit()->fake_select_lex)
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_USAGE, MYF(0),
|
|
|
|
"CUBE/ROLLUP", "ORDER BY");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2002-05-08 23:14:40 +03:00
|
|
|
/* select in braces, can't contain global parameters */
|
2007-08-14 20:31:06 -06:00
|
|
|
if (sel->master_unit()->fake_select_lex)
|
2003-09-09 15:23:38 +03:00
|
|
|
sel->master_unit()->global_parameters=
|
|
|
|
sel->master_unit()->fake_select_lex;
|
2005-02-13 22:35:52 +00:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| '(' select_paren ')'
|
|
|
|
;
|
2001-08-14 20:33:49 +03:00
|
|
|
|
2002-11-28 16:10:29 +01:00
|
|
|
select_init2:
|
2007-08-14 20:31:06 -06:00
|
|
|
select_part2
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
SELECT_LEX * sel= lex->current_select;
|
|
|
|
if (lex->current_select->set_braces(0))
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (sel->linkage == UNION_TYPE &&
|
|
|
|
sel->master_unit()->first_select()->braces)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
union_clause
|
|
|
|
;
|
2002-11-28 16:10:29 +01:00
|
|
|
|
2001-08-14 20:33:49 +03:00
|
|
|
select_part2:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
SELECT_LEX *sel= lex->current_select;
|
|
|
|
if (sel->linkage != UNION_TYPE)
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->current_select->parsing_place= SELECT_LIST;
|
|
|
|
}
|
|
|
|
select_options select_item_list
|
|
|
|
{
|
|
|
|
Select->parsing_place= NO_MATTER;
|
|
|
|
}
|
|
|
|
select_into select_lock_type
|
|
|
|
;
|
2001-10-19 17:43:30 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
select_into:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_order_clause opt_limit_clause {}
|
2002-11-28 17:25:41 +01:00
|
|
|
| into
|
2007-08-14 20:31:06 -06:00
|
|
|
| select_from
|
|
|
|
| into select_from
|
|
|
|
| select_from into
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
select_from:
|
2007-08-14 20:31:06 -06:00
|
|
|
FROM join_table_list where_clause group_clause having_clause
|
|
|
|
opt_order_clause opt_limit_clause procedure_clause
|
2007-02-19 14:39:37 +02:00
|
|
|
{
|
|
|
|
Select->context.table_list=
|
|
|
|
Select->context.first_name_resolution_table=
|
|
|
|
(TABLE_LIST *) Select->table_list.first;
|
|
|
|
}
|
2005-07-17 09:46:14 -07:00
|
|
|
| FROM DUAL_SYM where_clause opt_limit_clause
|
2005-02-02 08:38:24 +02:00
|
|
|
/* oracle compatibility: oracle always requires FROM clause,
|
|
|
|
and DUAL is system table without fields.
|
|
|
|
Is "SELECT 1 FROM DUAL" any better than "SELECT 1" ?
|
|
|
|
Hmmm :) */
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
select_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty*/
|
|
|
|
| select_option_list
|
|
|
|
{
|
|
|
|
if (Select->options & SELECT_DISTINCT && Select->options & SELECT_ALL)
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_USAGE, MYF(0), "ALL", "DISTINCT");
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2005-05-13 14:04:32 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
select_option_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
select_option_list select_option
|
|
|
|
| select_option
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
select_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
STRAIGHT_JOIN { Select->options|= SELECT_STRAIGHT_JOIN; }
|
|
|
|
| HIGH_PRIORITY
|
2006-06-27 21:28:32 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (check_simple_select())
|
|
|
|
MYSQL_YYABORT;
|
2009-03-05 15:22:33 +01:00
|
|
|
Lex->lock_option= TL_READ_HIGH_PRIORITY;
|
|
|
|
Lex->current_select->lock_option= TL_READ_HIGH_PRIORITY;
|
2006-06-27 21:28:32 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DISTINCT { Select->options|= SELECT_DISTINCT; }
|
|
|
|
| SQL_SMALL_RESULT { Select->options|= SELECT_SMALL_RESULT; }
|
|
|
|
| SQL_BIG_RESULT { Select->options|= SELECT_BIG_RESULT; }
|
|
|
|
| SQL_BUFFER_RESULT
|
|
|
|
{
|
|
|
|
if (check_simple_select())
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Select->options|= OPTION_BUFFER_RESULT;
|
|
|
|
}
|
|
|
|
| SQL_CALC_FOUND_ROWS
|
|
|
|
{
|
|
|
|
if (check_simple_select())
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Select->options|= OPTION_FOUND_ROWS;
|
|
|
|
}
|
|
|
|
| SQL_NO_CACHE_SYM
|
2006-06-27 21:28:32 +04:00
|
|
|
{
|
|
|
|
Lex->safe_to_cache_query=0;
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->select_lex.options&= ~OPTION_TO_QUERY_CACHE;
|
2006-06-27 21:28:32 +04:00
|
|
|
Lex->select_lex.sql_cache= SELECT_LEX::SQL_NO_CACHE;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SQL_CACHE_SYM
|
|
|
|
{
|
2007-06-18 17:16:20 -04:00
|
|
|
/*
|
|
|
|
Honor this flag only if SQL_NO_CACHE wasn't specified AND
|
|
|
|
we are parsing the outermost SELECT in the query.
|
|
|
|
*/
|
|
|
|
if (Lex->select_lex.sql_cache != SELECT_LEX::SQL_NO_CACHE &&
|
|
|
|
Lex->current_select == &Lex->select_lex)
|
2006-06-27 21:28:32 +04:00
|
|
|
{
|
|
|
|
Lex->safe_to_cache_query=1;
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->select_lex.options|= OPTION_TO_QUERY_CACHE;
|
2006-06-27 21:28:32 +04:00
|
|
|
Lex->select_lex.sql_cache= SELECT_LEX::SQL_CACHE;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| ALL { Select->options|= SELECT_ALL; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-03-21 01:02:22 +02:00
|
|
|
select_lock_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| FOR_SYM UPDATE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->current_select->set_lock_for_tables(TL_WRITE);
|
2009-03-05 15:22:33 +01:00
|
|
|
lex->current_select->lock_option= TL_WRITE;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->safe_to_cache_query=0;
|
2009-04-03 16:11:54 -03:00
|
|
|
lex->protect_against_global_read_lock= TRUE;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| LOCK_SYM IN_SYM SHARE_SYM MODE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->current_select->
|
|
|
|
set_lock_for_tables(TL_READ_WITH_SHARED_LOCKS);
|
2009-03-05 15:22:33 +01:00
|
|
|
lex->current_select->lock_option= TL_READ_WITH_SHARED_LOCKS;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->safe_to_cache_query=0;
|
|
|
|
}
|
|
|
|
;
|
2001-03-21 01:02:22 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
select_item_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
select_item_list ',' select_item
|
|
|
|
| select_item
|
|
|
|
| '*'
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *item= new (thd->mem_root)
|
|
|
|
Item_field(&thd->lex->current_select->context,
|
|
|
|
NULL, NULL, "*");
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
if (add_item_to_list(thd, item))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
(thd->lex->current_select->with_wild)++;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
select_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
remember_name select_item2 remember_end select_alias
|
|
|
|
{
|
Bug#21513 (SP having body starting with quoted label rendered unusable)
Before this fix, the parser would sometime change where a token starts by
altering Lex_input_string::tok_start, which later confused the code in
sql_yacc.yy that needs to capture the source code of a SQL statement,
like to represent the body of a stored procedure.
This line of code in sql_lex.cc :
case MY_LEX_USER_VARIABLE_DELIMITER:
lip->tok_start= lip->ptr; // Skip first `
would <skip the first back quote> ... and cause the bug reported.
In general, the responsibility of sql_lex.cc is to *find* where token are
in the SQL text, but is *not* to make up fake or incomplete tokens.
With a quoted label like `my_label`, the token starts on the first quote.
Extracting the token value should not change that (it did).
With this fix, the lexical analysis has been cleaned up to not change
lip->tok_start (in the case found for this bug).
The functions get_token() and get_quoted_token() now have an extra
parameters, used when some characters from the beginning of the token need
to be skipped when extracting a token value, like when extracting 'AB' from
'0xAB', for example, for a HEX_NUM token.
This exposed a bad assumption in Item_hex_string and Item_bin_string,
which has been fixed:
The assumption was that the string given, 'AB', was in fact preceded in
memory by '0x', which might be false (it can be preceded by "x'" and
followed by "'" -- or not be preceded by valid memory at all)
If a name is needed for Item_hex_string or Item_bin_string, the name is
taken from the original and true source code ('0xAB'), and assigned in
the select_item rule, instead of relying on assumptions related to how
memory is used.
2007-04-27 17:14:25 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
DBUG_ASSERT($1 < $3);
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (add_item_to_list(thd, $2))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
if ($4.str)
|
2005-06-21 20:30:48 +03:00
|
|
|
{
|
2007-10-25 10:32:52 +05:00
|
|
|
if (Lex->sql_command == SQLCOM_CREATE_VIEW &&
|
|
|
|
check_column_name($4.str))
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_COLUMN_NAME, MYF(0), $4.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-06-21 20:30:48 +03:00
|
|
|
$2->is_autogenerated_name= FALSE;
|
2007-08-14 20:31:06 -06:00
|
|
|
$2->set_name($4.str, $4.length, system_charset_info);
|
2005-06-21 20:30:48 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else if (!$2->name)
|
Bug#21513 (SP having body starting with quoted label rendered unusable)
Before this fix, the parser would sometime change where a token starts by
altering Lex_input_string::tok_start, which later confused the code in
sql_yacc.yy that needs to capture the source code of a SQL statement,
like to represent the body of a stored procedure.
This line of code in sql_lex.cc :
case MY_LEX_USER_VARIABLE_DELIMITER:
lip->tok_start= lip->ptr; // Skip first `
would <skip the first back quote> ... and cause the bug reported.
In general, the responsibility of sql_lex.cc is to *find* where token are
in the SQL text, but is *not* to make up fake or incomplete tokens.
With a quoted label like `my_label`, the token starts on the first quote.
Extracting the token value should not change that (it did).
With this fix, the lexical analysis has been cleaned up to not change
lip->tok_start (in the case found for this bug).
The functions get_token() and get_quoted_token() now have an extra
parameters, used when some characters from the beginning of the token need
to be skipped when extracting a token value, like when extracting 'AB' from
'0xAB', for example, for a HEX_NUM token.
This exposed a bad assumption in Item_hex_string and Item_bin_string,
which has been fixed:
The assumption was that the string given, 'AB', was in fact preceded in
memory by '0x', which might be false (it can be preceded by "x'" and
followed by "'" -- or not be preceded by valid memory at all)
If a name is needed for Item_hex_string or Item_bin_string, the name is
taken from the original and true source code ('0xAB'), and assigned in
the select_item rule, instead of relying on assumptions related to how
memory is used.
2007-04-27 17:14:25 -06:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
$2->set_name($1, (uint) ($3 - $1), thd->charset());
|
2005-06-21 20:30:48 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
remember_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2008-07-14 19:43:12 -06:00
|
|
|
$$= (char*) YYLIP->get_cpp_tok_start();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
remember_end:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2008-07-14 19:43:12 -06:00
|
|
|
$$= (char*) YYLIP->get_cpp_tok_end();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
select_item2:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_wild { $$=$1; /* table.* */ }
|
|
|
|
| expr { $$=$1; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
select_alias:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=null_lex_str;}
|
|
|
|
| AS ident { $$=$2; }
|
|
|
|
| AS TEXT_STRING_sys { $$=$2; }
|
|
|
|
| ident { $$=$1; }
|
|
|
|
| TEXT_STRING_sys { $$=$1; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
optional_braces:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| '(' ')' {}
|
|
|
|
;
|
2000-08-22 00:39:08 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* all possible expressions */
|
2007-08-22 14:25:36 -06:00
|
|
|
expr:
|
2007-08-28 15:56:12 -06:00
|
|
|
expr or expr %prec OR_SYM
|
2005-03-16 00:13:23 +00:00
|
|
|
{
|
2007-08-22 14:25:36 -06:00
|
|
|
/*
|
|
|
|
Design notes:
|
|
|
|
Do not use a manually maintained stack like thd->lex->xxx_list,
|
|
|
|
but use the internal bison stack ($$, $1 and $3) instead.
|
|
|
|
Using the bison stack is:
|
|
|
|
- more robust to changes in the grammar,
|
|
|
|
- guaranteed to be in sync with the parser state,
|
|
|
|
- better for performances (no memory allocation).
|
|
|
|
*/
|
|
|
|
Item_cond_or *item1;
|
|
|
|
Item_cond_or *item3;
|
|
|
|
if (is_cond_or($1))
|
2005-03-16 00:13:23 +00:00
|
|
|
{
|
2007-08-22 14:25:36 -06:00
|
|
|
item1= (Item_cond_or*) $1;
|
|
|
|
if (is_cond_or($3))
|
|
|
|
{
|
|
|
|
item3= (Item_cond_or*) $3;
|
|
|
|
/*
|
|
|
|
(X1 OR X2) OR (Y1 OR Y2) ==> OR (X1, X2, Y1, Y2)
|
|
|
|
*/
|
|
|
|
item3->add_at_head(item1->argument_list());
|
|
|
|
$$ = $3;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
(X1 OR X2) OR Y ==> OR (X1, X2, Y)
|
|
|
|
*/
|
|
|
|
item1->add($3);
|
|
|
|
$$ = $1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (is_cond_or($3))
|
2005-03-16 00:13:23 +00:00
|
|
|
{
|
2007-08-22 14:25:36 -06:00
|
|
|
item3= (Item_cond_or*) $3;
|
|
|
|
/*
|
|
|
|
X OR (Y1 OR Y2) ==> OR (X, Y1, Y2)
|
|
|
|
*/
|
|
|
|
item3->add_at_head($1);
|
|
|
|
$$ = $3;
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
|
|
|
else
|
2007-08-22 14:25:36 -06:00
|
|
|
{
|
|
|
|
/* X OR Y */
|
|
|
|
$$ = new (YYTHD->mem_root) Item_cond_or($1, $3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-22 14:25:36 -06:00
|
|
|
}
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
2007-08-22 14:25:36 -06:00
|
|
|
| expr XOR expr %prec XOR
|
|
|
|
{
|
|
|
|
/* XOR is a proprietary extension */
|
|
|
|
$$ = new (YYTHD->mem_root) Item_cond_xor($1, $3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-22 14:25:36 -06:00
|
|
|
}
|
|
|
|
| expr and expr %prec AND_SYM
|
2005-03-16 00:13:23 +00:00
|
|
|
{
|
2007-08-22 14:25:36 -06:00
|
|
|
/* See comments in rule expr: expr or expr */
|
|
|
|
Item_cond_and *item1;
|
|
|
|
Item_cond_and *item3;
|
|
|
|
if (is_cond_and($1))
|
2005-03-16 00:13:23 +00:00
|
|
|
{
|
2007-08-22 14:25:36 -06:00
|
|
|
item1= (Item_cond_and*) $1;
|
|
|
|
if (is_cond_and($3))
|
|
|
|
{
|
|
|
|
item3= (Item_cond_and*) $3;
|
|
|
|
/*
|
|
|
|
(X1 AND X2) AND (Y1 AND Y2) ==> AND (X1, X2, Y1, Y2)
|
|
|
|
*/
|
|
|
|
item3->add_at_head(item1->argument_list());
|
|
|
|
$$ = $3;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
(X1 AND X2) AND Y ==> AND (X1, X2, Y)
|
|
|
|
*/
|
|
|
|
item1->add($3);
|
|
|
|
$$ = $1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if (is_cond_and($3))
|
2005-03-16 00:13:23 +00:00
|
|
|
{
|
2007-08-22 14:25:36 -06:00
|
|
|
item3= (Item_cond_and*) $3;
|
|
|
|
/*
|
|
|
|
X AND (Y1 AND Y2) ==> AND (X, Y1, Y2)
|
|
|
|
*/
|
|
|
|
item3->add_at_head($1);
|
|
|
|
$$ = $3;
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
|
|
|
else
|
2007-08-22 14:25:36 -06:00
|
|
|
{
|
|
|
|
/* X AND Y */
|
|
|
|
$$ = new (YYTHD->mem_root) Item_cond_and($1, $3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-22 14:25:36 -06:00
|
|
|
}
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| NOT_SYM expr %prec NOT_SYM
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= negate_expression(YYTHD, $2);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bool_pri IS TRUE_SYM %prec IS
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_istrue($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bool_pri IS not TRUE_SYM %prec IS
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_isnottrue($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bool_pri IS FALSE_SYM %prec IS
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_isfalse($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bool_pri IS not FALSE_SYM %prec IS
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_isnotfalse($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bool_pri IS UNKNOWN_SYM %prec IS
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_isnull($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bool_pri IS not UNKNOWN_SYM %prec IS
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_isnotnull($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-02-12 17:20:41 -07:00
|
|
|
| bool_pri
|
|
|
|
;
|
2004-11-17 15:49:10 +00:00
|
|
|
|
|
|
|
bool_pri:
|
2007-08-28 15:56:12 -06:00
|
|
|
bool_pri IS NULL_SYM %prec IS
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_isnull($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bool_pri IS not NULL_SYM %prec IS
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_isnotnull($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bool_pri EQUAL_SYM predicate %prec EQUAL_SYM
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_equal($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| bool_pri comp_op predicate %prec EQ
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= (*$2)(0)->create($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| bool_pri comp_op all_or_any '(' subselect ')' %prec EQ
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= all_any_subquery_creator($1, $2, $3, $5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-10-25 21:19:28 -07:00
|
|
|
| predicate
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2004-11-17 15:49:10 +00:00
|
|
|
|
|
|
|
predicate:
|
2007-01-29 17:32:52 -07:00
|
|
|
bit_expr IN_SYM '(' subselect ')'
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_in_subselect($1, $4);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-01-29 17:32:52 -07:00
|
|
|
}
|
|
|
|
| bit_expr not IN_SYM '(' subselect ')'
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
Item *item= new (thd->mem_root) Item_in_subselect($1, $5);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-01-29 17:32:52 -07:00
|
|
|
$$= negate_expression(thd, item);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-01-29 17:32:52 -07:00
|
|
|
}
|
2006-08-31 18:00:25 +03:00
|
|
|
| bit_expr IN_SYM '(' expr ')'
|
|
|
|
{
|
2007-01-29 17:32:52 -07:00
|
|
|
$$= handle_sql2003_note184_exception(YYTHD, $1, true, $4);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-08-31 18:00:25 +03:00
|
|
|
}
|
2007-01-29 17:32:52 -07:00
|
|
|
| bit_expr IN_SYM '(' expr ',' expr_list ')'
|
|
|
|
{
|
|
|
|
$6->push_front($4);
|
|
|
|
$6->push_front($1);
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_in(*$6);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2005-07-16 18:06:34 -07:00
|
|
|
}
|
2006-08-31 18:00:25 +03:00
|
|
|
| bit_expr not IN_SYM '(' expr ')'
|
2005-07-16 18:06:34 -07:00
|
|
|
{
|
2007-01-29 17:32:52 -07:00
|
|
|
$$= handle_sql2003_note184_exception(YYTHD, $1, false, $5);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-08-31 18:00:25 +03:00
|
|
|
}
|
2007-01-29 17:32:52 -07:00
|
|
|
| bit_expr not IN_SYM '(' expr ',' expr_list ')'
|
2006-08-31 18:00:25 +03:00
|
|
|
{
|
2007-01-29 17:32:52 -07:00
|
|
|
$7->push_front($5);
|
|
|
|
$7->push_front($1);
|
|
|
|
Item_func_in *item = new (YYTHD->mem_root) Item_func_in(*$7);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-01-29 17:32:52 -07:00
|
|
|
item->negate();
|
|
|
|
$$= item;
|
2005-07-16 18:06:34 -07:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| bit_expr BETWEEN_SYM bit_expr AND_SYM predicate
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_between($1,$3,$5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| bit_expr not BETWEEN_SYM bit_expr AND_SYM predicate
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item_func_between *item;
|
|
|
|
item= new (YYTHD->mem_root) Item_func_between($1,$4,$6);
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
item->negate();
|
|
|
|
$$= item;
|
|
|
|
}
|
|
|
|
| bit_expr SOUNDS_SYM LIKE bit_expr
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *item1= new (YYTHD->mem_root) Item_func_soundex($1);
|
|
|
|
Item *item4= new (YYTHD->mem_root) Item_func_soundex($4);
|
|
|
|
if ((item1 == NULL) || (item4 == NULL))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_eq(item1, item4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| bit_expr LIKE simple_expr opt_escape
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_like($1,$3,$4,Lex->escape_used);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| bit_expr not LIKE simple_expr opt_escape
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
Item *item= new (YYTHD->mem_root) Item_func_like($1,$4,$5,
|
|
|
|
Lex->escape_used);
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_not(item);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| bit_expr REGEXP bit_expr
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_regex($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| bit_expr not REGEXP bit_expr
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
Item *item= new (YYTHD->mem_root) Item_func_regex($1,$4);
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$= negate_expression(YYTHD, item);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| bit_expr
|
|
|
|
;
|
2004-11-17 15:49:10 +00:00
|
|
|
|
|
|
|
bit_expr:
|
2007-08-28 15:56:12 -06:00
|
|
|
bit_expr '|' bit_expr %prec '|'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_bit_or($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr '&' bit_expr %prec '&'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_bit_and($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr SHIFT_LEFT bit_expr %prec SHIFT_LEFT
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_shift_left($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr SHIFT_RIGHT bit_expr %prec SHIFT_RIGHT
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_shift_right($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr '+' bit_expr %prec '+'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_plus($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr '-' bit_expr %prec '-'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_minus($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-11-30 09:34:25 -02:00
|
|
|
| bit_expr '+' INTERVAL_SYM expr interval %prec '+'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($1,$4,$5,0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-11-30 09:34:25 -02:00
|
|
|
| bit_expr '-' INTERVAL_SYM expr interval %prec '-'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($1,$4,$5,1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr '*' bit_expr %prec '*'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_mul($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr '/' bit_expr %prec '/'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_div($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr '%' bit_expr %prec '%'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_mod($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr DIV_SYM bit_expr %prec DIV_SYM
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_int_div($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr MOD_SYM bit_expr %prec MOD_SYM
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_mod($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-28 15:56:12 -06:00
|
|
|
| bit_expr '^' bit_expr
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_bit_xor($1,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| simple_expr
|
|
|
|
;
|
|
|
|
|
|
|
|
or:
|
|
|
|
OR_SYM
|
|
|
|
| OR2_SYM
|
|
|
|
;
|
|
|
|
|
|
|
|
and:
|
|
|
|
AND_SYM
|
|
|
|
| AND_AND_SYM
|
|
|
|
;
|
|
|
|
|
|
|
|
not:
|
|
|
|
NOT_SYM
|
|
|
|
| NOT2_SYM
|
|
|
|
;
|
|
|
|
|
|
|
|
not2:
|
|
|
|
'!'
|
|
|
|
| NOT2_SYM
|
|
|
|
;
|
2002-11-07 23:45:19 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
comp_op:
|
|
|
|
EQ { $$ = &comp_eq_creator; }
|
|
|
|
| GE { $$ = &comp_ge_creator; }
|
|
|
|
| GT_SYM { $$ = &comp_gt_creator; }
|
|
|
|
| LE { $$ = &comp_le_creator; }
|
|
|
|
| LT { $$ = &comp_lt_creator; }
|
|
|
|
| NE { $$ = &comp_ne_creator; }
|
|
|
|
;
|
2002-11-07 23:45:19 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
all_or_any:
|
|
|
|
ALL { $$ = 1; }
|
|
|
|
| ANY_SYM { $$ = 0; }
|
2002-11-07 23:45:19 +02:00
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
simple_expr:
|
2007-08-14 20:31:06 -06:00
|
|
|
simple_ident
|
2006-11-02 11:01:53 -07:00
|
|
|
| function_call_keyword
|
|
|
|
| function_call_nonkeyword
|
|
|
|
| function_call_generic
|
|
|
|
| function_call_conflict
|
2007-08-14 20:31:06 -06:00
|
|
|
| simple_expr COLLATE_SYM ident_or_text %prec NEG
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
Item *i1= new (thd->mem_root) Item_string($3.str,
|
|
|
|
$3.length,
|
|
|
|
thd->charset());
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (i1 == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= new (thd->mem_root) Item_func_set_collation($1, i1);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| literal
|
|
|
|
| param_marker
|
|
|
|
| variable
|
|
|
|
| sum_expr
|
|
|
|
| simple_expr OR_OR_SYM simple_expr
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_concat($1, $3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
| '+' simple_expr %prec NEG
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= $2;
|
|
|
|
}
|
|
|
|
| '-' simple_expr %prec NEG
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_neg($2);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| '~' simple_expr %prec NEG
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_bit_neg($2);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| not2 simple_expr %prec NEG
|
|
|
|
{
|
|
|
|
$$= negate_expression(YYTHD, $2);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| '(' subselect ')'
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_singlerow_subselect($2);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| '(' expr ')'
|
|
|
|
{ $$= $2; }
|
|
|
|
| '(' expr ',' expr_list ')'
|
|
|
|
{
|
|
|
|
$4->push_front($2);
|
|
|
|
$$= new (YYTHD->mem_root) Item_row(*$4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| ROW_SYM '(' expr ',' expr_list ')'
|
|
|
|
{
|
|
|
|
$5->push_front($3);
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= new (YYTHD->mem_root) Item_row(*$5);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| EXISTS '(' subselect ')'
|
2006-08-31 18:00:25 +03:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root) Item_exists_subselect($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-08-31 18:00:25 +03:00
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
| '{' ident expr '}'
|
|
|
|
{ $$= $3; }
|
2004-11-17 15:49:10 +00:00
|
|
|
| MATCH ident_list_arg AGAINST '(' bit_expr fulltext_options ')'
|
2006-11-02 11:01:53 -07:00
|
|
|
{
|
|
|
|
$2->push_front($5);
|
|
|
|
Item_func_match *i1= new (YYTHD->mem_root) Item_func_match(*$2, $6);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (i1 == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Select->add_ftfunc_to_list(i1);
|
|
|
|
$$= i1;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| BINARY simple_expr %prec NEG
|
|
|
|
{
|
2007-05-11 13:07:53 +05:00
|
|
|
$$= create_func_cast(YYTHD, $2, ITEM_CAST_CHAR, NULL, NULL,
|
2006-11-02 11:01:53 -07:00
|
|
|
&my_charset_bin);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| CAST_SYM '(' expr AS cast_type ')'
|
|
|
|
{
|
2005-02-09 02:50:45 +04:00
|
|
|
LEX *lex= Lex;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= create_func_cast(YYTHD, $3, $5, lex->length, lex->dec,
|
2005-02-09 02:50:45 +04:00
|
|
|
lex->charset);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| CASE_SYM opt_expr when_list opt_else END
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_case(* $3, $2, $4 );
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CONVERT_SYM '(' expr ',' cast_type ')'
|
|
|
|
{
|
|
|
|
$$= create_func_cast(YYTHD, $3, $5, Lex->length, Lex->dec,
|
2007-05-11 13:07:53 +05:00
|
|
|
Lex->charset);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| CONVERT_SYM '(' expr USING charset_name ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_conv_charset($3,$5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DEFAULT '(' simple_ident ')'
|
|
|
|
{
|
|
|
|
if ($3->is_splocal())
|
|
|
|
{
|
|
|
|
Item_splocal *il= static_cast<Item_splocal *>($3);
|
|
|
|
|
|
|
|
my_error(ER_WRONG_COLUMN_NAME, MYF(0), il->my_name()->str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
$$= new (YYTHD->mem_root) Item_default_value(Lex->current_context(),
|
2006-11-02 11:01:53 -07:00
|
|
|
$3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| VALUES '(' simple_ident_nospvar ')'
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_insert_value(Lex->current_context(),
|
|
|
|
$3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2007-11-30 09:34:25 -02:00
|
|
|
| INTERVAL_SYM expr interval '+' expr %prec INTERVAL_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
/* we cannot put interval before - */
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($5,$2,$3,0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-11-02 11:01:53 -07:00
|
|
|
;
|
|
|
|
|
|
|
|
/*
|
|
|
|
Function call syntax using official SQL 2003 keywords.
|
|
|
|
Because the function name is an official token,
|
|
|
|
a dedicated grammar rule is needed in the parser.
|
|
|
|
There is no potential for conflicts
|
|
|
|
*/
|
|
|
|
function_call_keyword:
|
2007-08-14 20:31:06 -06:00
|
|
|
CHAR_SYM '(' expr_list ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_char(*$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CHAR_SYM '(' expr_list USING charset_name ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_char(*$3, $5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CURRENT_USER optional_braces
|
2006-07-02 14:35:45 +04:00
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_current_user(Lex->current_context());
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-10-31 21:09:52 +01:00
|
|
|
Lex->set_stmt_unsafe();
|
2006-07-02 14:35:45 +04:00
|
|
|
Lex->safe_to_cache_query= 0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DATE_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_typecast($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DAY_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_dayofmonth($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| HOUR_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_hour($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| INSERT '(' expr ',' expr ',' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_insert($3,$5,$7,$9);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-11-30 09:34:25 -02:00
|
|
|
| INTERVAL_SYM '(' expr ',' expr ')' %prec INTERVAL_SYM
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
List<Item> *list= new (thd->mem_root) List<Item>;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (list == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-11-30 09:34:25 -02:00
|
|
|
list->push_front($5);
|
|
|
|
list->push_front($3);
|
|
|
|
Item_row *item= new (thd->mem_root) Item_row(*list);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-11-30 09:34:25 -02:00
|
|
|
$$= new (thd->mem_root) Item_func_interval(item);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-11-30 09:34:25 -02:00
|
|
|
}
|
|
|
|
| INTERVAL_SYM '(' expr ',' expr ',' expr_list ')' %prec INTERVAL_SYM
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
$7->push_front($5);
|
|
|
|
$7->push_front($3);
|
|
|
|
Item_row *item= new (thd->mem_root) Item_row(*$7);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-11-30 09:34:25 -02:00
|
|
|
$$= new (thd->mem_root) Item_func_interval(item);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-11-30 09:34:25 -02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| LEFT '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_left($3,$5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MINUTE_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_minute($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MONTH_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_month($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| RIGHT '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_right($3,$5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SECOND_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_second($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TIME_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_time_typecast($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TIMESTAMP '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_datetime_typecast($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TIMESTAMP '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_add_time($3, $5, 1, 0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRIM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_trim($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRIM '(' LEADING expr FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_ltrim($6,$4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRIM '(' TRAILING expr FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_rtrim($6,$4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRIM '(' BOTH expr FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_trim($6,$4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRIM '(' LEADING FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_ltrim($5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRIM '(' TRAILING FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_rtrim($5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRIM '(' BOTH FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_trim($5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRIM '(' expr FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_trim($5,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| USER '(' ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_user();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-10-31 21:09:52 +01:00
|
|
|
Lex->set_stmt_unsafe();
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
2003-01-26 20:01:45 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| YEAR_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_year($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-11-02 11:01:53 -07:00
|
|
|
;
|
|
|
|
|
|
|
|
/*
|
|
|
|
Function calls using non reserved keywords, with special syntaxic forms.
|
|
|
|
Dedicated grammar rules are needed because of the syntax,
|
|
|
|
but also have the potential to cause incompatibilities with other
|
|
|
|
parts of the language.
|
|
|
|
MAINTAINER:
|
|
|
|
The only reasons a function should be added here are:
|
|
|
|
- for compatibility reasons with another SQL syntax (CURDATE),
|
|
|
|
- for typing reasons (GET_FORMAT)
|
|
|
|
Any other 'Syntaxic sugar' enhancements should be *STRONGLY*
|
|
|
|
discouraged.
|
|
|
|
*/
|
|
|
|
function_call_nonkeyword:
|
2007-08-14 20:31:06 -06:00
|
|
|
ADDDATE_SYM '(' expr ',' expr ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($3, $5,
|
|
|
|
INTERVAL_DAY, 0);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ADDDATE_SYM '(' expr ',' INTERVAL_SYM expr interval ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($3, $6, $7, 0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CURDATE optional_braces
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_curdate_local();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CURTIME optional_braces
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_curtime_local();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CURTIME '(' expr ')'
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_curtime_local($3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
| DATE_ADD_INTERVAL '(' expr ',' INTERVAL_SYM expr interval ')'
|
|
|
|
%prec INTERVAL_SYM
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($3,$6,$7,0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| DATE_SUB_INTERVAL '(' expr ',' INTERVAL_SYM expr interval ')'
|
|
|
|
%prec INTERVAL_SYM
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($3,$6,$7,1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| EXTRACT_SYM '(' interval FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$=new (YYTHD->mem_root) Item_extract( $3, $5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| GET_FORMAT '(' date_time_type ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_get_format($3, $5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| NOW_SYM optional_braces
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_now_local();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| NOW_SYM '(' expr ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_now_local($3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| POSITION_SYM '(' bit_expr IN_SYM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$ = new (YYTHD->mem_root) Item_func_locate($5,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SUBDATE_SYM '(' expr ',' expr ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($3, $5,
|
|
|
|
INTERVAL_DAY, 1);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SUBDATE_SYM '(' expr ',' INTERVAL_SYM expr interval ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($3, $6, $7, 1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SUBSTRING '(' expr ',' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_substr($3,$5,$7);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SUBSTRING '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_substr($3,$5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SUBSTRING '(' expr FROM expr FOR_SYM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_substr($3,$5,$7);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SUBSTRING '(' expr FROM expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_substr($3,$5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SYSDATE optional_braces
|
2006-03-10 16:47:56 +02:00
|
|
|
{
|
|
|
|
if (global_system_variables.sysdate_is_now == 0)
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_sysdate_local();
|
|
|
|
else
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_now_local();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-03-10 16:47:56 +02:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SYSDATE '(' expr ')'
|
2006-03-10 16:47:56 +02:00
|
|
|
{
|
|
|
|
if (global_system_variables.sysdate_is_now == 0)
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_sysdate_local($3);
|
|
|
|
else
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_now_local($3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-03-10 16:47:56 +02:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
2008-02-25 13:40:43 +03:00
|
|
|
| TIMESTAMP_ADD '(' interval_time_stamp ',' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_date_add_interval($7,$5,$3,0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2008-02-25 13:40:43 +03:00
|
|
|
| TIMESTAMP_DIFF '(' interval_time_stamp ',' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_timestamp_diff($5,$7,$3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| UTC_DATE_SYM optional_braces
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_curdate_utc();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| UTC_TIME_SYM optional_braces
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_curtime_utc();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| UTC_TIMESTAMP_SYM optional_braces
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_now_utc();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2006-11-02 11:01:53 -07:00
|
|
|
/*
|
2006-12-04 16:31:30 -07:00
|
|
|
Functions calls using a non reserved keyword, and using a regular syntax.
|
2006-11-02 11:01:53 -07:00
|
|
|
Because the non reserved keyword is used in another part of the grammar,
|
|
|
|
a dedicated rule is needed here.
|
|
|
|
*/
|
|
|
|
function_call_conflict:
|
2007-08-14 20:31:06 -06:00
|
|
|
ASCII_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_ascii($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CHARSET '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_charset($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| COALESCE '(' expr_list ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_coalesce(* $3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| COLLATION_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_collation($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DATABASE '(' ')'
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_database();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
Lex->safe_to_cache_query=0;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| IF '(' expr ',' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_if($3,$5,$7);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MICROSECOND_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_microsecond($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MOD_SYM '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$ = new (YYTHD->mem_root) Item_func_mod($3, $5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| OLD_PASSWORD '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_old_password($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| PASSWORD '(' expr ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
Item* i1;
|
|
|
|
if (thd->variables.old_passwords)
|
|
|
|
i1= new (thd->mem_root) Item_func_old_password($3);
|
|
|
|
else
|
|
|
|
i1= new (thd->mem_root) Item_func_password($3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (i1 == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= i1;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| QUARTER_SYM '(' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$ = new (YYTHD->mem_root) Item_func_quarter($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| REPEAT_SYM '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_repeat($3,$5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| REPLACE '(' expr ',' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_replace($3,$5,$7);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TRUNCATE_SYM '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_round($3,$5,1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| WEEK_SYM '(' expr ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
Item *i1= new (thd->mem_root) Item_int((char*) "0",
|
|
|
|
thd->variables.default_week_format,
|
|
|
|
1);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (i1 == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= new (thd->mem_root) Item_func_week($3, i1);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| WEEK_SYM '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_func_week($3,$5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-11-02 11:01:53 -07:00
|
|
|
| geometry_function
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
#ifdef HAVE_SPATIAL
|
|
|
|
$$= $1;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
/* $1 may be NULL, GEOM_NEW not tested for out of memory */
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
#else
|
|
|
|
my_error(ER_FEATURE_DISABLED, MYF(0),
|
|
|
|
sym_group_geom.name, sym_group_geom.needed_define);
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
geometry_function:
|
2007-08-14 20:31:06 -06:00
|
|
|
CONTAINS_SYM '(' expr ',' expr ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= GEOM_NEW(YYTHD,
|
|
|
|
Item_func_spatial_rel($3, $5,
|
|
|
|
Item_func::SP_CONTAINS_FUNC));
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| GEOMETRYCOLLECTION '(' expr_list ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= GEOM_NEW(YYTHD,
|
|
|
|
Item_func_spatial_collection(* $3,
|
|
|
|
Geometry::wkb_geometrycollection,
|
|
|
|
Geometry::wkb_point));
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| LINESTRING '(' expr_list ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= GEOM_NEW(YYTHD,
|
|
|
|
Item_func_spatial_collection(* $3,
|
|
|
|
Geometry::wkb_linestring,
|
|
|
|
Geometry::wkb_point));
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MULTILINESTRING '(' expr_list ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= GEOM_NEW(YYTHD,
|
|
|
|
Item_func_spatial_collection(* $3,
|
|
|
|
Geometry::wkb_multilinestring,
|
|
|
|
Geometry::wkb_linestring));
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MULTIPOINT '(' expr_list ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= GEOM_NEW(YYTHD,
|
|
|
|
Item_func_spatial_collection(* $3,
|
|
|
|
Geometry::wkb_multipoint,
|
|
|
|
Geometry::wkb_point));
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MULTIPOLYGON '(' expr_list ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= GEOM_NEW(YYTHD,
|
|
|
|
Item_func_spatial_collection(* $3,
|
|
|
|
Geometry::wkb_multipolygon,
|
|
|
|
Geometry::wkb_polygon));
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| POINT_SYM '(' expr ',' expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= GEOM_NEW(YYTHD, Item_func_point($3,$5));
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| POLYGON '(' expr_list ')'
|
|
|
|
{
|
2006-11-02 11:01:53 -07:00
|
|
|
$$= GEOM_NEW(YYTHD,
|
|
|
|
Item_func_spatial_collection(* $3,
|
2007-08-14 20:31:06 -06:00
|
|
|
Geometry::wkb_polygon,
|
2006-11-02 11:01:53 -07:00
|
|
|
Geometry::wkb_linestring));
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
/*
|
|
|
|
Regular function calls.
|
|
|
|
The function name is *not* a token, and therefore is guaranteed to not
|
|
|
|
introduce side effects to the language in general.
|
|
|
|
MAINTAINER:
|
|
|
|
All the new functions implemented for new features should fit into
|
|
|
|
this category. The place to implement the function itself is
|
|
|
|
in sql/item_create.cc
|
|
|
|
*/
|
|
|
|
function_call_generic:
|
2007-08-14 20:31:06 -06:00
|
|
|
IDENT_sys '('
|
2006-11-02 11:01:53 -07:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
#ifdef HAVE_DLOPEN
|
|
|
|
udf_func *udf= 0;
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (using_udf_functions &&
|
|
|
|
(udf= find_udf($1.str, $1.length)) &&
|
|
|
|
udf->type == UDFTYPE_AGGREGATE)
|
2005-09-20 14:28:23 +05:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->current_select->inc_in_sum_expr())
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-09-20 14:28:23 +05:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Temporary placing the result of find_udf in $3 */
|
|
|
|
$<udf>$= udf;
|
2005-09-20 14:28:23 +05:00
|
|
|
#endif
|
|
|
|
}
|
2007-08-22 15:38:32 -06:00
|
|
|
opt_udf_expr_list ')'
|
2005-09-20 14:28:23 +05:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
Create_func *builder;
|
|
|
|
Item *item= NULL;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
Implementation note:
|
|
|
|
names are resolved with the following order:
|
|
|
|
- MySQL native functions,
|
|
|
|
- User Defined Functions,
|
|
|
|
- Stored Functions (assuming the current <use> database)
|
2006-11-02 11:01:53 -07:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
This will be revised with WL#2128 (SQL PATH)
|
|
|
|
*/
|
|
|
|
builder= find_native_function_builder(thd, $1);
|
|
|
|
if (builder)
|
|
|
|
{
|
|
|
|
item= builder->create(thd, $1, $4);
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
|
|
|
else
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
#ifdef HAVE_DLOPEN
|
|
|
|
/* Retrieving the result of find_udf */
|
|
|
|
udf_func *udf= $<udf>3;
|
|
|
|
|
|
|
|
if (udf)
|
|
|
|
{
|
|
|
|
if (udf->type == UDFTYPE_AGGREGATE)
|
|
|
|
{
|
|
|
|
Select->in_sum_expr--;
|
|
|
|
}
|
|
|
|
|
|
|
|
item= Create_udf_func::s_singleton.create(thd, udf, $4);
|
|
|
|
}
|
|
|
|
else
|
2006-11-02 11:01:53 -07:00
|
|
|
#endif
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
builder= find_qualified_function_builder(thd);
|
|
|
|
DBUG_ASSERT(builder);
|
|
|
|
item= builder->create(thd, $1, $4);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (! ($$= item))
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
2006-11-02 11:01:53 -07:00
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ident '.' ident '(' opt_expr_list ')'
|
2006-11-02 11:01:53 -07:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
Create_qfunc *builder;
|
|
|
|
Item *item= NULL;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
The following in practice calls:
|
|
|
|
<code>Create_sp_func::create()</code>
|
|
|
|
and builds a stored function.
|
|
|
|
|
|
|
|
However, it's important to maintain the interface between the
|
|
|
|
parser and the implementation in item_create.cc clean,
|
|
|
|
since this will change with WL#2128 (SQL PATH):
|
|
|
|
- INFORMATION_SCHEMA.version() is the SQL 99 syntax for the native
|
|
|
|
function version(),
|
|
|
|
- MySQL.version() is the SQL 2003 syntax for the native function
|
|
|
|
version() (a vendor can specify any schema).
|
|
|
|
*/
|
2006-11-02 11:01:53 -07:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
builder= find_qualified_function_builder(thd);
|
|
|
|
DBUG_ASSERT(builder);
|
|
|
|
item= builder->create(thd, $1, $3, true, $5);
|
2006-11-02 11:01:53 -07:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (! ($$= item))
|
|
|
|
{
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-11-02 11:01:53 -07:00
|
|
|
}
|
|
|
|
;
|
2004-01-15 21:06:22 +04:00
|
|
|
|
2003-10-22 17:57:09 +02:00
|
|
|
fulltext_options:
|
2006-02-14 13:19:54 +01:00
|
|
|
opt_natural_language_mode opt_query_expansion
|
|
|
|
{ $$= $1 | $2; }
|
|
|
|
| IN_SYM BOOLEAN_SYM MODE_SYM
|
|
|
|
{ $$= FT_BOOL; }
|
|
|
|
;
|
|
|
|
|
|
|
|
opt_natural_language_mode:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* nothing */ { $$= FT_NL; }
|
2006-02-14 13:19:54 +01:00
|
|
|
| IN_SYM NATURAL LANGUAGE_SYM MODE_SYM { $$= FT_NL; }
|
|
|
|
;
|
|
|
|
|
|
|
|
opt_query_expansion:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* nothing */ { $$= 0; }
|
2006-02-14 13:19:54 +01:00
|
|
|
| WITH QUERY_SYM EXPANSION_SYM { $$= FT_EXPAND; }
|
2003-10-22 17:57:09 +02:00
|
|
|
;
|
|
|
|
|
2007-08-22 15:38:32 -06:00
|
|
|
opt_udf_expr_list:
|
|
|
|
/* empty */ { $$= NULL; }
|
|
|
|
| udf_expr_list { $$= $1; }
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
udf_expr_list:
|
2007-08-22 15:38:32 -06:00
|
|
|
udf_expr
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) List<Item>;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-22 15:38:32 -06:00
|
|
|
$$->push_back($1);
|
|
|
|
}
|
|
|
|
| udf_expr_list ',' udf_expr
|
|
|
|
{
|
|
|
|
$1->push_back($3);
|
|
|
|
$$= $1;
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
udf_expr:
|
2007-08-14 20:31:06 -06:00
|
|
|
remember_name expr remember_end select_alias
|
2005-06-21 20:30:48 +03:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
Use Item::name as a storage for the attribute value of user
|
|
|
|
defined function argument. It is safe to use Item::name
|
|
|
|
because the syntax will not allow having an explicit name here.
|
|
|
|
See WL#1017 re. udf attributes.
|
|
|
|
*/
|
|
|
|
if ($4.str)
|
|
|
|
{
|
|
|
|
$2->is_autogenerated_name= FALSE;
|
|
|
|
$2->set_name($4.str, $4.length, system_charset_info);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
$2->set_name($1, (uint) ($3 - $1), YYTHD->charset());
|
|
|
|
$$= $2;
|
2005-06-21 20:30:48 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
sum_expr:
|
2007-08-14 20:31:06 -06:00
|
|
|
AVG_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_avg($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| AVG_SYM '(' DISTINCT in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_avg_distinct($4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| BIT_AND '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_and($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| BIT_OR '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_or($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| BIT_XOR '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_xor($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| COUNT_SYM '(' opt_all '*' ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
Item *item= new (YYTHD->mem_root) Item_int((int32) 0L,1);
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_count(item);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| COUNT_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_count($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| COUNT_SYM '(' DISTINCT
|
|
|
|
{ Select->in_sum_expr++; }
|
|
|
|
expr_list
|
|
|
|
{ Select->in_sum_expr--; }
|
|
|
|
')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_count_distinct(* $5);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MIN_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_min($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
According to ANSI SQL, DISTINCT is allowed and has
|
|
|
|
no sense inside MIN and MAX grouping functions; so MIN|MAX(DISTINCT ...)
|
|
|
|
is processed like an ordinary MIN | MAX()
|
|
|
|
*/
|
|
|
|
| MIN_SYM '(' DISTINCT in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_min($4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MAX_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_max($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| MAX_SYM '(' DISTINCT in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_max($4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| STD_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_std($3, 0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| VARIANCE_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_variance($3, 0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| STDDEV_SAMP_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_std($3, 1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| VAR_SAMP_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_variance($3, 1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SUM_SYM '(' in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_sum($3);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SUM_SYM '(' DISTINCT in_sum_expr ')'
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_sum_sum_distinct($4);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| GROUP_CONCAT_SYM '(' opt_distinct
|
|
|
|
{ Select->in_sum_expr++; }
|
|
|
|
expr_list opt_gorder_clause
|
|
|
|
opt_gconcat_separator
|
|
|
|
')'
|
|
|
|
{
|
2005-07-01 07:05:42 +03:00
|
|
|
SELECT_LEX *sel= Select;
|
2007-08-14 20:31:06 -06:00
|
|
|
sel->in_sum_expr--;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root)
|
|
|
|
Item_func_group_concat(Lex->current_context(), $3, $5,
|
|
|
|
sel->gorder_list, $7);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$5->empty();
|
|
|
|
}
|
|
|
|
;
|
2003-03-18 04:07:40 +05:00
|
|
|
|
2006-10-12 18:02:57 +04:00
|
|
|
variable:
|
|
|
|
'@'
|
|
|
|
{
|
|
|
|
if (! Lex->parsing_options.allows_variable)
|
|
|
|
{
|
|
|
|
my_error(ER_VIEW_SELECT_VARIABLE, MYF(0));
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-10-12 18:02:57 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
variable_aux
|
|
|
|
{
|
|
|
|
$$= $3;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2006-10-12 18:02:57 +04:00
|
|
|
|
|
|
|
variable_aux:
|
|
|
|
ident_or_text SET_VAR expr
|
|
|
|
{
|
2008-09-18 13:38:44 +05:00
|
|
|
Item_func_set_user_var *item;
|
|
|
|
$$= item= new (YYTHD->mem_root) Item_func_set_user_var($1, $3);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-10-12 18:02:57 +04:00
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->uncacheable(UNCACHEABLE_RAND);
|
2008-09-18 13:38:44 +05:00
|
|
|
lex->set_var_list.push_back(item);
|
2006-10-12 18:02:57 +04:00
|
|
|
}
|
|
|
|
| ident_or_text
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root) Item_func_get_user_var($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2006-10-12 18:02:57 +04:00
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->uncacheable(UNCACHEABLE_RAND);
|
|
|
|
}
|
|
|
|
| '@' opt_var_ident_type ident_or_text opt_component
|
|
|
|
{
|
2008-03-07 13:59:36 +01:00
|
|
|
/* disallow "SELECT @@global.global.variable" */
|
2006-10-12 18:02:57 +04:00
|
|
|
if ($3.str && $4.str && check_reserved_words(&$3))
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
2006-10-12 18:02:57 +04:00
|
|
|
}
|
|
|
|
if (!($$= get_system_var(YYTHD, $2, $3, $4)))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2008-03-07 13:59:36 +01:00
|
|
|
if (!((Item_func_get_system_var*) $$)->is_written_to_binlog())
|
|
|
|
Lex->set_stmt_unsafe();
|
2006-10-12 18:02:57 +04:00
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2003-03-18 04:07:40 +05:00
|
|
|
opt_distinct:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$ = 0; }
|
|
|
|
| DISTINCT { $$ = 1; }
|
|
|
|
;
|
2003-03-18 04:07:40 +05:00
|
|
|
|
|
|
|
opt_gconcat_separator:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) String(",", 1, &my_charset_latin1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SEPARATOR_SYM text_string { $$ = $2; }
|
|
|
|
;
|
2003-03-18 04:07:40 +05:00
|
|
|
|
|
|
|
opt_gorder_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{
|
2004-04-05 13:56:05 +03:00
|
|
|
Select->gorder_list = NULL;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| order_clause
|
2003-10-12 17:56:05 +03:00
|
|
|
{
|
2004-04-05 13:56:05 +03:00
|
|
|
SELECT_LEX *select= Select;
|
|
|
|
select->gorder_list=
|
2007-08-14 20:31:06 -06:00
|
|
|
(SQL_LIST*) sql_memdup((char*) &select->order_list,
|
|
|
|
sizeof(st_sql_list));
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (select->gorder_list == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
select->order_list.empty();
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
in_sum_expr:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_all
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->current_select->inc_in_sum_expr())
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
expr
|
|
|
|
{
|
|
|
|
Select->in_sum_expr--;
|
|
|
|
$$= $3;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-01-22 22:13:24 +02:00
|
|
|
cast_type:
|
2008-04-01 12:19:20 -04:00
|
|
|
BINARY opt_field_length
|
2007-08-14 20:31:06 -06:00
|
|
|
{ $$=ITEM_CAST_CHAR; Lex->charset= &my_charset_bin; Lex->dec= 0; }
|
2008-04-01 12:19:20 -04:00
|
|
|
| CHAR_SYM opt_field_length opt_binary
|
2007-08-14 20:31:06 -06:00
|
|
|
{ $$=ITEM_CAST_CHAR; Lex->dec= 0; }
|
2008-04-01 12:19:20 -04:00
|
|
|
| NCHAR_SYM opt_field_length
|
2007-08-14 20:31:06 -06:00
|
|
|
{ $$=ITEM_CAST_CHAR; Lex->charset= national_charset_info; Lex->dec=0; }
|
|
|
|
| SIGNED_SYM
|
|
|
|
{ $$=ITEM_CAST_SIGNED_INT; Lex->charset= NULL; Lex->dec=Lex->length= (char*)0; }
|
|
|
|
| SIGNED_SYM INT_SYM
|
|
|
|
{ $$=ITEM_CAST_SIGNED_INT; Lex->charset= NULL; Lex->dec=Lex->length= (char*)0; }
|
|
|
|
| UNSIGNED
|
|
|
|
{ $$=ITEM_CAST_UNSIGNED_INT; Lex->charset= NULL; Lex->dec=Lex->length= (char*)0; }
|
|
|
|
| UNSIGNED INT_SYM
|
|
|
|
{ $$=ITEM_CAST_UNSIGNED_INT; Lex->charset= NULL; Lex->dec=Lex->length= (char*)0; }
|
|
|
|
| DATE_SYM
|
|
|
|
{ $$=ITEM_CAST_DATE; Lex->charset= NULL; Lex->dec=Lex->length= (char*)0; }
|
|
|
|
| TIME_SYM
|
|
|
|
{ $$=ITEM_CAST_TIME; Lex->charset= NULL; Lex->dec=Lex->length= (char*)0; }
|
|
|
|
| DATETIME
|
|
|
|
{ $$=ITEM_CAST_DATETIME; Lex->charset= NULL; Lex->dec=Lex->length= (char*)0; }
|
|
|
|
| DECIMAL_SYM float_options
|
|
|
|
{ $$=ITEM_CAST_DECIMAL; Lex->charset= NULL; }
|
|
|
|
;
|
2003-08-21 14:15:25 +05:00
|
|
|
|
2006-10-24 15:26:41 +03:00
|
|
|
opt_expr_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= NULL; }
|
|
|
|
| expr_list { $$= $1;}
|
|
|
|
;
|
2006-11-02 11:01:53 -07:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
expr_list:
|
2007-08-22 15:38:32 -06:00
|
|
|
expr
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) List<Item>;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-22 15:38:32 -06:00
|
|
|
$$->push_back($1);
|
|
|
|
}
|
|
|
|
| expr_list ',' expr
|
|
|
|
{
|
|
|
|
$1->push_back($3);
|
|
|
|
$$= $1;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-10-09 14:53:54 +02:00
|
|
|
ident_list_arg:
|
|
|
|
ident_list { $$= $1; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| '(' ident_list ')' { $$= $2; }
|
|
|
|
;
|
2001-10-09 14:53:54 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
ident_list:
|
2007-08-22 15:38:32 -06:00
|
|
|
simple_ident
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) List<Item>;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-22 15:38:32 -06:00
|
|
|
$$->push_back($1);
|
|
|
|
}
|
|
|
|
| ident_list ',' simple_ident
|
|
|
|
{
|
|
|
|
$1->push_back($3);
|
|
|
|
$$= $1;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_expr:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= NULL; }
|
|
|
|
| expr { $$= $1; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_else:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= NULL; }
|
|
|
|
| ELSE expr { $$= $2; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
when_list:
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
WHEN_SYM expr THEN_SYM expr
|
|
|
|
{
|
|
|
|
$$= new List<Item>;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)
Note to the reviewer
====================
Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).
Definitions
===========
The expression
CASE expr
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Simple Case Expression".
The expression
CASE
WHEN expr THEN expr
WHEN expr THEN expr
...
END
is a "Searched Case Expression".
The statement
CASE expr
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Simple Case Statement".
The statement
CASE
WHEN expr THEN stmts
WHEN expr THEN stmts
...
END CASE
is a "Searched Case Statement".
A "Left Recursive" rule is like
list:
element
| list element
;
A "Right Recursive" rule is like
list:
element
| element list
;
Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.
In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.
Before this change
==================
The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).
These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.
The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).
The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.
In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.
With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.
The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.
In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
which create a sting representation of the code which is 500 000 bytes
long,
- using a String instead of an io stream causes performances to degrade
to a total server freeze, as time is spent doing realloc of a buffer
always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
#ifdef / #endif is useful in some cases, but is also a bad practice.
After this change
=================
"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.
Considering all the issues affecting case statements, the grammar for these
has been totally re written.
The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:
a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.
b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.
In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.
The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.
The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).
Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.
2006-11-17 12:14:29 -07:00
|
|
|
$$->push_back($2);
|
|
|
|
$$->push_back($4);
|
|
|
|
}
|
|
|
|
| when_list WHEN_SYM expr THEN_SYM expr
|
|
|
|
{
|
|
|
|
$1->push_back($3);
|
|
|
|
$1->push_back($5);
|
|
|
|
$$= $1;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-03-16 00:13:23 +00:00
|
|
|
/* Warning - may return NULL in case of incomplete SELECT */
|
2004-11-11 19:01:46 -08:00
|
|
|
table_ref:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_factor { $$=$1; }
|
Bug#21462 (Stored procedures with no arguments require parenthesis)
The syntax of the CALL statement, to invoke a stored procedure, has been
changed to make the use of parenthesis optional in the argument list.
With this change, "CALL p;" is equivalent to "CALL p();".
While the SQL spec does not explicitely mandate this syntax, supporting it
is needed for practical reasons, for integration with JDBC / ODBC connectors.
Also, warnings in the sql/sql_yacc.yy file, which were not reported by Bison 2.1
but are now reported by Bison 2.2, have been fixed.
The warning found were:
bison -y -p MYSQL -d --debug --verbose sql_yacc.yy
sql_yacc.yy:653.9-18: warning: symbol UNLOCK_SYM redeclared
sql_yacc.yy:656.9-17: warning: symbol UNTIL_SYM redeclared
sql_yacc.yy:658.9-18: warning: symbol UPDATE_SYM redeclared
sql_yacc.yy:5169.11-5174.11: warning: unused value: $2
sql_yacc.yy:5208.11-5220.11: warning: unused value: $5
sql_yacc.yy:5221.11-5234.11: warning: unused value: $5
conflicts: 249 shift/reduce
"unused value: $2" correspond to the $$=$1 assignment in the 1st {} block
in table_ref -> join_table {} {},
which does not procude a result ($$) for the rule but an intermediate $2
value for the action instead.
"unused value: $5" are similar, with $$ assignments in {} actions blocks
which are not for the final reduce.
2006-10-09 09:59:02 -07:00
|
|
|
| join_table
|
2004-09-14 19:28:29 +03:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
if (!($$= lex->current_select->nest_last_join(lex->thd)))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-09-14 19:28:29 +03:00
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
join_table_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
derived_table_list { MYSQL_YYABORT_UNLESS($$=$1); }
|
|
|
|
;
|
2005-04-04 00:50:05 +02:00
|
|
|
|
2007-12-19 20:59:57 -02:00
|
|
|
/*
|
|
|
|
The ODBC escape syntax for Outer Join is: '{' OJ join_table '}'
|
|
|
|
The parser does not define OJ as a token, any ident is accepted
|
|
|
|
instead in $2 (ident). Also, all productions from table_ref can
|
|
|
|
be escaped, not only join_table. Both syntax extensions are safe
|
|
|
|
and are ignored.
|
|
|
|
*/
|
|
|
|
esc_table_ref:
|
|
|
|
table_ref { $$=$1; }
|
|
|
|
| '{' ident table_ref '}' { $$=$3; }
|
|
|
|
;
|
|
|
|
|
2005-03-16 00:13:23 +00:00
|
|
|
/* Warning - may return NULL in case of incomplete SELECT */
|
|
|
|
derived_table_list:
|
2007-12-19 20:59:57 -02:00
|
|
|
esc_table_ref { $$=$1; }
|
|
|
|
| derived_table_list ',' esc_table_ref
|
2005-03-16 00:13:23 +00:00
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && ($$=$3));
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
;
|
|
|
|
|
2005-10-25 09:00:57 +03:00
|
|
|
/*
|
|
|
|
Notice that JOIN is a left-associative operation, and it must be parsed
|
|
|
|
as such, that is, the parser must process first the left join operand
|
|
|
|
then the right one. Such order of processing ensures that the parser
|
|
|
|
produces correct join trees which is essential for semantic analysis
|
|
|
|
and subsequent optimization phases.
|
|
|
|
*/
|
2004-11-11 19:01:46 -08:00
|
|
|
join_table:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* INNER JOIN variants */
|
|
|
|
/*
|
|
|
|
Use %prec to evaluate production 'table_ref' before 'normal_join'
|
|
|
|
so that [INNER | CROSS] JOIN is properly nested as other
|
|
|
|
left-associative joins.
|
|
|
|
*/
|
|
|
|
table_ref normal_join table_ref %prec TABLE_REF_PRIORITY
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
{ MYSQL_YYABORT_UNLESS($1 && ($$=$3)); }
|
2007-08-14 20:31:06 -06:00
|
|
|
| table_ref STRAIGHT_JOIN table_factor
|
|
|
|
{ MYSQL_YYABORT_UNLESS($1 && ($$=$3)); $3->straight=1; }
|
|
|
|
| table_ref normal_join table_ref
|
2005-08-12 17:57:19 +03:00
|
|
|
ON
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $3);
|
2005-08-12 17:57:19 +03:00
|
|
|
/* Change the current name resolution context to a local context. */
|
2005-11-28 21:57:50 +02:00
|
|
|
if (push_new_name_resolution_context(YYTHD, $1, $3))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-09-25 06:15:14 -07:00
|
|
|
Select->parsing_place= IN_ON;
|
2005-08-12 17:57:19 +03:00
|
|
|
}
|
|
|
|
expr
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2005-08-12 17:57:19 +03:00
|
|
|
add_join_on($3,$6);
|
|
|
|
Lex->pop_context();
|
2006-09-25 06:15:14 -07:00
|
|
|
Select->parsing_place= NO_MATTER;
|
2005-08-12 17:57:19 +03:00
|
|
|
}
|
|
|
|
| table_ref STRAIGHT_JOIN table_factor
|
|
|
|
ON
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $3);
|
2005-08-12 17:57:19 +03:00
|
|
|
/* Change the current name resolution context to a local context. */
|
2005-11-28 21:57:50 +02:00
|
|
|
if (push_new_name_resolution_context(YYTHD, $1, $3))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-09-25 06:15:14 -07:00
|
|
|
Select->parsing_place= IN_ON;
|
2005-08-12 17:57:19 +03:00
|
|
|
}
|
|
|
|
expr
|
|
|
|
{
|
|
|
|
$3->straight=1;
|
|
|
|
add_join_on($3,$6);
|
|
|
|
Lex->pop_context();
|
2006-09-25 06:15:14 -07:00
|
|
|
Select->parsing_place= NO_MATTER;
|
2005-08-12 17:57:19 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| table_ref normal_join table_ref
|
|
|
|
USING
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $3);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
'(' using_list ')'
|
2007-01-31 16:04:38 +02:00
|
|
|
{ add_join_natural($1,$3,$7,Select); $$=$3; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| table_ref NATURAL JOIN_SYM table_factor
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && ($$=$4));
|
2007-01-31 16:04:38 +02:00
|
|
|
add_join_natural($1,$4,NULL,Select);
|
2005-10-25 09:00:57 +03:00
|
|
|
}
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/* LEFT JOIN variants */
|
|
|
|
| table_ref LEFT opt_outer JOIN_SYM table_ref
|
2005-08-12 17:57:19 +03:00
|
|
|
ON
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $5);
|
2005-08-12 17:57:19 +03:00
|
|
|
/* Change the current name resolution context to a local context. */
|
2005-11-28 21:57:50 +02:00
|
|
|
if (push_new_name_resolution_context(YYTHD, $1, $5))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-09-25 06:15:14 -07:00
|
|
|
Select->parsing_place= IN_ON;
|
2005-08-12 17:57:19 +03:00
|
|
|
}
|
|
|
|
expr
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2005-08-12 17:57:19 +03:00
|
|
|
add_join_on($5,$8);
|
|
|
|
Lex->pop_context();
|
|
|
|
$5->outer_join|=JOIN_TYPE_LEFT;
|
|
|
|
$$=$5;
|
2006-09-25 06:15:14 -07:00
|
|
|
Select->parsing_place= NO_MATTER;
|
2005-08-12 17:57:19 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| table_ref LEFT opt_outer JOIN_SYM table_factor
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $5);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
USING '(' using_list ')'
|
2007-01-31 16:04:38 +02:00
|
|
|
{
|
|
|
|
add_join_natural($1,$5,$9,Select);
|
|
|
|
$5->outer_join|=JOIN_TYPE_LEFT;
|
|
|
|
$$=$5;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| table_ref NATURAL LEFT opt_outer JOIN_SYM table_factor
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $6);
|
2007-08-14 20:31:06 -06:00
|
|
|
add_join_natural($1,$6,NULL,Select);
|
|
|
|
$6->outer_join|=JOIN_TYPE_LEFT;
|
|
|
|
$$=$6;
|
|
|
|
}
|
2005-10-25 09:00:57 +03:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/* RIGHT JOIN variants */
|
|
|
|
| table_ref RIGHT opt_outer JOIN_SYM table_ref
|
2005-08-12 17:57:19 +03:00
|
|
|
ON
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $5);
|
2005-08-12 17:57:19 +03:00
|
|
|
/* Change the current name resolution context to a local context. */
|
2005-11-28 21:57:50 +02:00
|
|
|
if (push_new_name_resolution_context(YYTHD, $1, $5))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-09-25 06:15:14 -07:00
|
|
|
Select->parsing_place= IN_ON;
|
2005-08-12 17:57:19 +03:00
|
|
|
}
|
|
|
|
expr
|
2005-04-04 00:50:05 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
if (!($$= lex->current_select->convert_right_join()))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-08-12 17:57:19 +03:00
|
|
|
add_join_on($$, $8);
|
|
|
|
Lex->pop_context();
|
2006-09-25 06:15:14 -07:00
|
|
|
Select->parsing_place= NO_MATTER;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| table_ref RIGHT opt_outer JOIN_SYM table_factor
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $5);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
USING '(' using_list ')'
|
2005-04-04 00:50:05 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
if (!($$= lex->current_select->convert_right_join()))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-01-31 16:04:38 +02:00
|
|
|
add_join_natural($$,$5,$9,Select);
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| table_ref NATURAL RIGHT opt_outer JOIN_SYM table_factor
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT_UNLESS($1 && $6);
|
2007-08-14 20:31:06 -06:00
|
|
|
add_join_natural($6,$1,NULL,Select);
|
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
if (!($$= lex->current_select->convert_right_join()))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
normal_join:
|
2007-08-14 20:31:06 -06:00
|
|
|
JOIN_SYM {}
|
|
|
|
| INNER_SYM JOIN_SYM {}
|
|
|
|
| CROSS JOIN_SYM {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-03-16 00:13:23 +00:00
|
|
|
/* Warning - may return NULL in case of incomplete SELECT */
|
2004-11-11 19:01:46 -08:00
|
|
|
table_factor:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
SELECT_LEX *sel= Select;
|
|
|
|
sel->table_join_options= 0;
|
|
|
|
}
|
|
|
|
table_ident opt_table_alias opt_key_definition
|
|
|
|
{
|
|
|
|
if (!($$= Select->add_table_to_list(YYTHD, $2, $3,
|
|
|
|
Select->get_table_join_options(),
|
|
|
|
Lex->lock_option,
|
|
|
|
Select->pop_index_hints())))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Select->add_joined_table($$);
|
|
|
|
}
|
|
|
|
| select_derived_init get_select_lex select_derived2
|
2004-09-14 19:28:29 +03:00
|
|
|
{
|
2004-11-11 19:01:46 -08:00
|
|
|
LEX *lex= Lex;
|
2005-03-16 00:13:23 +00:00
|
|
|
SELECT_LEX *sel= lex->current_select;
|
|
|
|
if ($1)
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (sel->set_braces(1))
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-03-16 00:13:23 +00:00
|
|
|
/* select in braces, can't contain global parameters */
|
2007-08-14 20:31:06 -06:00
|
|
|
if (sel->master_unit()->fake_select_lex)
|
2005-03-16 00:13:23 +00:00
|
|
|
sel->master_unit()->global_parameters=
|
|
|
|
sel->master_unit()->fake_select_lex;
|
|
|
|
}
|
|
|
|
if ($2->init_nested_join(lex->thd))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-03-16 00:13:23 +00:00
|
|
|
$$= 0;
|
2005-04-04 00:50:05 +02:00
|
|
|
/* incomplete derived tables return NULL, we must be
|
2005-03-16 00:13:23 +00:00
|
|
|
nested in select_derived rule to be here. */
|
2004-09-14 19:28:29 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| '(' get_select_lex select_derived union_opt ')' opt_table_alias
|
2005-03-16 00:13:23 +00:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Use $2 instead of Lex->current_select as derived table will
|
|
|
|
alter value of Lex->current_select. */
|
|
|
|
|
|
|
|
if (!($3 || $6) && $2->embedding &&
|
|
|
|
!$2->embedding->nested_join->join_list.elements)
|
|
|
|
{
|
|
|
|
/* we have a derived table ($3 == NULL) but no alias,
|
|
|
|
Since we are nested in further parentheses so we
|
|
|
|
can pass NULL to the outer level parentheses
|
|
|
|
Permits parsing of "((((select ...))) as xyz)" */
|
|
|
|
$$= 0;
|
|
|
|
}
|
|
|
|
else if (!$3)
|
|
|
|
{
|
|
|
|
/* Handle case of derived table, alias may be NULL if there
|
|
|
|
are no outer parentheses, add_table_to_list() will throw
|
|
|
|
error in this case */
|
|
|
|
LEX *lex=Lex;
|
|
|
|
SELECT_LEX *sel= lex->current_select;
|
|
|
|
SELECT_LEX_UNIT *unit= sel->master_unit();
|
|
|
|
lex->current_select= sel= unit->outer_select();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Table_ident *ti= new Table_ident(unit);
|
|
|
|
if (ti == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
if (!($$= sel->add_table_to_list(lex->thd,
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
ti, $6, 0,
|
2007-08-14 20:31:06 -06:00
|
|
|
TL_READ)))
|
|
|
|
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
sel->add_joined_table($$);
|
|
|
|
lex->pop_context();
|
2009-07-11 23:44:29 +05:00
|
|
|
lex->nest_level--;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
else if ($4 || $6)
|
|
|
|
{
|
|
|
|
/* simple nested joins cannot have aliases or unions */
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
else
|
2009-07-11 23:44:29 +05:00
|
|
|
{
|
|
|
|
/* nested join: FROM (t1 JOIN t2 ...),
|
|
|
|
nest_level is the same as in the outer query */
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= $3;
|
2009-07-11 23:44:29 +05:00
|
|
|
}
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
|
|
|
;
|
2002-03-26 15:06:05 +02:00
|
|
|
|
2005-03-16 00:13:23 +00:00
|
|
|
/* handle contents of parentheses in join expression */
|
2002-11-28 17:25:41 +01:00
|
|
|
select_derived:
|
2007-08-14 20:31:06 -06:00
|
|
|
get_select_lex
|
|
|
|
{
|
2005-03-16 00:13:23 +00:00
|
|
|
LEX *lex= Lex;
|
|
|
|
if ($1->init_nested_join(lex->thd))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
|
|
|
derived_table_list
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
/* for normal joins, $3 != NULL and end_nested_join() != NULL,
|
|
|
|
for derived tables, both must equal NULL */
|
2005-04-04 00:50:05 +02:00
|
|
|
|
2005-03-16 00:13:23 +00:00
|
|
|
if (!($$= $1->end_nested_join(lex->thd)) && $3)
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-03-16 00:13:23 +00:00
|
|
|
if (!$3 && $$)
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
2005-03-16 00:13:23 +00:00
|
|
|
}
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2005-02-13 22:35:52 +00:00
|
|
|
|
2005-02-15 19:25:42 +02:00
|
|
|
select_derived2:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->derived_tables|= DERIVED_SUBQUERY;
|
|
|
|
if (!lex->expr_allows_subselect ||
|
|
|
|
lex->sql_command == (int)SQLCOM_PURGE)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (lex->current_select->linkage == GLOBAL_OPTIONS_TYPE ||
|
|
|
|
mysql_new_select(lex, 1))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->current_select->linkage= DERIVED_TABLE_TYPE;
|
|
|
|
lex->current_select->parsing_place= SELECT_LIST;
|
|
|
|
}
|
|
|
|
select_options select_item_list
|
|
|
|
{
|
|
|
|
Select->parsing_place= NO_MATTER;
|
|
|
|
}
|
|
|
|
opt_select_from
|
2002-11-28 17:25:41 +01:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-03-16 00:13:23 +00:00
|
|
|
get_select_lex:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ { $$= Select; }
|
2005-03-16 00:13:23 +00:00
|
|
|
;
|
|
|
|
|
|
|
|
select_derived_init:
|
|
|
|
SELECT_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-10-12 18:02:57 +04:00
|
|
|
|
|
|
|
if (! lex->parsing_options.allows_derived)
|
|
|
|
{
|
|
|
|
my_error(ER_VIEW_SELECT_DERIVED, MYF(0));
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-10-12 18:02:57 +04:00
|
|
|
}
|
|
|
|
|
2005-04-04 00:50:05 +02:00
|
|
|
SELECT_LEX *sel= lex->current_select;
|
2005-03-16 00:13:23 +00:00
|
|
|
TABLE_LIST *embedding;
|
|
|
|
if (!sel->embedding || sel->end_nested_join(lex->thd))
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2005-03-16 00:13:23 +00:00
|
|
|
/* we are not in parentheses */
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-03-16 00:13:23 +00:00
|
|
|
embedding= Select->embedding;
|
|
|
|
$$= embedding &&
|
|
|
|
!embedding->nested_join->join_list.elements;
|
|
|
|
/* return true if we are deeply nested */
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
opt_outer:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| OUTER {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-03-05 19:08:41 +02:00
|
|
|
index_hint_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
2001-06-15 05:03:15 +03:00
|
|
|
{
|
2007-03-05 19:08:41 +02:00
|
|
|
$$= global_system_variables.old_mode ?
|
|
|
|
INDEX_HINT_MASK_JOIN : INDEX_HINT_MASK_ALL;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| FOR_SYM JOIN_SYM { $$= INDEX_HINT_MASK_JOIN; }
|
|
|
|
| FOR_SYM ORDER_SYM BY { $$= INDEX_HINT_MASK_ORDER; }
|
|
|
|
| FOR_SYM GROUP_SYM BY { $$= INDEX_HINT_MASK_GROUP; }
|
|
|
|
;
|
2007-03-05 19:08:41 +02:00
|
|
|
|
|
|
|
index_hint_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
FORCE_SYM { $$= INDEX_HINT_FORCE; }
|
|
|
|
| IGNORE_SYM { $$= INDEX_HINT_IGNORE; }
|
|
|
|
;
|
2007-03-05 19:08:41 +02:00
|
|
|
|
|
|
|
index_hint_definition:
|
2007-08-14 20:31:06 -06:00
|
|
|
index_hint_type key_or_index index_hint_clause
|
2003-01-09 22:42:31 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Select->set_index_hint_type($1, $3);
|
|
|
|
}
|
|
|
|
'(' key_usage_list ')'
|
|
|
|
| USE_SYM key_or_index index_hint_clause
|
|
|
|
{
|
|
|
|
Select->set_index_hint_type(INDEX_HINT_USE, $3);
|
|
|
|
}
|
|
|
|
'(' opt_key_usage_list ')'
|
2007-03-19 20:44:46 +01:00
|
|
|
;
|
2007-03-05 19:08:41 +02:00
|
|
|
|
|
|
|
index_hints_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
index_hint_definition
|
|
|
|
| index_hints_list index_hint_definition
|
|
|
|
;
|
2007-03-05 19:08:41 +02:00
|
|
|
|
|
|
|
opt_index_hints_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| { Select->alloc_index_hints(YYTHD); } index_hints_list
|
|
|
|
;
|
2007-03-05 19:08:41 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
opt_key_definition:
|
2007-08-14 20:31:06 -06:00
|
|
|
{ Select->clear_index_hints(); }
|
|
|
|
opt_index_hints_list
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-03-05 19:08:41 +02:00
|
|
|
opt_key_usage_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Select->add_index_hint(YYTHD, NULL, 0); }
|
|
|
|
| key_usage_list {}
|
|
|
|
;
|
2003-01-09 22:42:31 +02:00
|
|
|
|
2007-03-05 19:08:41 +02:00
|
|
|
key_usage_element:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{ Select->add_index_hint(YYTHD, $1.str, $1.length); }
|
|
|
|
| PRIMARY_SYM
|
|
|
|
{ Select->add_index_hint(YYTHD, (char *)"PRIMARY", 7); }
|
2007-03-05 19:08:41 +02:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-03-05 19:08:41 +02:00
|
|
|
key_usage_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
key_usage_element
|
|
|
|
| key_usage_list ',' key_usage_element
|
2007-03-05 19:08:41 +02:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
using_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
2005-08-12 17:57:19 +03:00
|
|
|
if (!($$= new List<String>))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
String *s= new (YYTHD->mem_root) String((const char *) $1.str,
|
|
|
|
$1.length,
|
|
|
|
system_charset_info);
|
|
|
|
if (s == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$->push_back(s);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| using_list ',' ident
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
String *s= new (YYTHD->mem_root) String((const char *) $3.str,
|
|
|
|
$3.length,
|
|
|
|
system_charset_info);
|
|
|
|
if (s == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$1->push_back(s);
|
2005-08-12 17:57:19 +03:00
|
|
|
$$= $1;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
interval:
|
2007-08-14 20:31:06 -06:00
|
|
|
interval_time_st {}
|
|
|
|
| DAY_HOUR_SYM { $$=INTERVAL_DAY_HOUR; }
|
|
|
|
| DAY_MICROSECOND_SYM { $$=INTERVAL_DAY_MICROSECOND; }
|
|
|
|
| DAY_MINUTE_SYM { $$=INTERVAL_DAY_MINUTE; }
|
|
|
|
| DAY_SECOND_SYM { $$=INTERVAL_DAY_SECOND; }
|
|
|
|
| HOUR_MICROSECOND_SYM { $$=INTERVAL_HOUR_MICROSECOND; }
|
|
|
|
| HOUR_MINUTE_SYM { $$=INTERVAL_HOUR_MINUTE; }
|
|
|
|
| HOUR_SECOND_SYM { $$=INTERVAL_HOUR_SECOND; }
|
|
|
|
| MINUTE_MICROSECOND_SYM { $$=INTERVAL_MINUTE_MICROSECOND; }
|
|
|
|
| MINUTE_SECOND_SYM { $$=INTERVAL_MINUTE_SECOND; }
|
|
|
|
| SECOND_MICROSECOND_SYM { $$=INTERVAL_SECOND_MICROSECOND; }
|
|
|
|
| YEAR_MONTH_SYM { $$=INTERVAL_YEAR_MONTH; }
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2008-02-25 13:25:57 +03:00
|
|
|
interval_time_stamp:
|
|
|
|
interval_time_st {}
|
|
|
|
| FRAC_SECOND_SYM {
|
|
|
|
$$=INTERVAL_MICROSECOND;
|
|
|
|
/*
|
|
|
|
FRAC_SECOND was mistakenly implemented with
|
|
|
|
a wrong resolution. According to the ODBC
|
|
|
|
standard it should be nanoseconds, not
|
|
|
|
microseconds. Changing it to nanoseconds
|
|
|
|
in MySQL would mean making TIMESTAMPDIFF
|
|
|
|
and TIMESTAMPADD to return DECIMAL, since
|
|
|
|
the return value would be too big for BIGINT
|
|
|
|
Hence we just deprecate the incorrect
|
|
|
|
implementation without changing its
|
|
|
|
resolution.
|
|
|
|
*/
|
2008-02-25 13:40:43 +03:00
|
|
|
WARN_DEPRECATED(yythd, "6.2", "FRAC_SECOND", "MICROSECOND");
|
2008-02-25 13:25:57 +03:00
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
interval_time_st:
|
2007-08-14 20:31:06 -06:00
|
|
|
DAY_SYM { $$=INTERVAL_DAY; }
|
|
|
|
| WEEK_SYM { $$=INTERVAL_WEEK; }
|
|
|
|
| HOUR_SYM { $$=INTERVAL_HOUR; }
|
|
|
|
| MINUTE_SYM { $$=INTERVAL_MINUTE; }
|
|
|
|
| MONTH_SYM { $$=INTERVAL_MONTH; }
|
|
|
|
| QUARTER_SYM { $$=INTERVAL_QUARTER; }
|
|
|
|
| SECOND_SYM { $$=INTERVAL_SECOND; }
|
2008-02-25 13:40:43 +03:00
|
|
|
| MICROSECOND_SYM { $$=INTERVAL_MICROSECOND; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| YEAR_SYM { $$=INTERVAL_YEAR; }
|
2004-08-11 10:27:19 +02:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-11-03 14:01:59 +02:00
|
|
|
date_time_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
DATE_SYM {$$=MYSQL_TIMESTAMP_DATE;}
|
|
|
|
| TIME_SYM {$$=MYSQL_TIMESTAMP_TIME;}
|
|
|
|
| DATETIME {$$=MYSQL_TIMESTAMP_DATETIME;}
|
|
|
|
| TIMESTAMP {$$=MYSQL_TIMESTAMP_DATETIME;}
|
2004-08-11 10:27:19 +02:00
|
|
|
;
|
2003-10-20 13:24:18 +05:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
table_alias:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| AS
|
|
|
|
| EQ
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_table_alias:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=0; }
|
|
|
|
| table_alias ident
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= (LEX_STRING*) sql_memdup(&$2,sizeof(LEX_STRING));
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-02-06 16:55:59 +02:00
|
|
|
opt_all:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| ALL
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
where_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Select->where= 0; }
|
|
|
|
| WHERE
|
2004-08-31 21:10:57 +03:00
|
|
|
{
|
|
|
|
Select->parsing_place= IN_WHERE;
|
|
|
|
}
|
|
|
|
expr
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2004-08-31 21:10:57 +03:00
|
|
|
SELECT_LEX *select= Select;
|
2007-08-14 20:31:06 -06:00
|
|
|
select->where= $3;
|
2004-08-31 21:10:57 +03:00
|
|
|
select->parsing_place= NO_MATTER;
|
2007-08-14 20:31:06 -06:00
|
|
|
if ($3)
|
|
|
|
$3->top_level_item();
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
having_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| HAVING
|
|
|
|
{
|
|
|
|
Select->parsing_place= IN_HAVING;
|
2003-05-17 10:05:07 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
expr
|
|
|
|
{
|
|
|
|
SELECT_LEX *sel= Select;
|
|
|
|
sel->having= $3;
|
|
|
|
sel->parsing_place= NO_MATTER;
|
|
|
|
if ($3)
|
|
|
|
$3->top_level_item();
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_escape:
|
2007-08-14 20:31:06 -06:00
|
|
|
ESCAPE_SYM simple_expr
|
2005-10-21 04:01:52 +03:00
|
|
|
{
|
|
|
|
Lex->escape_used= TRUE;
|
|
|
|
$$= $2;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| /* empty */
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
THD *thd= YYTHD;
|
2005-10-21 04:01:52 +03:00
|
|
|
Lex->escape_used= FALSE;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= ((thd->variables.sql_mode & MODE_NO_BACKSLASH_ESCAPES) ?
|
|
|
|
new (thd->mem_root) Item_string("", 0, &my_charset_latin1) :
|
|
|
|
new (thd->mem_root) Item_string("\\", 1, &my_charset_latin1));
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2004-06-22 19:27:16 +04:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
/*
|
2001-12-17 19:59:20 +02:00
|
|
|
group by statement in select
|
2000-07-31 21:29:14 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
group_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| GROUP_SYM BY group_list olap_opt
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
group_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
group_list ',' order_ident order_dir
|
|
|
|
{ if (add_group_to_list(YYTHD, $3,(bool) $4)) MYSQL_YYABORT; }
|
|
|
|
| order_ident order_dir
|
|
|
|
{ if (add_group_to_list(YYTHD, $1,(bool) $2)) MYSQL_YYABORT; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-07-16 22:42:53 +03:00
|
|
|
olap_opt:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| WITH CUBE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->current_select->linkage == GLOBAL_OPTIONS_TYPE)
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_USAGE, MYF(0), "WITH CUBE",
|
|
|
|
"global union parameters");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->current_select->olap= CUBE_TYPE;
|
|
|
|
my_error(ER_NOT_SUPPORTED_YET, MYF(0), "CUBE");
|
|
|
|
MYSQL_YYABORT; /* To be deleted in 5.1 */
|
|
|
|
}
|
|
|
|
| WITH ROLLUP_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->current_select->linkage == GLOBAL_OPTIONS_TYPE)
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_USAGE, MYF(0), "WITH ROLLUP",
|
|
|
|
"global union parameters");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->current_select->olap= ROLLUP_TYPE;
|
|
|
|
}
|
|
|
|
;
|
2002-07-16 22:42:53 +03:00
|
|
|
|
2007-01-18 18:37:52 -07:00
|
|
|
/*
|
|
|
|
Order by statement in ALTER TABLE
|
|
|
|
*/
|
|
|
|
|
|
|
|
alter_order_clause:
|
|
|
|
ORDER_SYM BY alter_order_list
|
|
|
|
;
|
|
|
|
|
|
|
|
alter_order_list:
|
|
|
|
alter_order_list ',' alter_order_item
|
|
|
|
| alter_order_item
|
|
|
|
;
|
|
|
|
|
|
|
|
alter_order_item:
|
|
|
|
simple_ident_nospvar order_dir
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
bool ascending= ($2 == 1) ? true : false;
|
|
|
|
if (add_order_to_list(thd, $1, ascending))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-01-18 18:37:52 -07:00
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/*
|
2001-12-17 19:59:20 +02:00
|
|
|
Order by statement in select
|
2000-07-31 21:29:14 +02:00
|
|
|
*/
|
|
|
|
|
2000-11-17 02:36:46 +02:00
|
|
|
opt_order_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| order_clause
|
|
|
|
;
|
2000-11-17 02:36:46 +02:00
|
|
|
|
|
|
|
order_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
ORDER_SYM BY
|
2006-04-20 22:15:38 -07:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
|
|
|
SELECT_LEX *sel= lex->current_select;
|
|
|
|
SELECT_LEX_UNIT *unit= sel-> master_unit();
|
|
|
|
if (sel->linkage != GLOBAL_OPTIONS_TYPE &&
|
2007-12-18 11:07:08 +02:00
|
|
|
sel->olap != UNSPECIFIED_OLAP_TYPE &&
|
|
|
|
(sel->linkage != UNION_TYPE || sel->braces))
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
my_error(ER_WRONG_USAGE, MYF(0),
|
|
|
|
"CUBE/ROLLUP", "ORDER BY");
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
if (lex->sql_command != SQLCOM_ALTER_TABLE && !unit->fake_select_lex)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
A query of the of the form (SELECT ...) ORDER BY order_list is
|
|
|
|
executed in the same way as the query
|
|
|
|
SELECT ... ORDER BY order_list
|
|
|
|
unless the SELECT construct contains ORDER BY or LIMIT clauses.
|
|
|
|
Otherwise we create a fake SELECT_LEX if it has not been created
|
|
|
|
yet.
|
|
|
|
*/
|
|
|
|
SELECT_LEX *first_sl= unit->first_select();
|
|
|
|
if (!unit->is_union() &&
|
|
|
|
(first_sl->order_list.elements ||
|
|
|
|
first_sl->select_limit) &&
|
|
|
|
unit->add_fake_select_lex(lex->thd))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-04-20 22:15:38 -07:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
order_list
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
order_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
order_list ',' order_ident order_dir
|
|
|
|
{ if (add_order_to_list(YYTHD, $3,(bool) $4)) MYSQL_YYABORT; }
|
|
|
|
| order_ident order_dir
|
|
|
|
{ if (add_order_to_list(YYTHD, $1,(bool) $2)) MYSQL_YYABORT; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
order_dir:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$ = 1; }
|
|
|
|
| ASC { $$ =1; }
|
|
|
|
| DESC { $$ =0; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-02-12 21:55:37 +02:00
|
|
|
opt_limit_clause_init:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
SELECT_LEX *sel= lex->current_select;
|
|
|
|
sel->offset_limit= 0;
|
|
|
|
sel->select_limit= 0;
|
|
|
|
}
|
|
|
|
| limit_clause {}
|
|
|
|
;
|
2002-12-01 17:10:13 +01:00
|
|
|
|
2003-02-12 21:55:37 +02:00
|
|
|
opt_limit_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| limit_clause {}
|
|
|
|
;
|
2003-02-12 21:55:37 +02:00
|
|
|
|
2002-12-01 17:10:13 +01:00
|
|
|
limit_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
LIMIT limit_options {}
|
|
|
|
;
|
2002-11-16 20:19:10 +02:00
|
|
|
|
|
|
|
limit_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
limit_option
|
|
|
|
{
|
2003-07-03 02:30:52 +03:00
|
|
|
SELECT_LEX *sel= Select;
|
2002-11-16 20:19:10 +02:00
|
|
|
sel->select_limit= $1;
|
2005-06-07 14:11:36 +04:00
|
|
|
sel->offset_limit= 0;
|
2007-08-14 20:31:06 -06:00
|
|
|
sel->explicit_limit= 1;
|
|
|
|
}
|
|
|
|
| limit_option ',' limit_option
|
|
|
|
{
|
|
|
|
SELECT_LEX *sel= Select;
|
|
|
|
sel->select_limit= $3;
|
|
|
|
sel->offset_limit= $1;
|
|
|
|
sel->explicit_limit= 1;
|
|
|
|
}
|
|
|
|
| limit_option OFFSET_SYM limit_option
|
|
|
|
{
|
|
|
|
SELECT_LEX *sel= Select;
|
|
|
|
sel->select_limit= $1;
|
|
|
|
sel->offset_limit= $3;
|
|
|
|
sel->explicit_limit= 1;
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2005-06-07 14:11:36 +04:00
|
|
|
limit_option:
|
|
|
|
param_marker
|
2007-05-18 12:08:07 +05:00
|
|
|
{
|
2008-02-28 11:34:08 -03:00
|
|
|
((Item_param *) $1)->limit_clause_param= TRUE;
|
2007-05-18 12:08:07 +05:00
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
| ULONGLONG_NUM
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_uint($1.str, $1.length);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| LONG_NUM
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_uint($1.str, $1.length);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| NUM
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_uint($1.str, $1.length);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-06-07 07:48:56 -07:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
delete_limit_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->current_select->select_limit= 0;
|
|
|
|
}
|
|
|
|
| LIMIT limit_option
|
|
|
|
{
|
|
|
|
SELECT_LEX *sel= Select;
|
|
|
|
sel->select_limit= $2;
|
|
|
|
sel->explicit_limit= 1;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-04-04 00:50:05 +02:00
|
|
|
ulong_num:
|
|
|
|
NUM { int error; $$= (ulong) my_strtoll10($1.str, (char**) 0, &error); }
|
2007-08-14 20:31:06 -06:00
|
|
|
| HEX_NUM { $$= (ulong) strtol($1.str, (char**) 0, 16); }
|
|
|
|
| LONG_NUM { int error; $$= (ulong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
| ULONGLONG_NUM { int error; $$= (ulong) my_strtoll10($1.str, (char**) 0, &error); }
|
2005-04-04 00:50:05 +02:00
|
|
|
| DECIMAL_NUM { int error; $$= (ulong) my_strtoll10($1.str, (char**) 0, &error); }
|
2007-08-14 20:31:06 -06:00
|
|
|
| FLOAT_NUM { int error; $$= (ulong) my_strtoll10($1.str, (char**) 0, &error); }
|
2006-08-07 12:02:28 -04:00
|
|
|
;
|
|
|
|
|
|
|
|
real_ulong_num:
|
|
|
|
NUM { int error; $$= (ulong) my_strtoll10($1.str, (char**) 0, &error); }
|
2007-08-14 20:31:06 -06:00
|
|
|
| HEX_NUM { $$= (ulong) strtol($1.str, (char**) 0, 16); }
|
|
|
|
| LONG_NUM { int error; $$= (ulong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
| ULONGLONG_NUM { int error; $$= (ulong) my_strtoll10($1.str, (char**) 0, &error); }
|
2007-03-07 13:02:14 +03:00
|
|
|
| dec_num_error { MYSQL_YYABORT; }
|
2006-08-07 12:02:28 -04:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-09-14 02:54:33 +03:00
|
|
|
ulonglong_num:
|
2007-08-14 20:31:06 -06:00
|
|
|
NUM { int error; $$= (ulonglong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
| ULONGLONG_NUM { int error; $$= (ulonglong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
| LONG_NUM { int error; $$= (ulonglong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
| DECIMAL_NUM { int error; $$= (ulonglong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
| FLOAT_NUM { int error; $$= (ulonglong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2006-08-07 12:02:28 -04:00
|
|
|
real_ulonglong_num:
|
2007-08-14 20:31:06 -06:00
|
|
|
NUM { int error; $$= (ulonglong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
| ULONGLONG_NUM { int error; $$= (ulonglong) my_strtoll10($1.str, (char**) 0, &error); }
|
|
|
|
| LONG_NUM { int error; $$= (ulonglong) my_strtoll10($1.str, (char**) 0, &error); }
|
2007-03-07 13:02:14 +03:00
|
|
|
| dec_num_error { MYSQL_YYABORT; }
|
2006-08-07 12:02:28 -04:00
|
|
|
;
|
|
|
|
|
|
|
|
dec_num_error:
|
2007-08-14 20:31:06 -06:00
|
|
|
dec_num
|
|
|
|
{ my_parse_error(ER(ER_ONLY_INTEGERS_ALLOWED)); }
|
2006-08-07 12:02:28 -04:00
|
|
|
;
|
|
|
|
|
|
|
|
dec_num:
|
2007-08-14 20:31:06 -06:00
|
|
|
DECIMAL_NUM
|
|
|
|
| FLOAT_NUM
|
2006-08-07 12:02:28 -04:00
|
|
|
;
|
|
|
|
|
2007-10-11 18:07:40 +03:00
|
|
|
choice:
|
|
|
|
ulong_num { $$= $1 != 0 ? HA_CHOICE_YES : HA_CHOICE_NO; }
|
|
|
|
| DEFAULT { $$= HA_CHOICE_UNDEF; }
|
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
procedure_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| PROCEDURE ident /* Procedure name */
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2006-10-12 18:02:57 +04:00
|
|
|
|
|
|
|
if (! lex->parsing_options.allows_select_procedure)
|
|
|
|
{
|
|
|
|
my_error(ER_VIEW_SELECT_CLAUSE, MYF(0), "PROCEDURE");
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-10-12 18:02:57 +04:00
|
|
|
}
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (&lex->select_lex != lex->current_select)
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_USAGE, MYF(0), "PROCEDURE", "subquery");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->proc_list.elements=0;
|
|
|
|
lex->proc_list.first=0;
|
|
|
|
lex->proc_list.next= (uchar**) &lex->proc_list.first;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item_field *item= new (YYTHD->mem_root)
|
|
|
|
Item_field(&lex->current_select->context,
|
|
|
|
NULL, NULL, $2.str);
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
if (add_proc_to_list(lex->thd, item))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->uncacheable(UNCACHEABLE_SIDEEFFECT);
|
|
|
|
}
|
|
|
|
'(' procedure_list ')'
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
procedure_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| procedure_list2 {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
procedure_list2:
|
2007-08-14 20:31:06 -06:00
|
|
|
procedure_list2 ',' procedure_item
|
|
|
|
| procedure_item
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
procedure_item:
|
2007-08-14 20:31:06 -06:00
|
|
|
remember_name expr remember_end
|
|
|
|
{
|
2007-04-25 21:38:12 -06:00
|
|
|
THD *thd= YYTHD;
|
2002-10-16 16:55:08 +03:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (add_proc_to_list(thd, $2))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
if (!$2->name)
|
2007-06-13 07:31:41 -06:00
|
|
|
$2->set_name($1, (uint) ($3 - $1), thd->charset());
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2002-10-16 16:55:08 +03:00
|
|
|
|
|
|
|
select_var_list_init:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2008-05-13 18:10:46 +03:00
|
|
|
if (!lex->describe &&
|
|
|
|
(!(lex->result= new select_dumpvar(lex->nest_level))))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
select_var_list
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-10-11 21:49:10 +03:00
|
|
|
select_var_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
select_var_list ',' select_var_ident
|
|
|
|
| select_var_ident {}
|
|
|
|
;
|
2002-10-16 16:55:08 +03:00
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
select_var_ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
'@' ident_or_text
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->result)
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
my_var *var= new my_var($2,0,0,(enum_field_types)0);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
((select_dumpvar *)lex->result)->var_list.push_back(var);
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
The parser won't create select_result instance only
|
|
|
|
if it's an EXPLAIN.
|
|
|
|
*/
|
|
|
|
DBUG_ASSERT(lex->describe);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| ident_or_text
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
sp_variable_t *t;
|
|
|
|
|
|
|
|
if (!lex->spcont || !(t=lex->spcont->find_variable(&$1)))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_UNDECLARED_VAR, MYF(0), $1.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (lex->result)
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
my_var *var= new my_var($1,1,t->offset,t->type);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
((select_dumpvar *)lex->result)->var_list.push_back(var);
|
2005-11-23 12:26:07 +02:00
|
|
|
#ifndef DBUG_OFF
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
var->sp= lex->sphead;
|
2005-11-23 00:50:37 +02:00
|
|
|
#endif
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
The parser won't create select_result instance only
|
|
|
|
if it's an EXPLAIN.
|
|
|
|
*/
|
|
|
|
DBUG_ASSERT(lex->describe);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-11-28 17:25:41 +01:00
|
|
|
into:
|
2007-08-14 20:31:06 -06:00
|
|
|
INTO
|
2006-10-12 18:02:57 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
if (! Lex->parsing_options.allows_select_into)
|
|
|
|
{
|
|
|
|
my_error(ER_VIEW_SELECT_CLAUSE, MYF(0), "INTO");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-10-12 18:02:57 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
into_destination
|
2006-10-12 18:02:57 +04:00
|
|
|
;
|
|
|
|
|
|
|
|
into_destination:
|
2007-08-14 20:31:06 -06:00
|
|
|
OUTFILE TEXT_STRING_filesystem
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->uncacheable(UNCACHEABLE_SIDEEFFECT);
|
|
|
|
if (!(lex->exchange= new sql_exchange($2.str, 0)) ||
|
2008-05-13 18:10:46 +03:00
|
|
|
!(lex->result= new select_export(lex->exchange, lex->nest_level)))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2009-07-31 22:14:52 +05:00
|
|
|
opt_load_data_charset
|
|
|
|
{ Lex->exchange->cs= $4; }
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_field_term opt_line_term
|
|
|
|
| DUMPFILE TEXT_STRING_filesystem
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (!lex->describe)
|
|
|
|
{
|
|
|
|
lex->uncacheable(UNCACHEABLE_SIDEEFFECT);
|
|
|
|
if (!(lex->exchange= new sql_exchange($2.str,1)))
|
|
|
|
MYSQL_YYABORT;
|
2008-05-13 18:10:46 +03:00
|
|
|
if (!(lex->result= new select_dump(lex->exchange, lex->nest_level)))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
2006-10-12 18:02:57 +04:00
|
|
|
| select_var_list_init
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Lex->uncacheable(UNCACHEABLE_SIDEEFFECT);
|
|
|
|
}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-12-17 19:59:20 +02:00
|
|
|
/*
|
|
|
|
DO statement
|
|
|
|
*/
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
do:
|
|
|
|
DO_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_DO;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
}
|
|
|
|
expr_list
|
|
|
|
{
|
|
|
|
Lex->insert_list= $3;
|
|
|
|
}
|
|
|
|
;
|
2002-11-28 18:57:56 +01:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/*
|
2003-06-06 17:43:23 +05:00
|
|
|
Drop : delete tables or index or user
|
2000-07-31 21:29:14 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
drop:
|
2007-08-14 20:31:06 -06:00
|
|
|
DROP opt_temporary table_or_tables if_exists table_list opt_restrict
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_DROP_TABLE;
|
|
|
|
lex->drop_temporary= $2;
|
|
|
|
lex->drop_if_exists= $4;
|
|
|
|
}
|
|
|
|
| DROP INDEX_SYM ident ON table_ident {}
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Alter_drop *ad= new Alter_drop(Alter_drop::KEY, $3.str);
|
|
|
|
if (ad == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sql_command= SQLCOM_DROP_INDEX;
|
|
|
|
lex->alter_info.reset();
|
|
|
|
lex->alter_info.flags= ALTER_DROP_INDEX;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
lex->alter_info.drop_list.push_back(ad);
|
2007-08-14 20:31:06 -06:00
|
|
|
if (!lex->current_select->add_table_to_list(lex->thd, $5, NULL,
|
|
|
|
TL_OPTION_UPDATING))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| DROP DATABASE if_exists ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_DROP_DB;
|
|
|
|
lex->drop_if_exists=$3;
|
|
|
|
lex->name= $4;
|
|
|
|
}
|
2009-02-12 17:30:38 +02:00
|
|
|
| DROP FUNCTION_SYM if_exists ident '.' ident
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2009-02-12 16:36:43 +02:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
sp_name *spname;
|
2009-02-12 17:30:38 +02:00
|
|
|
if ($4.str && check_db_name(&$4))
|
|
|
|
{
|
|
|
|
my_error(ER_WRONG_DB_NAME, MYF(0), $4.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-10-16 20:47:08 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_DROP_SP, MYF(0), "FUNCTION");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command = SQLCOM_DROP_FUNCTION;
|
|
|
|
lex->drop_if_exists= $3;
|
2009-02-12 17:30:38 +02:00
|
|
|
spname= new sp_name($4, $6, true);
|
2009-02-12 16:36:43 +02:00
|
|
|
if (spname == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2009-02-12 17:30:38 +02:00
|
|
|
spname->init_qname(thd);
|
|
|
|
lex->spname= spname;
|
|
|
|
}
|
|
|
|
| DROP FUNCTION_SYM if_exists ident
|
|
|
|
{
|
2009-02-12 16:36:43 +02:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
LEX_STRING db= {0, 0};
|
|
|
|
sp_name *spname;
|
2009-02-12 17:30:38 +02:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_DROP_SP, MYF(0), "FUNCTION");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2009-02-12 16:36:43 +02:00
|
|
|
if (thd->db && lex->copy_db_to(&db.str, &db.length))
|
|
|
|
MYSQL_YYABORT;
|
2009-02-12 17:30:38 +02:00
|
|
|
lex->sql_command = SQLCOM_DROP_FUNCTION;
|
|
|
|
lex->drop_if_exists= $3;
|
|
|
|
spname= new sp_name(db, $4, false);
|
2009-02-12 16:36:43 +02:00
|
|
|
if (spname == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2009-02-12 17:30:38 +02:00
|
|
|
spname->init_qname(thd);
|
|
|
|
lex->spname= spname;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| DROP PROCEDURE if_exists sp_name
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_DROP_SP, MYF(0), "PROCEDURE");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command = SQLCOM_DROP_PROCEDURE;
|
|
|
|
lex->drop_if_exists= $3;
|
|
|
|
lex->spname= $4;
|
|
|
|
}
|
|
|
|
| DROP USER clear_privileges user_list
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_DROP_USER;
|
|
|
|
}
|
|
|
|
| DROP VIEW_SYM if_exists table_list opt_restrict
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_DROP_VIEW;
|
|
|
|
lex->drop_if_exists= $3;
|
2004-11-25 21:55:49 +01:00
|
|
|
}
|
2005-12-02 13:07:02 +01:00
|
|
|
| DROP EVENT_SYM if_exists sp_name
|
|
|
|
{
|
2006-06-27 11:51:11 +02:00
|
|
|
Lex->drop_if_exists= $3;
|
|
|
|
Lex->spname= $4;
|
|
|
|
Lex->sql_command = SQLCOM_DROP_EVENT;
|
2005-12-02 13:07:02 +01:00
|
|
|
}
|
Bug#23703 (DROP TRIGGER needs an IF EXISTS)
This change set implements the DROP TRIGGER IF EXISTS functionality.
This fix is considered a bug and not a feature, because without it,
there is no known method to write a database creation script that can create
a trigger without failing, when executed on a database that may or may not
contain already a trigger of the same name.
Implementing this functionality closes an orthogonality gap between triggers
and stored procedures / stored functions (which do support the DROP IF
EXISTS syntax).
In sql_trigger.cc, in mysql_create_or_drop_trigger,
the code has been reordered to:
- perform the tests that do not depend on the file system (access()),
- get the locks (wait_if_global_read_lock, LOCK_open)
- call access()
- perform the operation
- write to the binlog
- unlock (LOCK_open, start_waiting_global_read_lock)
This is to ensure that all the code that depends on the presence of the
trigger file is executed in the same critical section,
and prevents race conditions similar to the case fixed by Bug 14262 :
- thread 1 executes DROP TRIGGER IF EXISTS, access() returns a failure
- thread 2 executes CREATE TRIGGER
- thread 2 logs CREATE TRIGGER
- thread 1 logs DROP TRIGGER IF EXISTS
The patch itself is based on code contributed by the MySQL community,
under the terms of the Contributor License Agreement (See Bug 18161).
2006-11-13 15:40:22 -07:00
|
|
|
| DROP TRIGGER_SYM if_exists sp_name
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_DROP_TRIGGER;
|
Bug#23703 (DROP TRIGGER needs an IF EXISTS)
This change set implements the DROP TRIGGER IF EXISTS functionality.
This fix is considered a bug and not a feature, because without it,
there is no known method to write a database creation script that can create
a trigger without failing, when executed on a database that may or may not
contain already a trigger of the same name.
Implementing this functionality closes an orthogonality gap between triggers
and stored procedures / stored functions (which do support the DROP IF
EXISTS syntax).
In sql_trigger.cc, in mysql_create_or_drop_trigger,
the code has been reordered to:
- perform the tests that do not depend on the file system (access()),
- get the locks (wait_if_global_read_lock, LOCK_open)
- call access()
- perform the operation
- write to the binlog
- unlock (LOCK_open, start_waiting_global_read_lock)
This is to ensure that all the code that depends on the presence of the
trigger file is executed in the same critical section,
and prevents race conditions similar to the case fixed by Bug 14262 :
- thread 1 executes DROP TRIGGER IF EXISTS, access() returns a failure
- thread 2 executes CREATE TRIGGER
- thread 2 logs CREATE TRIGGER
- thread 1 logs DROP TRIGGER IF EXISTS
The patch itself is based on code contributed by the MySQL community,
under the terms of the Contributor License Agreement (See Bug 18161).
2006-11-13 15:40:22 -07:00
|
|
|
lex->drop_if_exists= $3;
|
|
|
|
lex->spname= $4;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2006-01-11 11:35:25 +01:00
|
|
|
| DROP TABLESPACE tablespace_name opt_ts_engine opt_ts_wait
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_cmd_type= DROP_TABLESPACE;
|
|
|
|
}
|
2007-02-23 22:48:15 +02:00
|
|
|
| DROP LOGFILE_SYM GROUP_SYM logfile_group_name opt_ts_engine opt_ts_wait
|
2006-01-11 11:35:25 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->alter_tablespace_info->ts_cmd_type= DROP_LOGFILE_GROUP;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2006-12-01 19:47:45 -05:00
|
|
|
| DROP SERVER_SYM if_exists ident_or_text
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_DROP_SERVER;
|
|
|
|
Lex->drop_if_exists= $3;
|
|
|
|
Lex->server_options.server_name= $4.str;
|
|
|
|
Lex->server_options.server_name_length= $4.length;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
table_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_name
|
|
|
|
| table_list ',' table_name
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-04-07 00:18:33 +02:00
|
|
|
table_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_ident
|
|
|
|
{
|
|
|
|
if (!Select->add_table_to_list(YYTHD, $1, NULL, TL_OPTION_UPDATING))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-09-03 11:55:35 +02:00
|
|
|
table_alias_ref_list:
|
2007-10-16 20:47:08 -06:00
|
|
|
table_alias_ref
|
|
|
|
| table_alias_ref_list ',' table_alias_ref
|
|
|
|
;
|
2007-09-03 11:55:35 +02:00
|
|
|
|
|
|
|
table_alias_ref:
|
2007-10-16 20:47:08 -06:00
|
|
|
table_ident
|
|
|
|
{
|
|
|
|
if (!Select->add_table_to_list(YYTHD, $1, NULL,
|
|
|
|
TL_OPTION_UPDATING | TL_OPTION_ALIAS,
|
|
|
|
Lex->lock_option ))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
if_exists:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= 0; }
|
|
|
|
| IF EXISTS { $$= 1; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-11-07 04:02:37 +02:00
|
|
|
opt_temporary:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= 0; }
|
|
|
|
| TEMPORARY { $$= 1; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
/*
|
|
|
|
** Insert : add new data to table
|
|
|
|
*/
|
|
|
|
|
|
|
|
insert:
|
2007-08-14 20:31:06 -06:00
|
|
|
INSERT
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_INSERT;
|
|
|
|
lex->duplicates= DUP_ERROR;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
/* for subselects */
|
2008-09-29 10:53:40 -03:00
|
|
|
lex->lock_option= TL_READ_DEFAULT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
insert_lock_option
|
|
|
|
opt_ignore insert2
|
|
|
|
{
|
|
|
|
Select->set_lock_for_tables($3);
|
|
|
|
Lex->current_select= &Lex->select_lex;
|
|
|
|
}
|
|
|
|
insert_field_spec opt_insert_update
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
replace:
|
2007-08-14 20:31:06 -06:00
|
|
|
REPLACE
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_REPLACE;
|
|
|
|
lex->duplicates= DUP_REPLACE;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
}
|
|
|
|
replace_lock_option insert2
|
|
|
|
{
|
|
|
|
Select->set_lock_for_tables($3);
|
|
|
|
Lex->current_select= &Lex->select_lex;
|
|
|
|
}
|
|
|
|
insert_field_spec
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
insert_lock_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
2006-03-15 19:15:52 +02:00
|
|
|
{
|
|
|
|
#ifdef HAVE_QUERY_CACHE
|
|
|
|
/*
|
|
|
|
If it is SP we do not allow insert optimisation whan result of
|
|
|
|
insert visible only after the table unlocking but everyone can
|
|
|
|
read table.
|
|
|
|
*/
|
2007-06-03 09:40:00 +03:00
|
|
|
$$= (Lex->sphead ? TL_WRITE_DEFAULT : TL_WRITE_CONCURRENT_INSERT);
|
2006-03-15 19:15:52 +02:00
|
|
|
#else
|
|
|
|
$$= TL_WRITE_CONCURRENT_INSERT;
|
|
|
|
#endif
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| LOW_PRIORITY { $$= TL_WRITE_LOW_PRIORITY; }
|
|
|
|
| DELAYED_SYM { $$= TL_WRITE_DELAYED; }
|
|
|
|
| HIGH_PRIORITY { $$= TL_WRITE; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
replace_lock_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
opt_low_priority { $$= $1; }
|
|
|
|
| DELAYED_SYM { $$= TL_WRITE_DELAYED; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
insert2:
|
2007-08-14 20:31:06 -06:00
|
|
|
INTO insert_table {}
|
|
|
|
| insert_table {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
insert_table:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_name
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->field_list.empty();
|
|
|
|
lex->many_values.empty();
|
|
|
|
lex->insert_list=0;
|
|
|
|
};
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
insert_field_spec:
|
2007-08-14 20:31:06 -06:00
|
|
|
insert_values {}
|
|
|
|
| '(' ')' insert_values {}
|
|
|
|
| '(' fields ')' insert_values {}
|
|
|
|
| SET
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (!(lex->insert_list = new List_item) ||
|
|
|
|
lex->many_values.push_back(lex->insert_list))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
ident_eq_list
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
fields:
|
2007-08-14 20:31:06 -06:00
|
|
|
fields ',' insert_ident { Lex->field_list.push_back($3); }
|
|
|
|
| insert_ident { Lex->field_list.push_back($1); }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
insert_values:
|
2007-08-14 20:31:06 -06:00
|
|
|
VALUES values_list {}
|
|
|
|
| VALUE_SYM values_list {}
|
|
|
|
| create_select
|
|
|
|
{ Select->set_braces(0);}
|
|
|
|
union_clause {}
|
|
|
|
| '(' create_select ')'
|
|
|
|
{ Select->set_braces(1);}
|
|
|
|
union_opt {}
|
2003-06-17 16:20:07 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
values_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
values_list ',' no_braces
|
|
|
|
| no_braces
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
ident_eq_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_eq_list ',' ident_eq_value
|
|
|
|
| ident_eq_value
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
ident_eq_value:
|
2007-08-14 20:31:06 -06:00
|
|
|
simple_ident_nospvar equal expr_or_default
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->field_list.push_back($1) ||
|
|
|
|
lex->insert_list->push_back($3))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
equal:
|
|
|
|
EQ {}
|
|
|
|
| SET_VAR {}
|
|
|
|
;
|
2002-07-23 18:31:22 +03:00
|
|
|
|
|
|
|
opt_equal:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| equal {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
no_braces:
|
2007-08-14 20:31:06 -06:00
|
|
|
'('
|
|
|
|
{
|
|
|
|
if (!(Lex->insert_list = new List_item))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
opt_values ')'
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->many_values.push_back(lex->insert_list))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_values:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| values
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
values:
|
2007-08-14 20:31:06 -06:00
|
|
|
values ',' expr_or_default
|
|
|
|
{
|
|
|
|
if (Lex->insert_list->push_back($3))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| expr_or_default
|
|
|
|
{
|
|
|
|
if (Lex->insert_list->push_back($1))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2002-07-25 01:00:56 +03:00
|
|
|
|
|
|
|
expr_or_default:
|
2007-08-14 20:31:06 -06:00
|
|
|
expr { $$= $1;}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
| DEFAULT
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_default_value(Lex->current_context());
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-11-28 17:25:41 +01:00
|
|
|
opt_insert_update:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| ON DUPLICATE_SYM { Lex->duplicates= DUP_UPDATE; }
|
2004-12-13 12:26:28 +00:00
|
|
|
KEY_SYM UPDATE_SYM insert_update_list
|
2002-11-28 17:25:41 +01:00
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* Update rows in a table */
|
|
|
|
|
|
|
|
update:
|
2007-08-14 20:31:06 -06:00
|
|
|
UPDATE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->sql_command= SQLCOM_UPDATE;
|
|
|
|
lex->lock_option= TL_UNLOCK; /* Will be set later */
|
|
|
|
lex->duplicates= DUP_ERROR;
|
|
|
|
}
|
|
|
|
opt_low_priority opt_ignore join_table_list
|
|
|
|
SET update_list
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->select_lex.table_list.elements > 1)
|
|
|
|
lex->sql_command= SQLCOM_UPDATE_MULTI;
|
|
|
|
else if (lex->select_lex.get_table_list()->derived)
|
|
|
|
{
|
|
|
|
/* it is single table update and it is update of derived table */
|
|
|
|
my_error(ER_NON_UPDATABLE_TABLE, MYF(0),
|
|
|
|
lex->select_lex.get_table_list()->alias, "UPDATE");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
In case of multi-update setting write lock for all tables may
|
|
|
|
be too pessimistic. We will decrease lock level if possible in
|
|
|
|
mysql_multi_update().
|
|
|
|
*/
|
|
|
|
Select->set_lock_for_tables($3);
|
|
|
|
}
|
|
|
|
where_clause opt_order_clause delete_limit_clause {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
update_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
update_list ',' update_elem
|
|
|
|
| update_elem
|
|
|
|
;
|
2004-12-13 12:26:28 +00:00
|
|
|
|
|
|
|
update_elem:
|
2007-08-14 20:31:06 -06:00
|
|
|
simple_ident_nospvar equal expr_or_default
|
|
|
|
{
|
|
|
|
if (add_item_to_list(YYTHD, $1) || add_value_to_list(YYTHD, $3))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2004-12-13 12:26:28 +00:00
|
|
|
|
|
|
|
insert_update_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
insert_update_list ',' insert_update_elem
|
|
|
|
| insert_update_elem
|
|
|
|
;
|
2004-12-13 12:26:28 +00:00
|
|
|
|
|
|
|
insert_update_elem:
|
2007-08-14 20:31:06 -06:00
|
|
|
simple_ident_nospvar equal expr_or_default
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->update_list.push_back($1) ||
|
|
|
|
lex->value_list.push_back($3))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_low_priority:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= TL_WRITE_DEFAULT; }
|
|
|
|
| LOW_PRIORITY { $$= TL_WRITE_LOW_PRIORITY; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
/* Delete rows from a table */
|
|
|
|
|
|
|
|
delete:
|
2007-08-14 20:31:06 -06:00
|
|
|
DELETE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_DELETE;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->lock_option= TL_WRITE_DEFAULT;
|
|
|
|
lex->ignore= 0;
|
|
|
|
lex->select_lex.init_order();
|
|
|
|
}
|
|
|
|
opt_delete_options single_multi {}
|
|
|
|
;
|
2001-06-03 17:07:26 +03:00
|
|
|
|
|
|
|
single_multi:
|
2007-08-14 20:31:06 -06:00
|
|
|
FROM table_ident
|
|
|
|
{
|
|
|
|
if (!Select->add_table_to_list(YYTHD, $2, NULL, TL_OPTION_UPDATING,
|
|
|
|
Lex->lock_option))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
where_clause opt_order_clause
|
|
|
|
delete_limit_clause {}
|
|
|
|
| table_wild_list
|
|
|
|
{ mysql_init_multi_delete(Lex); }
|
2002-11-16 20:19:10 +02:00
|
|
|
FROM join_table_list where_clause
|
2005-06-09 01:07:52 +04:00
|
|
|
{
|
|
|
|
if (multi_delete_set_locks_and_link_aux_tables(Lex))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-06-09 01:07:52 +04:00
|
|
|
}
|
2007-09-03 16:24:33 +02:00
|
|
|
| FROM table_alias_ref_list
|
2007-08-14 20:31:06 -06:00
|
|
|
{ mysql_init_multi_delete(Lex); }
|
|
|
|
USING join_table_list where_clause
|
2005-06-09 01:07:52 +04:00
|
|
|
{
|
|
|
|
if (multi_delete_set_locks_and_link_aux_tables(Lex))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-06-09 01:07:52 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2001-06-15 05:03:15 +03:00
|
|
|
|
|
|
|
table_wild_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_wild_one {}
|
|
|
|
| table_wild_list ',' table_wild_one {}
|
|
|
|
;
|
2001-06-15 05:03:15 +03:00
|
|
|
|
|
|
|
table_wild_one:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident opt_wild opt_table_alias
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Table_ident *ti= new Table_ident($1);
|
|
|
|
if (ti == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
if (!Select->add_table_to_list(YYTHD,
|
|
|
|
ti,
|
2007-08-14 20:31:06 -06:00
|
|
|
$3,
|
|
|
|
TL_OPTION_UPDATING | TL_OPTION_ALIAS,
|
|
|
|
Lex->lock_option))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| ident '.' ident opt_wild opt_table_alias
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Table_ident *ti= new Table_ident(YYTHD, $1, $3, 0);
|
|
|
|
if (ti == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
if (!Select->add_table_to_list(YYTHD,
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
ti,
|
2007-08-14 20:31:06 -06:00
|
|
|
$5,
|
|
|
|
TL_OPTION_UPDATING | TL_OPTION_ALIAS,
|
|
|
|
Lex->lock_option))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2001-06-15 05:03:15 +03:00
|
|
|
|
|
|
|
opt_wild:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| '.' '*' {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2000-09-20 04:54:10 +03:00
|
|
|
opt_delete_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| opt_delete_option opt_delete_options {}
|
|
|
|
;
|
2000-09-20 04:54:10 +03:00
|
|
|
|
|
|
|
opt_delete_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
QUICK { Select->options|= OPTION_QUICK; }
|
|
|
|
| LOW_PRIORITY { Lex->lock_option= TL_WRITE_LOW_PRIORITY; }
|
|
|
|
| IGNORE_SYM { Lex->ignore= 1; }
|
|
|
|
;
|
2000-09-20 04:54:10 +03:00
|
|
|
|
2000-11-13 23:55:10 +02:00
|
|
|
truncate:
|
2007-08-14 20:31:06 -06:00
|
|
|
TRUNCATE_SYM opt_table_sym table_name
|
|
|
|
{
|
|
|
|
LEX* lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_TRUNCATE;
|
|
|
|
lex->select_lex.options= 0;
|
|
|
|
lex->select_lex.sql_cache= SELECT_LEX::SQL_CACHE_UNSPECIFIED;
|
|
|
|
lex->select_lex.init_order();
|
|
|
|
}
|
|
|
|
;
|
2000-11-13 23:55:10 +02:00
|
|
|
|
2001-02-02 03:47:06 +02:00
|
|
|
opt_table_sym:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| TABLE_SYM
|
|
|
|
;
|
2002-12-05 01:14:51 +03:00
|
|
|
|
2007-01-03 17:15:10 -05:00
|
|
|
opt_profile_defs:
|
|
|
|
/* empty */
|
2007-10-10 08:19:01 -04:00
|
|
|
| profile_defs;
|
2007-01-03 17:15:10 -05:00
|
|
|
|
|
|
|
profile_defs:
|
|
|
|
profile_def
|
2007-10-10 08:19:01 -04:00
|
|
|
| profile_defs ',' profile_def;
|
2007-01-03 17:15:10 -05:00
|
|
|
|
|
|
|
profile_def:
|
|
|
|
CPU_SYM
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_CPU;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
| MEMORY_SYM
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_MEMORY;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
| BLOCK_SYM IO_SYM
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_BLOCK_IO;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
| CONTEXT_SYM SWITCHES_SYM
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_CONTEXT;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
| PAGE_SYM FAULTS_SYM
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_PAGE_FAULTS;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
| IPC_SYM
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_IPC;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
| SWAPS_SYM
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_SWAPS;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
| SOURCE_SYM
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_SOURCE;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
| ALL
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_options|= PROFILE_ALL;
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
;
|
|
|
|
|
|
|
|
opt_profile_args:
|
|
|
|
/* empty */
|
2007-02-22 10:03:08 -05:00
|
|
|
{
|
|
|
|
Lex->profile_query_id= 0;
|
|
|
|
}
|
|
|
|
| FOR_SYM QUERY_SYM NUM
|
|
|
|
{
|
|
|
|
Lex->profile_query_id= atoi($3.str);
|
|
|
|
}
|
2007-01-03 17:15:10 -05:00
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* Show things */
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
show:
|
|
|
|
SHOW
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->wild=0;
|
|
|
|
lex->lock_option= TL_READ;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->current_select->parsing_place= SELECT_LIST;
|
|
|
|
bzero((char*) &lex->create_info,sizeof(lex->create_info));
|
|
|
|
}
|
|
|
|
show_param
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
show_param:
|
2007-08-14 20:31:06 -06:00
|
|
|
DATABASES wild_and_where
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_DATABASES;
|
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_SCHEMATA))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-01-24 18:44:54 +03:00
|
|
|
| opt_full TABLES opt_db wild_and_where
|
2004-11-13 13:56:39 +03:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_TABLES;
|
2005-01-24 18:44:54 +03:00
|
|
|
lex->select_lex.db= $3;
|
2004-11-13 13:56:39 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_TABLE_NAMES))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-13 13:56:39 +03:00
|
|
|
}
|
2005-07-19 20:06:49 +04:00
|
|
|
| opt_full TRIGGERS_SYM opt_db wild_and_where
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_TRIGGERS;
|
2005-07-19 20:06:49 +04:00
|
|
|
lex->select_lex.db= $3;
|
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_TRIGGERS))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-07-19 20:06:49 +04:00
|
|
|
}
|
2006-05-22 20:46:13 +02:00
|
|
|
| EVENTS_SYM opt_db wild_and_where
|
2006-01-30 13:15:23 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_EVENTS;
|
2006-05-22 20:46:13 +02:00
|
|
|
lex->select_lex.db= $2;
|
2006-01-30 13:15:23 +01:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_EVENTS))
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-01-30 13:15:23 +01:00
|
|
|
}
|
2005-01-24 18:44:54 +03:00
|
|
|
| TABLE_SYM STATUS_SYM opt_db wild_and_where
|
2004-11-13 13:56:39 +03:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_TABLE_STATUS;
|
2005-01-24 18:44:54 +03:00
|
|
|
lex->select_lex.db= $3;
|
2004-11-13 13:56:39 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_TABLES))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-13 13:56:39 +03:00
|
|
|
}
|
2005-01-24 18:44:54 +03:00
|
|
|
| OPEN_SYM TABLES opt_db wild_and_where
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_OPEN_TABLES;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->select_lex.db= $3;
|
2004-12-30 15:20:40 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_OPEN_TABLES))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2006-04-13 13:49:29 -07:00
|
|
|
| opt_full PLUGIN_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2009-02-16 08:38:15 -03:00
|
|
|
WARN_DEPRECATED(yythd, "6.0", "SHOW PLUGIN", "'SHOW PLUGINS'");
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_PLUGINS;
|
2006-04-06 15:29:39 +02:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_PLUGINS))
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2006-04-06 15:29:39 +02:00
|
|
|
| PLUGINS_SYM
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_PLUGINS;
|
2005-12-21 10:18:40 -08:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_PLUGINS))
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| ENGINE_SYM known_storage_engines show_engine_param
|
|
|
|
{ Lex->create_info.db_type= $2; }
|
|
|
|
| ENGINE_SYM ALL show_engine_param
|
|
|
|
{ Lex->create_info.db_type= NULL; }
|
|
|
|
| opt_full COLUMNS from_or_in table_ident opt_db wild_and_where
|
2001-07-04 17:14:31 -06:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_FIELDS;
|
|
|
|
if ($5)
|
|
|
|
$4->change_db($5);
|
|
|
|
if (prepare_schema_table(YYTHD, lex, $4, SCH_COLUMNS))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| NEW_SYM MASTER_SYM FOR_SYM SLAVE
|
|
|
|
WITH MASTER_LOG_FILE_SYM EQ
|
|
|
|
TEXT_STRING_sys /* $8 */
|
|
|
|
AND_SYM MASTER_LOG_POS_SYM EQ
|
|
|
|
ulonglong_num /* $12 */
|
|
|
|
AND_SYM MASTER_SERVER_ID_SYM EQ
|
|
|
|
ulong_num /* $16 */
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_SHOW_NEW_MASTER;
|
|
|
|
Lex->mi.log_file_name = $8.str;
|
|
|
|
Lex->mi.pos = $12;
|
|
|
|
Lex->mi.server_id = $16;
|
2001-07-04 17:14:31 -06:00
|
|
|
}
|
2003-07-12 23:31:21 +02:00
|
|
|
| master_or_binary LOGS_SYM
|
2000-10-26 22:11:55 -06:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->sql_command = SQLCOM_SHOW_BINLOGS;
|
2001-05-30 18:50:56 -06:00
|
|
|
}
|
|
|
|
| SLAVE HOSTS_SYM
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->sql_command = SQLCOM_SHOW_SLAVE_HOSTS;
|
2001-05-30 18:50:56 -06:00
|
|
|
}
|
2001-12-13 15:53:18 +02:00
|
|
|
| BINLOG_SYM EVENTS_SYM binlog_in binlog_from
|
2001-06-21 13:19:24 -06:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_BINLOG_EVENTS;
|
2003-02-12 21:55:37 +02:00
|
|
|
} opt_limit_clause_init
|
2005-01-24 18:44:54 +03:00
|
|
|
| keys_or_index from_or_in table_ident opt_db where_clause
|
2004-11-13 13:56:39 +03:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_KEYS;
|
2007-08-14 20:31:06 -06:00
|
|
|
if ($4)
|
|
|
|
$3->change_db($4);
|
2005-01-24 18:44:54 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, $3, SCH_STATISTICS))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| COLUMN_SYM TYPES_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_COLUMN_TYPES;
|
|
|
|
}
|
|
|
|
| TABLE_SYM TYPES_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_STORAGE_ENGINES;
|
2009-02-16 08:38:15 -03:00
|
|
|
WARN_DEPRECATED(yythd, "6.0", "SHOW TABLE TYPES", "'SHOW [STORAGE] ENGINES'");
|
2007-07-26 18:33:05 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_ENGINES))
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| opt_storage ENGINES_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_STORAGE_ENGINES;
|
2005-12-22 01:07:47 -08:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_ENGINES))
|
2007-03-07 13:02:14 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| AUTHORS_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_AUTHORS;
|
|
|
|
}
|
|
|
|
| CONTRIBUTORS_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_CONTRIBUTORS;
|
|
|
|
}
|
|
|
|
| PRIVILEGES
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_PRIVILEGES;
|
|
|
|
}
|
2002-12-05 01:14:51 +03:00
|
|
|
| COUNT_SYM '(' '*' ')' WARNINGS
|
2002-10-02 13:33:08 +03:00
|
|
|
{ (void) create_select_for_variable("warning_count"); }
|
2002-12-05 01:14:51 +03:00
|
|
|
| COUNT_SYM '(' '*' ')' ERRORS
|
2007-08-14 20:31:06 -06:00
|
|
|
{ (void) create_select_for_variable("error_count"); }
|
2003-02-12 21:55:37 +02:00
|
|
|
| WARNINGS opt_limit_clause_init
|
2002-06-12 14:13:12 -07:00
|
|
|
{ Lex->sql_command = SQLCOM_SHOW_WARNS;}
|
2003-02-12 21:55:37 +02:00
|
|
|
| ERRORS opt_limit_clause_init
|
2002-12-05 01:14:51 +03:00
|
|
|
{ Lex->sql_command = SQLCOM_SHOW_ERRORS;}
|
2007-01-03 17:15:10 -05:00
|
|
|
| PROFILES_SYM
|
|
|
|
{ Lex->sql_command = SQLCOM_SHOW_PROFILES; }
|
|
|
|
| PROFILE_SYM opt_profile_defs opt_profile_args opt_limit_clause_init
|
2007-07-02 07:27:39 -04:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2007-11-02 11:41:58 -04:00
|
|
|
lex->sql_command= SQLCOM_SHOW_PROFILE;
|
2007-07-02 07:27:39 -04:00
|
|
|
if (prepare_schema_table(YYTHD, lex, NULL, SCH_PROFILES) != 0)
|
|
|
|
YYABORT;
|
|
|
|
}
|
2005-01-24 18:44:54 +03:00
|
|
|
| opt_var_type STATUS_SYM wild_and_where
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2004-12-30 15:20:40 +03:00
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_STATUS;
|
2005-08-27 18:51:11 +05:00
|
|
|
lex->option_type= $1;
|
2004-12-30 15:20:40 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_STATUS))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2002-07-08 19:34:49 +03:00
|
|
|
| INNOBASE_SYM STATUS_SYM
|
2005-11-07 16:25:06 +01:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command = SQLCOM_SHOW_ENGINE_STATUS;
|
2005-12-21 10:18:40 -08:00
|
|
|
if (!(lex->create_info.db_type=
|
|
|
|
ha_resolve_by_legacy_type(YYTHD, DB_TYPE_INNODB)))
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
my_error(ER_UNKNOWN_STORAGE_ENGINE, MYF(0), "InnoDB");
|
|
|
|
MYSQL_YYABORT;
|
2005-12-21 10:18:40 -08:00
|
|
|
}
|
2009-02-16 08:38:15 -03:00
|
|
|
WARN_DEPRECATED(yythd, "6.0", "SHOW INNODB STATUS", "'SHOW ENGINE INNODB STATUS'");
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2004-12-24 12:13:32 +01:00
|
|
|
| MUTEX_SYM STATUS_SYM
|
2005-11-07 16:25:06 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
2006-03-01 21:36:05 +01:00
|
|
|
lex->sql_command = SQLCOM_SHOW_ENGINE_MUTEX;
|
2005-12-21 10:18:40 -08:00
|
|
|
if (!(lex->create_info.db_type=
|
|
|
|
ha_resolve_by_legacy_type(YYTHD, DB_TYPE_INNODB)))
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
my_error(ER_UNKNOWN_STORAGE_ENGINE, MYF(0), "InnoDB");
|
|
|
|
MYSQL_YYABORT;
|
2005-12-21 10:18:40 -08:00
|
|
|
}
|
2009-02-16 08:38:15 -03:00
|
|
|
WARN_DEPRECATED(yythd, "6.0", "SHOW MUTEX STATUS", "'SHOW ENGINE INNODB MUTEX'");
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| opt_full PROCESSLIST_SYM
|
|
|
|
{ Lex->sql_command= SQLCOM_SHOW_PROCESSLIST;}
|
2005-01-24 18:44:54 +03:00
|
|
|
| opt_var_type VARIABLES wild_and_where
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2004-12-30 15:20:40 +03:00
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_VARIABLES;
|
2005-08-27 18:51:11 +05:00
|
|
|
lex->option_type= $1;
|
2004-12-30 15:20:40 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_VARIABLES))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2005-01-24 18:44:54 +03:00
|
|
|
| charset wild_and_where
|
2004-11-13 13:56:39 +03:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_CHARSETS;
|
2004-11-13 13:56:39 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_CHARSETS))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-13 13:56:39 +03:00
|
|
|
}
|
2005-01-24 18:44:54 +03:00
|
|
|
| COLLATION_SYM wild_and_where
|
2004-11-13 13:56:39 +03:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_COLLATIONS;
|
2004-11-13 13:56:39 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_COLLATIONS))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-13 13:56:39 +03:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| GRANTS
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_GRANTS;
|
|
|
|
LEX_USER *curr_user;
|
2006-06-29 15:50:44 +05:00
|
|
|
if (!(curr_user= (LEX_USER*) lex->thd->alloc(sizeof(st_lex_user))))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2006-06-29 15:50:44 +05:00
|
|
|
bzero(curr_user, sizeof(st_lex_user));
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->grant_user= curr_user;
|
|
|
|
}
|
|
|
|
| GRANTS FOR_SYM user
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_GRANTS;
|
|
|
|
lex->grant_user=$3;
|
|
|
|
lex->grant_user->password=null_lex_str;
|
|
|
|
}
|
|
|
|
| CREATE DATABASE opt_if_not_exists ident
|
|
|
|
{
|
|
|
|
Lex->sql_command=SQLCOM_SHOW_CREATE_DB;
|
|
|
|
Lex->create_info.options=$3;
|
|
|
|
Lex->name= $4;
|
|
|
|
}
|
2000-07-31 21:29:14 +02:00
|
|
|
| CREATE TABLE_SYM table_ident
|
|
|
|
{
|
2004-11-11 19:01:46 -08:00
|
|
|
LEX *lex= Lex;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sql_command = SQLCOM_SHOW_CREATE;
|
|
|
|
if (!lex->select_lex.add_table_to_list(YYTHD, $3, NULL,0))
|
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
lex->only_view= 0;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->create_info.storage_media= HA_SM_DEFAULT;
|
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
| CREATE VIEW_SYM table_ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sql_command = SQLCOM_SHOW_CREATE;
|
|
|
|
if (!lex->select_lex.add_table_to_list(YYTHD, $3, NULL, 0))
|
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
lex->only_view= 1;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2000-07-31 21:29:14 +02:00
|
|
|
| MASTER_SYM STATUS_SYM
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->sql_command = SQLCOM_SHOW_MASTER_STAT;
|
2000-08-22 00:39:08 +03:00
|
|
|
}
|
2000-07-31 21:29:14 +02:00
|
|
|
| SLAVE STATUS_SYM
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->sql_command = SQLCOM_SHOW_SLAVE_STAT;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CREATE PROCEDURE sp_name
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sql_command = SQLCOM_SHOW_CREATE_PROC;
|
|
|
|
lex->spname= $3;
|
|
|
|
}
|
|
|
|
| CREATE FUNCTION_SYM sp_name
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sql_command = SQLCOM_SHOW_CREATE_FUNC;
|
|
|
|
lex->spname= $3;
|
|
|
|
}
|
|
|
|
| CREATE TRIGGER_SYM sp_name
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_CREATE_TRIGGER;
|
|
|
|
lex->spname= $3;
|
|
|
|
}
|
|
|
|
| PROCEDURE STATUS_SYM wild_and_where
|
|
|
|
{
|
2004-11-13 13:56:39 +03:00
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_STATUS_PROC;
|
2004-11-13 13:56:39 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_PROCEDURES))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| FUNCTION_SYM STATUS_SYM wild_and_where
|
|
|
|
{
|
2004-11-13 13:56:39 +03:00
|
|
|
LEX *lex= Lex;
|
2006-06-20 13:20:32 +03:00
|
|
|
lex->sql_command= SQLCOM_SHOW_STATUS_FUNC;
|
2004-11-13 13:56:39 +03:00
|
|
|
if (prepare_schema_table(YYTHD, lex, 0, SCH_PROCEDURES))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2005-11-17 11:11:48 +01:00
|
|
|
| PROCEDURE CODE_SYM sp_name
|
|
|
|
{
|
|
|
|
#ifdef DBUG_OFF
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
2005-11-17 11:11:48 +01:00
|
|
|
#else
|
|
|
|
Lex->sql_command= SQLCOM_SHOW_PROC_CODE;
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->spname= $3;
|
2005-11-17 11:11:48 +01:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
| FUNCTION_SYM CODE_SYM sp_name
|
|
|
|
{
|
|
|
|
#ifdef DBUG_OFF
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
2005-11-17 11:11:48 +01:00
|
|
|
#else
|
|
|
|
Lex->sql_command= SQLCOM_SHOW_FUNC_CODE;
|
2007-08-14 20:31:06 -06:00
|
|
|
Lex->spname= $3;
|
2005-11-17 11:11:48 +01:00
|
|
|
#endif
|
|
|
|
}
|
2005-12-02 13:07:02 +01:00
|
|
|
| CREATE EVENT_SYM sp_name
|
|
|
|
{
|
2005-12-05 11:45:04 +01:00
|
|
|
Lex->spname= $3;
|
2006-06-27 10:53:26 +02:00
|
|
|
Lex->sql_command = SQLCOM_SHOW_CREATE_EVENT;
|
2006-01-11 12:49:56 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-12-10 04:31:42 +00:00
|
|
|
show_engine_param:
|
2007-08-14 20:31:06 -06:00
|
|
|
STATUS_SYM
|
|
|
|
{ Lex->sql_command= SQLCOM_SHOW_ENGINE_STATUS; }
|
|
|
|
| MUTEX_SYM
|
|
|
|
{ Lex->sql_command= SQLCOM_SHOW_ENGINE_MUTEX; }
|
|
|
|
| LOGS_SYM
|
|
|
|
{ Lex->sql_command= SQLCOM_SHOW_ENGINE_LOGS; }
|
|
|
|
;
|
2003-12-10 04:31:42 +00:00
|
|
|
|
2003-07-12 23:31:21 +02:00
|
|
|
master_or_binary:
|
2007-08-14 20:31:06 -06:00
|
|
|
MASTER_SYM
|
|
|
|
| BINARY
|
|
|
|
;
|
2003-07-12 23:31:21 +02:00
|
|
|
|
2003-12-17 22:52:03 +00:00
|
|
|
opt_storage:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| STORAGE_SYM
|
|
|
|
;
|
2003-12-17 22:52:03 +00:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
opt_db:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= 0; }
|
|
|
|
| from_or_in ident { $$= $2.str; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-01-22 05:32:58 +02:00
|
|
|
opt_full:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->verbose=0; }
|
|
|
|
| FULL { Lex->verbose=1; }
|
|
|
|
;
|
2001-01-22 05:32:58 +02:00
|
|
|
|
2001-06-28 10:49:16 +03:00
|
|
|
from_or_in:
|
2007-08-14 20:31:06 -06:00
|
|
|
FROM
|
|
|
|
| IN_SYM
|
|
|
|
;
|
2001-06-28 10:49:16 +03:00
|
|
|
|
2001-06-21 13:19:24 -06:00
|
|
|
binlog_in:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->mi.log_file_name = 0; }
|
|
|
|
| IN_SYM TEXT_STRING_sys { Lex->mi.log_file_name = $2.str; }
|
|
|
|
;
|
2001-06-21 13:19:24 -06:00
|
|
|
|
|
|
|
binlog_from:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->mi.pos = 4; /* skip magic number */ }
|
|
|
|
| FROM ulonglong_num { Lex->mi.pos = $2; }
|
|
|
|
;
|
2001-06-21 13:19:24 -06:00
|
|
|
|
2004-11-13 13:56:39 +03:00
|
|
|
wild_and_where:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| LIKE TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->wild= new (YYTHD->mem_root) String($2.str, $2.length,
|
|
|
|
system_charset_info);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (Lex->wild == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| WHERE expr
|
|
|
|
{
|
|
|
|
Select->where= $2;
|
|
|
|
if ($2)
|
|
|
|
$2->top_level_item();
|
|
|
|
}
|
|
|
|
;
|
2001-06-21 13:19:24 -06:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* A Oracle compatible synonym for show */
|
|
|
|
describe:
|
2007-08-14 20:31:06 -06:00
|
|
|
describe_command table_ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->lock_option= TL_READ;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->current_select->parsing_place= SELECT_LIST;
|
|
|
|
lex->sql_command= SQLCOM_SHOW_FIELDS;
|
|
|
|
lex->select_lex.db= 0;
|
|
|
|
lex->verbose= 0;
|
|
|
|
if (prepare_schema_table(YYTHD, lex, $2, SCH_COLUMNS))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
opt_describe_column {}
|
|
|
|
| describe_command opt_extended_describe
|
|
|
|
{ Lex->describe|= DESCRIBE_NORMAL; }
|
|
|
|
select
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->select_lex.options|= SELECT_DESCRIBE;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
describe_command:
|
2007-08-14 20:31:06 -06:00
|
|
|
DESC
|
|
|
|
| DESCRIBE
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-10-16 15:54:47 +03:00
|
|
|
opt_extended_describe:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| EXTENDED_SYM { Lex->describe|= DESCRIBE_EXTENDED; }
|
|
|
|
| PARTITIONS_SYM { Lex->describe|= DESCRIBE_PARTITIONS; }
|
|
|
|
;
|
2005-12-22 12:29:00 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
opt_describe_column:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| text_string { Lex->wild= $1; }
|
|
|
|
| ident
|
|
|
|
{
|
|
|
|
Lex->wild= new (YYTHD->mem_root) String((const char*) $1.str,
|
|
|
|
$1.length,
|
|
|
|
system_charset_info);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (Lex->wild == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
|
|
|
|
/* flush things */
|
|
|
|
|
|
|
|
flush:
|
2007-08-14 20:31:06 -06:00
|
|
|
FLUSH_SYM opt_no_write_to_binlog
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_FLUSH;
|
|
|
|
lex->type= 0;
|
|
|
|
lex->no_write_to_binlog= $2;
|
|
|
|
}
|
|
|
|
flush_options
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
flush_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
flush_options ',' flush_option
|
|
|
|
| flush_option
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
flush_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_or_tables
|
|
|
|
{ Lex->type|= REFRESH_TABLES; }
|
|
|
|
opt_table_list {}
|
|
|
|
| TABLES WITH READ_SYM LOCK_SYM
|
|
|
|
{ Lex->type|= REFRESH_TABLES | REFRESH_READ_LOCK; }
|
|
|
|
| QUERY_SYM CACHE_SYM
|
|
|
|
{ Lex->type|= REFRESH_QUERY_CACHE_FREE; }
|
|
|
|
| HOSTS_SYM
|
|
|
|
{ Lex->type|= REFRESH_HOSTS; }
|
|
|
|
| PRIVILEGES
|
|
|
|
{ Lex->type|= REFRESH_GRANT; }
|
|
|
|
| LOGS_SYM
|
|
|
|
{ Lex->type|= REFRESH_LOG; }
|
|
|
|
| STATUS_SYM
|
|
|
|
{ Lex->type|= REFRESH_STATUS; }
|
|
|
|
| SLAVE
|
|
|
|
{ Lex->type|= REFRESH_SLAVE; }
|
|
|
|
| MASTER_SYM
|
|
|
|
{ Lex->type|= REFRESH_MASTER; }
|
|
|
|
| DES_KEY_FILE
|
|
|
|
{ Lex->type|= REFRESH_DES_KEY_FILE; }
|
|
|
|
| RESOURCES
|
|
|
|
{ Lex->type|= REFRESH_USER_RESOURCES; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2000-08-22 00:18:32 +03:00
|
|
|
opt_table_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| table_list {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2000-10-14 11:16:17 +03:00
|
|
|
reset:
|
2007-08-14 20:31:06 -06:00
|
|
|
RESET_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_RESET; lex->type=0;
|
|
|
|
}
|
|
|
|
reset_options
|
|
|
|
{}
|
|
|
|
;
|
2002-11-28 18:57:56 +01:00
|
|
|
|
2000-10-14 11:16:17 +03:00
|
|
|
reset_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
reset_options ',' reset_option
|
|
|
|
| reset_option
|
|
|
|
;
|
2000-10-14 11:16:17 +03:00
|
|
|
|
|
|
|
reset_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
SLAVE { Lex->type|= REFRESH_SLAVE; }
|
2001-12-02 14:34:01 +02:00
|
|
|
| MASTER_SYM { Lex->type|= REFRESH_MASTER; }
|
2007-08-14 20:31:06 -06:00
|
|
|
| QUERY_SYM CACHE_SYM { Lex->type|= REFRESH_QUERY_CACHE;}
|
|
|
|
;
|
2000-10-14 11:16:17 +03:00
|
|
|
|
2000-10-26 22:11:55 -06:00
|
|
|
purge:
|
2007-08-14 20:31:06 -06:00
|
|
|
PURGE
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->type=0;
|
|
|
|
lex->sql_command = SQLCOM_PURGE;
|
|
|
|
}
|
|
|
|
purge_options
|
|
|
|
{}
|
|
|
|
;
|
2003-02-16 20:39:12 +04:00
|
|
|
|
|
|
|
purge_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
master_or_binary LOGS_SYM purge_option
|
|
|
|
;
|
2003-02-16 20:39:12 +04:00
|
|
|
|
|
|
|
purge_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
TO_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
Lex->to_log = $2.str;
|
|
|
|
}
|
|
|
|
| BEFORE_SYM expr
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->value_list.empty();
|
|
|
|
lex->value_list.push_front($2);
|
|
|
|
lex->sql_command= SQLCOM_PURGE_BEFORE;
|
|
|
|
}
|
|
|
|
;
|
2000-10-26 22:11:55 -06:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* kill threads */
|
|
|
|
|
|
|
|
kill:
|
2007-08-14 20:31:06 -06:00
|
|
|
KILL_SYM kill_option expr
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->value_list.empty();
|
|
|
|
lex->value_list.push_front($3);
|
|
|
|
lex->sql_command= SQLCOM_KILL;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-11-11 19:01:46 -08:00
|
|
|
kill_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->type= 0; }
|
|
|
|
| CONNECTION_SYM { Lex->type= 0; }
|
|
|
|
| QUERY_SYM { Lex->type= ONLY_KILL_QUERY; }
|
2006-03-06 20:53:14 +01:00
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* change database */
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
use:
|
|
|
|
USE_SYM ident
|
2006-03-15 19:15:52 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command=SQLCOM_CHANGE_DB;
|
|
|
|
lex->select_lex.db= $2.str;
|
2006-03-15 19:15:52 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2001-05-05 09:41:47 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* import, export of files */
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
load:
|
|
|
|
LOAD DATA_SYM
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2007-04-25 21:38:12 -06:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "LOAD DATA");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->fname_start= lip->get_ptr();
|
|
|
|
}
|
|
|
|
load_data
|
|
|
|
{}
|
|
|
|
| LOAD TABLE_SYM table_ident FROM MASTER_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2009-02-16 08:38:15 -03:00
|
|
|
WARN_DEPRECATED(yythd, "6.0", "LOAD TABLE FROM MASTER",
|
2007-08-14 20:31:06 -06:00
|
|
|
"MySQL Administrator (mysqldump, mysql)");
|
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "LOAD TABLE");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command = SQLCOM_LOAD_MASTER_TABLE;
|
|
|
|
if (!Select->add_table_to_list(YYTHD, $3, NULL, TL_OPTION_UPDATING))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2005-03-16 04:32:47 +03:00
|
|
|
|
|
|
|
load_data:
|
2007-08-14 20:31:06 -06:00
|
|
|
load_data_lock opt_local INFILE TEXT_STRING_filesystem
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_LOAD;
|
|
|
|
lex->lock_option= $1;
|
|
|
|
lex->local_file= $2;
|
|
|
|
lex->duplicates= DUP_ERROR;
|
|
|
|
lex->ignore= 0;
|
|
|
|
if (!(lex->exchange= new sql_exchange($4.str, 0)))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
opt_duplicate INTO
|
|
|
|
{
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex->fname_end= YYLIP->get_ptr();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
TABLE_SYM table_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (!Select->add_table_to_list(YYTHD, $10, NULL, TL_OPTION_UPDATING,
|
|
|
|
lex->lock_option))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->field_list.empty();
|
|
|
|
lex->update_list.empty();
|
|
|
|
lex->value_list.empty();
|
|
|
|
}
|
|
|
|
opt_load_data_charset
|
|
|
|
{ Lex->exchange->cs= $12; }
|
|
|
|
opt_field_term opt_line_term opt_ignore_lines opt_field_or_var_spec
|
|
|
|
opt_load_data_set_spec
|
|
|
|
{}
|
|
|
|
| FROM MASTER_SYM
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_LOAD_MASTER_DATA;
|
2009-02-16 08:38:15 -03:00
|
|
|
WARN_DEPRECATED(yythd, "6.0", "LOAD DATA FROM MASTER",
|
2007-08-14 20:31:06 -06:00
|
|
|
"mysqldump or future "
|
|
|
|
"BACKUP/RESTORE DATABASE facility");
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_local:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=0;}
|
|
|
|
| LOCAL_SYM { $$=1;}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-05-05 09:41:47 +03:00
|
|
|
load_data_lock:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= TL_WRITE_DEFAULT; }
|
|
|
|
| CONCURRENT
|
2006-03-15 19:15:52 +02:00
|
|
|
{
|
|
|
|
#ifdef HAVE_QUERY_CACHE
|
|
|
|
/*
|
|
|
|
Ignore this option in SP to avoid problem with query cache
|
|
|
|
*/
|
|
|
|
if (Lex->sphead != 0)
|
2007-06-03 09:40:00 +03:00
|
|
|
$$= TL_WRITE_DEFAULT;
|
2006-11-29 15:51:53 +03:00
|
|
|
else
|
2006-03-15 19:15:52 +02:00
|
|
|
#endif
|
|
|
|
$$= TL_WRITE_CONCURRENT_INSERT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| LOW_PRIORITY { $$= TL_WRITE_LOW_PRIORITY; }
|
|
|
|
;
|
2001-05-05 09:41:47 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
opt_duplicate:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { Lex->duplicates=DUP_ERROR; }
|
|
|
|
| REPLACE { Lex->duplicates=DUP_REPLACE; }
|
|
|
|
| IGNORE_SYM { Lex->ignore= 1; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_field_term:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| COLUMNS field_term_list
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_term_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
field_term_list field_term
|
|
|
|
| field_term
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_term:
|
2007-08-14 20:31:06 -06:00
|
|
|
TERMINATED BY text_string
|
2004-10-10 14:40:24 +05:00
|
|
|
{
|
2005-02-25 16:53:22 +02:00
|
|
|
DBUG_ASSERT(Lex->exchange != 0);
|
2004-10-10 14:40:24 +05:00
|
|
|
Lex->exchange->field_term= $3;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| OPTIONALLY ENCLOSED BY text_string
|
|
|
|
{
|
2004-10-10 15:29:06 +05:00
|
|
|
LEX *lex= Lex;
|
2005-02-25 16:53:22 +02:00
|
|
|
DBUG_ASSERT(lex->exchange != 0);
|
2004-10-10 15:29:06 +05:00
|
|
|
lex->exchange->enclosed= $4;
|
|
|
|
lex->exchange->opt_enclosed= 1;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2004-10-10 15:29:06 +05:00
|
|
|
| ENCLOSED BY text_string
|
2004-10-10 14:40:24 +05:00
|
|
|
{
|
2005-02-25 16:53:22 +02:00
|
|
|
DBUG_ASSERT(Lex->exchange != 0);
|
2004-10-10 14:40:24 +05:00
|
|
|
Lex->exchange->enclosed= $3;
|
|
|
|
}
|
2004-10-10 15:29:06 +05:00
|
|
|
| ESCAPED BY text_string
|
2004-10-10 14:40:24 +05:00
|
|
|
{
|
2005-02-25 16:53:22 +02:00
|
|
|
DBUG_ASSERT(Lex->exchange != 0);
|
2004-10-10 14:40:24 +05:00
|
|
|
Lex->exchange->escaped= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_line_term:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| LINES line_term_list
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
line_term_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
line_term_list line_term
|
|
|
|
| line_term
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
line_term:
|
2007-08-14 20:31:06 -06:00
|
|
|
TERMINATED BY text_string
|
2004-10-10 14:40:24 +05:00
|
|
|
{
|
2005-02-25 16:53:22 +02:00
|
|
|
DBUG_ASSERT(Lex->exchange != 0);
|
2004-10-10 14:40:24 +05:00
|
|
|
Lex->exchange->line_term= $3;
|
|
|
|
}
|
2004-10-10 15:29:06 +05:00
|
|
|
| STARTING BY text_string
|
2004-10-10 14:40:24 +05:00
|
|
|
{
|
2005-02-25 16:53:22 +02:00
|
|
|
DBUG_ASSERT(Lex->exchange != 0);
|
2004-10-10 14:40:24 +05:00
|
|
|
Lex->exchange->line_start= $3;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_ignore_lines:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
2004-10-10 15:29:06 +05:00
|
|
|
| IGNORE_SYM NUM LINES
|
|
|
|
{
|
2005-02-25 16:53:22 +02:00
|
|
|
DBUG_ASSERT(Lex->exchange != 0);
|
2004-10-10 14:40:24 +05:00
|
|
|
Lex->exchange->skip_lines= atol($2.str);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-03-16 04:32:47 +03:00
|
|
|
opt_field_or_var_spec:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| '(' fields_or_vars ')' {}
|
|
|
|
| '(' ')' {}
|
|
|
|
;
|
2005-03-16 04:32:47 +03:00
|
|
|
|
|
|
|
fields_or_vars:
|
2007-08-14 20:31:06 -06:00
|
|
|
fields_or_vars ',' field_or_var
|
2005-03-16 04:32:47 +03:00
|
|
|
{ Lex->field_list.push_back($3); }
|
|
|
|
| field_or_var
|
|
|
|
{ Lex->field_list.push_back($1); }
|
|
|
|
;
|
2005-04-04 00:50:05 +02:00
|
|
|
|
2005-03-16 04:32:47 +03:00
|
|
|
field_or_var:
|
2007-08-14 20:31:06 -06:00
|
|
|
simple_ident_nospvar {$$= $1;}
|
2005-03-16 04:32:47 +03:00
|
|
|
| '@' ident_or_text
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_user_var_as_out_param($2);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-03-16 04:32:47 +03:00
|
|
|
;
|
|
|
|
|
|
|
|
opt_load_data_set_spec:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| SET insert_update_list {}
|
|
|
|
;
|
2005-03-16 04:32:47 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* Common definitions */
|
|
|
|
|
|
|
|
text_literal:
|
2007-08-14 20:31:06 -06:00
|
|
|
TEXT_STRING
|
|
|
|
{
|
|
|
|
LEX_STRING tmp;
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
CHARSET_INFO *cs_con= thd->variables.collation_connection;
|
|
|
|
CHARSET_INFO *cs_cli= thd->variables.character_set_client;
|
|
|
|
uint repertoire= thd->lex->text_string_is_7bit &&
|
2007-08-03 15:25:23 +05:00
|
|
|
my_charset_is_ascii_based(cs_cli) ?
|
2007-08-14 20:31:06 -06:00
|
|
|
MY_REPERTOIRE_ASCII : MY_REPERTOIRE_UNICODE30;
|
|
|
|
if (thd->charset_is_collation_connection ||
|
|
|
|
(repertoire == MY_REPERTOIRE_ASCII &&
|
|
|
|
my_charset_is_ascii_based(cs_con)))
|
|
|
|
tmp= $1;
|
|
|
|
else
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
if (thd->convert_string(&tmp, cs_con, $1.str, $1.length, cs_cli))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
$$= new (thd->mem_root) Item_string(tmp.str, tmp.length, cs_con,
|
|
|
|
DERIVATION_COERCIBLE,
|
|
|
|
repertoire);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2007-08-03 15:25:23 +05:00
|
|
|
| NCHAR_STRING
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
uint repertoire= Lex->text_string_is_7bit ?
|
|
|
|
MY_REPERTOIRE_ASCII : MY_REPERTOIRE_UNICODE30;
|
|
|
|
DBUG_ASSERT(my_charset_is_ascii_based(national_charset_info));
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root) Item_string($1.str, $1.length,
|
|
|
|
national_charset_info,
|
|
|
|
DERIVATION_COERCIBLE,
|
|
|
|
repertoire);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2007-08-03 15:25:23 +05:00
|
|
|
| UNDERSCORE_CHARSET TEXT_STRING
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item_string *str= new (YYTHD->mem_root) Item_string($2.str,
|
|
|
|
$2.length, $1);
|
|
|
|
if (str == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2008-02-12 22:09:16 +03:00
|
|
|
str->set_repertoire_from_value();
|
|
|
|
str->set_cs_specified(TRUE);
|
|
|
|
|
|
|
|
$$= str;
|
2007-08-03 15:25:23 +05:00
|
|
|
}
|
|
|
|
| text_literal TEXT_STRING_literal
|
|
|
|
{
|
|
|
|
Item_string* item= (Item_string*) $1;
|
|
|
|
item->append($2.str, $2.length);
|
|
|
|
if (!(item->collation.repertoire & MY_REPERTOIRE_EXTENDED))
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
If the string has been pure ASCII so far,
|
|
|
|
check the new part.
|
|
|
|
*/
|
|
|
|
CHARSET_INFO *cs= YYTHD->variables.collation_connection;
|
|
|
|
item->collation.repertoire|= my_string_repertoire(cs,
|
|
|
|
$2.str,
|
|
|
|
$2.length);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
text_string:
|
2007-08-14 20:31:06 -06:00
|
|
|
TEXT_STRING_literal
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) String($1.str,
|
|
|
|
$1.length,
|
|
|
|
YYTHD->variables.collation_connection);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| HEX_NUM
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *tmp= new (YYTHD->mem_root) Item_hex_string($1.str, $1.length);
|
|
|
|
if (tmp == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
it is OK only emulate fix_fields, because we need only
|
2004-03-18 15:14:36 +02:00
|
|
|
value of constant
|
2007-08-14 20:31:06 -06:00
|
|
|
*/
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
tmp->quick_fix_field();
|
|
|
|
$$= tmp->val_str((String*) 0);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2004-12-17 18:06:05 +04:00
|
|
|
| BIN_NUM
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *tmp= new (YYTHD->mem_root) Item_bin_string($1.str, $1.length);
|
|
|
|
if (tmp == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
it is OK only emulate fix_fields, because we need only
|
2004-12-17 18:06:05 +04:00
|
|
|
value of constant
|
2007-08-14 20:31:06 -06:00
|
|
|
*/
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
tmp->quick_fix_field();
|
|
|
|
$$= tmp->val_str((String*) 0);
|
2004-12-17 18:06:05 +04:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2003-02-12 21:55:37 +02:00
|
|
|
|
2002-06-12 14:13:12 -07:00
|
|
|
param_marker:
|
2007-08-14 20:31:06 -06:00
|
|
|
PARAM_MARKER
|
2002-06-12 14:13:12 -07:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2007-08-14 20:31:06 -06:00
|
|
|
Item_param *item;
|
|
|
|
if (! lex->parsing_options.allows_variable)
|
|
|
|
{
|
|
|
|
my_error(ER_VIEW_SELECT_VARIABLE, MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
item= new (thd->mem_root) Item_param((uint) (lip->get_tok_start() - thd->query));
|
2007-08-14 20:31:06 -06:00
|
|
|
if (!($$= item) || lex->param_list.push_back(item))
|
|
|
|
{
|
|
|
|
my_message(ER_OUT_OF_RESOURCES, ER(ER_OUT_OF_RESOURCES), MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2002-06-12 14:13:12 -07:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2003-02-12 21:55:37 +02:00
|
|
|
|
2003-12-11 16:05:51 +00:00
|
|
|
signed_literal:
|
2007-08-14 20:31:06 -06:00
|
|
|
literal { $$ = $1; }
|
|
|
|
| '+' NUM_literal { $$ = $2; }
|
|
|
|
| '-' NUM_literal
|
|
|
|
{
|
|
|
|
$2->max_length++;
|
|
|
|
$$= $2->neg();
|
|
|
|
}
|
|
|
|
;
|
2003-12-11 16:05:51 +00:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
literal:
|
2007-08-14 20:31:06 -06:00
|
|
|
text_literal { $$ = $1; }
|
|
|
|
| NUM_literal { $$ = $1; }
|
|
|
|
| NULL_SYM
|
2007-04-25 21:38:12 -06:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$ = new (YYTHD->mem_root) Item_null();
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2008-07-14 15:41:30 -06:00
|
|
|
YYLIP->next_state= MY_LEX_OPERATOR_OR_IDENT;
|
2007-04-25 21:38:12 -06:00
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
| FALSE_SYM
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_int((char*) "FALSE",0,1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| TRUE_SYM
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_int((char*) "TRUE",1,1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| HEX_NUM
|
|
|
|
{
|
|
|
|
$$ = new (YYTHD->mem_root) Item_hex_string($1.str, $1.length);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| BIN_NUM
|
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_bin_string($1.str, $1.length);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-03 15:25:23 +05:00
|
|
|
| UNDERSCORE_CHARSET HEX_NUM
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *tmp= new (YYTHD->mem_root) Item_hex_string($2.str, $2.length);
|
|
|
|
if (tmp == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-03 15:25:23 +05:00
|
|
|
/*
|
|
|
|
it is OK only emulate fix_fieds, because we need only
|
2004-03-18 15:14:36 +02:00
|
|
|
value of constant
|
2007-08-03 15:25:23 +05:00
|
|
|
*/
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
tmp->quick_fix_field();
|
|
|
|
String *str= tmp->val_str((String*) 0);
|
|
|
|
|
|
|
|
Item_string *item_str;
|
|
|
|
item_str= new (YYTHD->mem_root)
|
|
|
|
Item_string(NULL, /* name will be set in select_item */
|
|
|
|
str ? str->ptr() : "",
|
|
|
|
str ? str->length() : 0,
|
|
|
|
$1);
|
2008-02-12 22:09:16 +03:00
|
|
|
if (!item_str ||
|
|
|
|
!item_str->check_well_formed_result(&item_str->str_value, TRUE))
|
2007-10-11 16:07:10 +05:00
|
|
|
{
|
2007-10-15 18:40:58 +05:00
|
|
|
MYSQL_YYABORT;
|
2007-10-11 16:07:10 +05:00
|
|
|
}
|
2008-02-12 22:09:16 +03:00
|
|
|
|
|
|
|
item_str->set_repertoire_from_value();
|
|
|
|
item_str->set_cs_specified(TRUE);
|
|
|
|
|
|
|
|
$$= item_str;
|
2007-08-03 15:25:23 +05:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| UNDERSCORE_CHARSET BIN_NUM
|
2004-12-17 18:06:05 +04:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *tmp= new (YYTHD->mem_root) Item_bin_string($2.str, $2.length);
|
|
|
|
if (tmp == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
it is OK only emulate fix_fieds, because we need only
|
2004-12-17 18:06:05 +04:00
|
|
|
value of constant
|
2007-08-14 20:31:06 -06:00
|
|
|
*/
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
tmp->quick_fix_field();
|
|
|
|
String *str= tmp->val_str((String*) 0);
|
|
|
|
|
|
|
|
Item_string *item_str;
|
|
|
|
item_str= new (YYTHD->mem_root)
|
|
|
|
Item_string(NULL, /* name will be set in select_item */
|
|
|
|
str ? str->ptr() : "",
|
|
|
|
str ? str->length() : 0,
|
|
|
|
$1);
|
2008-02-12 22:09:16 +03:00
|
|
|
if (!item_str ||
|
|
|
|
!item_str->check_well_formed_result(&item_str->str_value, TRUE))
|
2007-10-11 16:07:10 +05:00
|
|
|
{
|
2007-10-15 18:40:58 +05:00
|
|
|
MYSQL_YYABORT;
|
2007-10-11 16:07:10 +05:00
|
|
|
}
|
2008-02-12 22:09:16 +03:00
|
|
|
|
|
|
|
item_str->set_cs_specified(TRUE);
|
|
|
|
|
|
|
|
$$= item_str;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2007-11-05 16:52:04 -07:00
|
|
|
| DATE_SYM text_literal { $$ = $2; }
|
|
|
|
| TIME_SYM text_literal { $$ = $2; }
|
|
|
|
| TIMESTAMP text_literal { $$ = $2; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-12-11 00:28:25 +00:00
|
|
|
NUM_literal:
|
2007-08-14 20:31:06 -06:00
|
|
|
NUM
|
|
|
|
{
|
|
|
|
int error;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root)
|
|
|
|
Item_int($1.str,
|
|
|
|
(longlong) my_strtoll10($1.str, NULL, &error),
|
|
|
|
$1.length);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| LONG_NUM
|
|
|
|
{
|
|
|
|
int error;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root)
|
|
|
|
Item_int($1.str,
|
|
|
|
(longlong) my_strtoll10($1.str, NULL, &error),
|
|
|
|
$1.length);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| ULONGLONG_NUM
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
$$= new (YYTHD->mem_root) Item_uint($1.str, $1.length);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-02-09 02:50:45 +04:00
|
|
|
| DECIMAL_NUM
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root) Item_decimal($1.str, $1.length,
|
|
|
|
YYTHD->charset());
|
|
|
|
if (($$ == NULL) || (YYTHD->is_error()))
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| FLOAT_NUM
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root) Item_float($1.str, $1.length);
|
|
|
|
if (($$ == NULL) || (YYTHD->is_error()))
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
;
|
2005-04-04 00:50:05 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/**********************************************************************
|
2005-04-04 00:50:05 +02:00
|
|
|
** Creating different items.
|
2000-07-31 21:29:14 +02:00
|
|
|
**********************************************************************/
|
|
|
|
|
|
|
|
insert_ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
simple_ident_nospvar { $$=$1; }
|
|
|
|
| table_wild { $$=$1; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
table_wild:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident '.' '*'
|
|
|
|
{
|
|
|
|
SELECT_LEX *sel= Select;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new (YYTHD->mem_root) Item_field(Lex->current_context(),
|
|
|
|
NullS, $1.str, "*");
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
sel->with_wild++;
|
|
|
|
}
|
|
|
|
| ident '.' ident '.' '*'
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
THD *thd= YYTHD;
|
2007-08-14 20:31:06 -06:00
|
|
|
SELECT_LEX *sel= Select;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
const char* schema= thd->client_capabilities & CLIENT_NO_SCHEMA ?
|
|
|
|
NullS : $1.str;
|
|
|
|
$$= new (thd->mem_root) Item_field(Lex->current_context(),
|
|
|
|
schema,
|
|
|
|
$3.str,"*");
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
sel->with_wild++;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
order_ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
expr { $$=$1; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
simple_ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_variable_t *spv;
|
|
|
|
sp_pcontext *spc = lex->spcont;
|
|
|
|
if (spc && (spv = spc->find_variable(&$1)))
|
2006-10-12 18:02:57 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
/* We're compiling a stored procedure and found a variable */
|
|
|
|
if (! lex->parsing_options.allows_variable)
|
|
|
|
{
|
|
|
|
my_error(ER_VIEW_SELECT_VARIABLE, MYF(0));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-10-12 18:02:57 +04:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
Item_splocal *splocal;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
splocal= new (thd->mem_root)
|
|
|
|
Item_splocal($1, spv->offset, spv->type,
|
|
|
|
lip->get_tok_start_prev() - lex->sphead->m_tmp_query,
|
|
|
|
lip->get_tok_end() - lip->get_tok_start_prev());
|
|
|
|
if (splocal == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2005-11-23 12:26:07 +02:00
|
|
|
#ifndef DBUG_OFF
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
splocal->m_sp= lex->sphead;
|
2005-11-23 00:50:37 +02:00
|
|
|
#endif
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= splocal;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->safe_to_cache_query=0;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
SELECT_LEX *sel=Select;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ((sel->parsing_place != IN_HAVING) ||
|
|
|
|
(sel->get_in_sum_expr() > 0))
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_field(Lex->current_context(),
|
|
|
|
NullS, NullS, $1.str);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_ref(Lex->current_context(),
|
|
|
|
NullS, NullS, $1.str);
|
|
|
|
}
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
| simple_ident_q { $$= $1; }
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
simple_ident_nospvar:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
THD *thd= YYTHD;
|
2007-08-14 20:31:06 -06:00
|
|
|
SELECT_LEX *sel=Select;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ((sel->parsing_place != IN_HAVING) ||
|
|
|
|
(sel->get_in_sum_expr() > 0))
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_field(Lex->current_context(),
|
|
|
|
NullS, NullS, $1.str);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_ref(Lex->current_context(),
|
|
|
|
NullS, NullS, $1.str);
|
|
|
|
}
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| simple_ident_q { $$= $1; }
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
simple_ident_q:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident '.' ident
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2005-04-04 00:50:05 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
FIXME This will work ok in simple_ident_nospvar case because
|
|
|
|
we can't meet simple_ident_nospvar in trigger now. But it
|
|
|
|
should be changed in future.
|
|
|
|
*/
|
|
|
|
if (lex->sphead && lex->sphead->m_type == TYPE_ENUM_TRIGGER &&
|
|
|
|
(!my_strcasecmp(system_charset_info, $1.str, "NEW") ||
|
|
|
|
!my_strcasecmp(system_charset_info, $1.str, "OLD")))
|
2004-11-11 19:01:46 -08:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
Item_trigger_field *trg_fld;
|
|
|
|
bool new_row= ($1.str[0]=='N' || $1.str[0]=='n');
|
2005-04-04 00:50:05 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->trg_chistics.event == TRG_EVENT_INSERT &&
|
|
|
|
!new_row)
|
|
|
|
{
|
|
|
|
my_error(ER_TRG_NO_SUCH_ROW_IN_TRG, MYF(0), "OLD", "on INSERT");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-04-04 00:50:05 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->trg_chistics.event == TRG_EVENT_DELETE &&
|
|
|
|
new_row)
|
|
|
|
{
|
|
|
|
my_error(ER_TRG_NO_SUCH_ROW_IN_TRG, MYF(0), "NEW", "on DELETE");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-04-04 00:50:05 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
DBUG_ASSERT(!new_row ||
|
|
|
|
(lex->trg_chistics.event == TRG_EVENT_INSERT ||
|
|
|
|
lex->trg_chistics.event == TRG_EVENT_UPDATE));
|
|
|
|
const bool read_only=
|
|
|
|
!(new_row && lex->trg_chistics.action_time == TRG_ACTION_BEFORE);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
trg_fld= new (thd->mem_root)
|
|
|
|
Item_trigger_field(Lex->current_context(),
|
|
|
|
new_row ?
|
|
|
|
Item_trigger_field::NEW_ROW:
|
|
|
|
Item_trigger_field::OLD_ROW,
|
|
|
|
$3.str,
|
|
|
|
SELECT_ACL,
|
|
|
|
read_only);
|
|
|
|
if (trg_fld == NULL)
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
|
|
|
|
/*
|
|
|
|
Let us add this item to list of all Item_trigger_field objects
|
|
|
|
in trigger.
|
|
|
|
*/
|
|
|
|
lex->trg_table_fields.link_in_list((uchar*) trg_fld,
|
|
|
|
(uchar**) &trg_fld->next_trg_field);
|
2000-07-31 21:29:14 +02:00
|
|
|
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= trg_fld;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
SELECT_LEX *sel= lex->current_select;
|
|
|
|
if (sel->no_table_names_allowed)
|
|
|
|
{
|
|
|
|
my_error(ER_TABLENAME_NOT_ALLOWED_HERE,
|
|
|
|
MYF(0), $1.str, thd->where);
|
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ((sel->parsing_place != IN_HAVING) ||
|
|
|
|
(sel->get_in_sum_expr() > 0))
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_field(Lex->current_context(),
|
|
|
|
NullS, $1.str, $3.str);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_ref(Lex->current_context(),
|
|
|
|
NullS, $1.str, $3.str);
|
|
|
|
}
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
}
|
|
|
|
| '.' ident '.' ident
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
SELECT_LEX *sel= lex->current_select;
|
|
|
|
if (sel->no_table_names_allowed)
|
|
|
|
{
|
|
|
|
my_error(ER_TABLENAME_NOT_ALLOWED_HERE,
|
|
|
|
MYF(0), $2.str, thd->where);
|
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ((sel->parsing_place != IN_HAVING) ||
|
|
|
|
(sel->get_in_sum_expr() > 0))
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_field(Lex->current_context(),
|
|
|
|
NullS, $2.str, $4.str);
|
|
|
|
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_ref(Lex->current_context(),
|
|
|
|
NullS, $2.str, $4.str);
|
|
|
|
}
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| ident '.' ident '.' ident
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
SELECT_LEX *sel= lex->current_select;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
const char* schema= (thd->client_capabilities & CLIENT_NO_SCHEMA ?
|
|
|
|
NullS : $1.str);
|
2007-08-14 20:31:06 -06:00
|
|
|
if (sel->no_table_names_allowed)
|
|
|
|
{
|
|
|
|
my_error(ER_TABLENAME_NOT_ALLOWED_HERE,
|
|
|
|
MYF(0), $3.str, thd->where);
|
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ((sel->parsing_place != IN_HAVING) ||
|
|
|
|
(sel->get_in_sum_expr() > 0))
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_field(Lex->current_context(),
|
|
|
|
schema,
|
|
|
|
$3.str, $5.str);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
$$= new (thd->mem_root) Item_ref(Lex->current_context(),
|
|
|
|
schema,
|
|
|
|
$3.str, $5.str);
|
|
|
|
}
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
field_ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident { $$=$1;}
|
|
|
|
| ident '.' ident '.' ident
|
2005-05-31 18:06:54 +01:00
|
|
|
{
|
|
|
|
TABLE_LIST *table= (TABLE_LIST*) Select->table_list.first;
|
|
|
|
if (my_strcasecmp(table_alias_charset, $1.str, table->db))
|
|
|
|
{
|
2005-06-01 13:22:17 +02:00
|
|
|
my_error(ER_WRONG_DB_NAME, MYF(0), $1.str);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-05-31 18:06:54 +01:00
|
|
|
}
|
2005-06-01 13:22:17 +02:00
|
|
|
if (my_strcasecmp(table_alias_charset, $3.str,
|
|
|
|
table->table_name))
|
2005-05-31 18:06:54 +01:00
|
|
|
{
|
2005-06-01 13:22:17 +02:00
|
|
|
my_error(ER_WRONG_TABLE_NAME, MYF(0), $3.str);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-05-31 18:06:54 +01:00
|
|
|
}
|
|
|
|
$$=$5;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ident '.' ident
|
2005-05-31 18:06:54 +01:00
|
|
|
{
|
|
|
|
TABLE_LIST *table= (TABLE_LIST*) Select->table_list.first;
|
|
|
|
if (my_strcasecmp(table_alias_charset, $1.str, table->alias))
|
|
|
|
{
|
2005-06-01 13:22:17 +02:00
|
|
|
my_error(ER_WRONG_TABLE_NAME, MYF(0), $1.str);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2005-05-31 18:06:54 +01:00
|
|
|
}
|
|
|
|
$$=$3;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| '.' ident { $$=$2;} /* For Delphi */
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
table_ident:
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
$$= new Table_ident($1);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| ident '.' ident
|
|
|
|
{
|
|
|
|
$$= new Table_ident(YYTHD, $1,$3,0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| '.' ident
|
|
|
|
{
|
|
|
|
/* For Delphi */
|
|
|
|
$$= new Table_ident($2);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2004-01-13 12:31:25 +01:00
|
|
|
;
|
|
|
|
|
2004-06-26 14:21:32 +02:00
|
|
|
table_ident_nodb:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
LEX_STRING db={(char*) any_db,3};
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
$$= new Table_ident(YYTHD, db,$1,0);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2004-01-13 12:31:25 +01:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2003-03-17 21:56:34 +04:00
|
|
|
IDENT_sys:
|
2007-08-14 20:31:06 -06:00
|
|
|
IDENT { $$= $1; }
|
|
|
|
| IDENT_QUOTED
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
Patch for the following bugs:
- BUG#11986: Stored routines and triggers can fail if the code
has a non-ascii symbol
- BUG#16291: mysqldump corrupts string-constants with non-ascii-chars
- BUG#19443: INFORMATION_SCHEMA does not support charsets properly
- BUG#21249: Character set of SP-var can be ignored
- BUG#25212: Character set of string constant is ignored (stored routines)
- BUG#25221: Character set of string constant is ignored (triggers)
There were a few general problems that caused these bugs:
1. Character set information of the original (definition) query for views,
triggers, stored routines and events was lost.
2. mysqldump output query in client character set, which can be
inappropriate to encode definition-query.
3. INFORMATION_SCHEMA used strings with mixed encodings to display object
definition;
1. No query-definition-character set.
In order to compile query into execution code, some extra data (such as
environment variables or the database character set) is used. The problem
here was that this context was not preserved. So, on the next load it can
differ from the original one, thus the result will be different.
The context contains the following data:
- client character set;
- connection collation (character set and collation);
- collation of the owner database;
The fix is to store this context and use it each time we parse (compile)
and execute the object (stored routine, trigger, ...).
2. Wrong mysqldump-output.
The original query can contain several encodings (by means of character set
introducers). The problem here was that we tried to convert original query
to the mysqldump-client character set.
Moreover, we stored queries in different character sets for different
objects (views, for one, used UTF8, triggers used original character set).
The solution is
- to store definition queries in the original character set;
- to change SHOW CREATE statement to output definition query in the
binary character set (i.e. without any conversion);
- introduce SHOW CREATE TRIGGER statement;
- to dump special statements to switch the context to the original one
before dumping and restore it afterwards.
Note, in order to preserve the database collation at the creation time,
additional ALTER DATABASE might be used (to temporary switch the database
collation back to the original value). In this case, ALTER DATABASE
privilege will be required. This is a backward-incompatible change.
3. INFORMATION_SCHEMA showed non-UTF8 strings
The fix is to generate UTF8-query during the parsing, store it in the object
and show it in the INFORMATION_SCHEMA.
Basically, the idea is to create a copy of the original query convert it to
UTF8. Character set introducers are removed and all text literals are
converted to UTF8.
This UTF8 query is intended to provide user-readable output. It must not be
used to recreate the object. Specialized SHOW CREATE statements should be
used for this.
The reason for this limitation is the following: the original query can
contain symbols from several character sets (by means of character set
introducers).
Example:
- original query:
CREATE VIEW v1 AS SELECT _cp1251 'Hello' AS c1;
- UTF8 query (for INFORMATION_SCHEMA):
CREATE VIEW v1 AS SELECT 'Hello' AS c1;
2007-06-28 21:34:54 +04:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (thd->charset_is_system_charset)
|
2004-07-07 16:39:43 +05:00
|
|
|
{
|
|
|
|
CHARSET_INFO *cs= system_charset_info;
|
2005-04-06 11:53:15 +05:00
|
|
|
int dummy_error;
|
2004-07-07 16:39:43 +05:00
|
|
|
uint wlen= cs->cset->well_formed_len(cs, $1.str,
|
|
|
|
$1.str+$1.length,
|
2005-04-06 11:53:15 +05:00
|
|
|
$1.length, &dummy_error);
|
2004-07-07 16:39:43 +05:00
|
|
|
if (wlen < $1.length)
|
|
|
|
{
|
2004-11-13 19:35:51 +02:00
|
|
|
my_error(ER_INVALID_CHARACTER_STRING, MYF(0),
|
|
|
|
cs->csname, $1.str + wlen);
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-07-07 16:39:43 +05:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
$$= $1;
|
2004-07-07 16:39:43 +05:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
if (thd->convert_string(&$$, system_charset_info,
|
|
|
|
$1.str, $1.length, thd->charset()))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2003-03-17 21:56:34 +04:00
|
|
|
|
|
|
|
TEXT_STRING_sys:
|
2007-08-14 20:31:06 -06:00
|
|
|
TEXT_STRING
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
|
|
|
|
if (thd->charset_is_system_charset)
|
|
|
|
$$= $1;
|
|
|
|
else
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
if (thd->convert_string(&$$, system_charset_info,
|
|
|
|
$1.str, $1.length, thd->charset()))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2003-03-17 21:56:34 +04:00
|
|
|
|
2003-04-08 14:38:17 +05:00
|
|
|
TEXT_STRING_literal:
|
2007-08-14 20:31:06 -06:00
|
|
|
TEXT_STRING
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
2003-03-17 21:56:34 +04:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (thd->charset_is_collation_connection)
|
|
|
|
$$= $1;
|
|
|
|
else
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
if (thd->convert_string(&$$, thd->variables.collation_connection,
|
|
|
|
$1.str, $1.length, thd->charset()))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2003-03-17 21:56:34 +04:00
|
|
|
|
2006-01-18 12:55:38 +04:00
|
|
|
TEXT_STRING_filesystem:
|
2007-08-14 20:31:06 -06:00
|
|
|
TEXT_STRING
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
|
|
|
|
if (thd->charset_is_character_set_filesystem)
|
|
|
|
$$= $1;
|
|
|
|
else
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
if (thd->convert_string(&$$,
|
|
|
|
thd->variables.character_set_filesystem,
|
|
|
|
$1.str, $1.length, thd->charset()))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2006-01-18 12:55:38 +04:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
IDENT_sys { $$=$1; }
|
|
|
|
| keyword
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
$$.str= thd->strmake($1.str, $1.length);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$.str == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$.length= $1.length;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-07-06 16:37:57 +02:00
|
|
|
label_ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
IDENT_sys { $$=$1; }
|
|
|
|
| keyword_sp
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
$$.str= thd->strmake($1.str, $1.length);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$.str == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
$$.length= $1.length;
|
|
|
|
}
|
|
|
|
;
|
2005-07-06 16:37:57 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
ident_or_text:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident { $$=$1;}
|
|
|
|
| TEXT_STRING_sys { $$=$1;}
|
|
|
|
| LEX_HOSTNAME { $$=$1;}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
user:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident_or_text
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$->user = $1;
|
|
|
|
$$->host.str= (char *) "%";
|
|
|
|
$$->host.length= 1;
|
2006-08-23 21:31:00 +04:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (check_string_char_length(&$$->user, ER(ER_USERNAME),
|
|
|
|
USERNAME_CHAR_LENGTH,
|
|
|
|
system_charset_info, 0))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| ident_or_text '@' ident_or_text
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
if (!($$=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$->user = $1; $$->host=$3;
|
2006-08-23 21:31:00 +04:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (check_string_char_length(&$$->user, ER(ER_USERNAME),
|
2007-04-03 16:13:27 +05:00
|
|
|
USERNAME_CHAR_LENGTH,
|
|
|
|
system_charset_info, 0) ||
|
2008-10-02 16:57:52 +05:00
|
|
|
check_host_name(&$$->host))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| CURRENT_USER optional_braces
|
|
|
|
{
|
|
|
|
if (!($$=(LEX_USER*) YYTHD->alloc(sizeof(st_lex_user))))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
/*
|
|
|
|
empty LEX_USER means current_user and
|
|
|
|
will be handled in the get_current_user() function
|
|
|
|
later
|
|
|
|
*/
|
|
|
|
bzero($$, sizeof(LEX_USER));
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-07-06 16:37:57 +02:00
|
|
|
/* Keyword that we allow for identifiers (except SP labels) */
|
2000-07-31 21:29:14 +02:00
|
|
|
keyword:
|
2007-08-14 20:31:06 -06:00
|
|
|
keyword_sp {}
|
|
|
|
| ASCII_SYM {}
|
|
|
|
| BACKUP_SYM {}
|
|
|
|
| BEGIN_SYM {}
|
|
|
|
| BYTE_SYM {}
|
|
|
|
| CACHE_SYM {}
|
|
|
|
| CHARSET {}
|
|
|
|
| CHECKSUM_SYM {}
|
|
|
|
| CLOSE_SYM {}
|
|
|
|
| COMMENT_SYM {}
|
|
|
|
| COMMIT_SYM {}
|
|
|
|
| CONTAINS_SYM {}
|
2005-07-06 16:37:57 +02:00
|
|
|
| DEALLOCATE_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| DO_SYM {}
|
|
|
|
| END {}
|
|
|
|
| EXECUTE_SYM {}
|
|
|
|
| FLUSH_SYM {}
|
|
|
|
| HANDLER_SYM {}
|
|
|
|
| HELP_SYM {}
|
|
|
|
| HOST_SYM {}
|
2005-11-06 13:13:06 +01:00
|
|
|
| INSTALL_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| LANGUAGE_SYM {}
|
|
|
|
| NO_SYM {}
|
|
|
|
| OPEN_SYM {}
|
|
|
|
| OPTIONS_SYM {}
|
|
|
|
| OWNER_SYM {}
|
2005-11-06 13:13:06 +01:00
|
|
|
| PARSER_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| PARTITION_SYM {}
|
2006-12-01 19:47:45 -05:00
|
|
|
| PORT_SYM {}
|
2005-07-06 16:37:57 +02:00
|
|
|
| PREPARE_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| REMOVE_SYM {}
|
|
|
|
| REPAIR {}
|
|
|
|
| RESET_SYM {}
|
|
|
|
| RESTORE_SYM {}
|
|
|
|
| ROLLBACK_SYM {}
|
|
|
|
| SAVEPOINT_SYM {}
|
|
|
|
| SECURITY_SYM {}
|
2006-12-01 19:47:45 -05:00
|
|
|
| SERVER_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SIGNED_SYM {}
|
|
|
|
| SOCKET_SYM {}
|
|
|
|
| SLAVE {}
|
2005-11-06 13:13:06 +01:00
|
|
|
| SONAME_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| START_SYM {}
|
|
|
|
| STOP_SYM {}
|
|
|
|
| TRUNCATE_SYM {}
|
|
|
|
| UNICODE_SYM {}
|
2005-11-06 13:13:06 +01:00
|
|
|
| UNINSTALL_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| WRAPPER_SYM {}
|
2005-07-06 16:37:57 +02:00
|
|
|
| XA_SYM {}
|
2006-09-08 13:10:14 +03:00
|
|
|
| UPGRADE_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2005-07-06 16:37:57 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Keywords that we allow for labels in SPs.
|
2005-07-11 19:10:51 +02:00
|
|
|
* Anything that's the beginning of a statement or characteristics
|
|
|
|
* must be in keyword above, otherwise we get (harmful) shift/reduce
|
|
|
|
* conflicts.
|
2005-07-06 16:37:57 +02:00
|
|
|
*/
|
|
|
|
keyword_sp:
|
2007-08-14 20:31:06 -06:00
|
|
|
ACTION {}
|
|
|
|
| ADDDATE_SYM {}
|
|
|
|
| AFTER_SYM {}
|
|
|
|
| AGAINST {}
|
|
|
|
| AGGREGATE_SYM {}
|
|
|
|
| ALGORITHM_SYM {}
|
|
|
|
| ANY_SYM {}
|
|
|
|
| AT_SYM {}
|
|
|
|
| AUTHORS_SYM {}
|
|
|
|
| AUTO_INC {}
|
|
|
|
| AUTOEXTEND_SIZE_SYM {}
|
|
|
|
| AVG_ROW_LENGTH {}
|
|
|
|
| AVG_SYM {}
|
|
|
|
| BINLOG_SYM {}
|
|
|
|
| BIT_SYM {}
|
2007-10-17 14:05:43 -04:00
|
|
|
| BLOCK_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| BOOL_SYM {}
|
|
|
|
| BOOLEAN_SYM {}
|
|
|
|
| BTREE_SYM {}
|
|
|
|
| CASCADED {}
|
|
|
|
| CHAIN_SYM {}
|
|
|
|
| CHANGED {}
|
|
|
|
| CIPHER_SYM {}
|
|
|
|
| CLIENT_SYM {}
|
|
|
|
| COALESCE {}
|
|
|
|
| CODE_SYM {}
|
|
|
|
| COLLATION_SYM {}
|
|
|
|
| COLUMNS {}
|
|
|
|
| COMMITTED_SYM {}
|
|
|
|
| COMPACT_SYM {}
|
|
|
|
| COMPLETION_SYM {}
|
|
|
|
| COMPRESSED_SYM {}
|
|
|
|
| CONCURRENT {}
|
|
|
|
| CONNECTION_SYM {}
|
|
|
|
| CONSISTENT_SYM {}
|
2007-10-17 14:05:43 -04:00
|
|
|
| CONTEXT_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CONTRIBUTORS_SYM {}
|
2007-10-17 14:05:43 -04:00
|
|
|
| CPU_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| CUBE_SYM {}
|
|
|
|
| DATA_SYM {}
|
|
|
|
| DATAFILE_SYM {}
|
|
|
|
| DATETIME {}
|
|
|
|
| DATE_SYM {}
|
|
|
|
| DAY_SYM {}
|
|
|
|
| DEFINER_SYM {}
|
|
|
|
| DELAY_KEY_WRITE_SYM {}
|
|
|
|
| DES_KEY_FILE {}
|
|
|
|
| DIRECTORY_SYM {}
|
|
|
|
| DISABLE_SYM {}
|
|
|
|
| DISCARD {}
|
|
|
|
| DISK_SYM {}
|
|
|
|
| DUMPFILE {}
|
|
|
|
| DUPLICATE_SYM {}
|
|
|
|
| DYNAMIC_SYM {}
|
|
|
|
| ENDS_SYM {}
|
|
|
|
| ENUM {}
|
|
|
|
| ENGINE_SYM {}
|
|
|
|
| ENGINES_SYM {}
|
|
|
|
| ERRORS {}
|
|
|
|
| ESCAPE_SYM {}
|
|
|
|
| EVENT_SYM {}
|
|
|
|
| EVENTS_SYM {}
|
|
|
|
| EVERY_SYM {}
|
|
|
|
| EXPANSION_SYM {}
|
|
|
|
| EXTENDED_SYM {}
|
|
|
|
| EXTENT_SIZE_SYM {}
|
2007-10-17 14:05:43 -04:00
|
|
|
| FAULTS_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| FAST_SYM {}
|
|
|
|
| FOUND_SYM {}
|
|
|
|
| ENABLE_SYM {}
|
|
|
|
| FULL {}
|
|
|
|
| FILE_SYM {}
|
|
|
|
| FIRST_SYM {}
|
|
|
|
| FIXED_SYM {}
|
|
|
|
| FRAC_SECOND_SYM {}
|
|
|
|
| GEOMETRY_SYM {}
|
|
|
|
| GEOMETRYCOLLECTION {}
|
|
|
|
| GET_FORMAT {}
|
|
|
|
| GRANTS {}
|
|
|
|
| GLOBAL_SYM {}
|
|
|
|
| HASH_SYM {}
|
|
|
|
| HOSTS_SYM {}
|
|
|
|
| HOUR_SYM {}
|
|
|
|
| IDENTIFIED_SYM {}
|
|
|
|
| INVOKER_SYM {}
|
|
|
|
| IMPORT {}
|
|
|
|
| INDEXES {}
|
|
|
|
| INITIAL_SIZE_SYM {}
|
2007-10-17 14:05:43 -04:00
|
|
|
| IO_SYM {}
|
|
|
|
| IPC_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| ISOLATION {}
|
|
|
|
| ISSUER_SYM {}
|
|
|
|
| INNOBASE_SYM {}
|
|
|
|
| INSERT_METHOD {}
|
|
|
|
| KEY_BLOCK_SIZE {}
|
|
|
|
| LAST_SYM {}
|
|
|
|
| LEAVES {}
|
|
|
|
| LESS_SYM {}
|
|
|
|
| LEVEL_SYM {}
|
|
|
|
| LINESTRING {}
|
|
|
|
| LIST_SYM {}
|
|
|
|
| LOCAL_SYM {}
|
|
|
|
| LOCKS_SYM {}
|
|
|
|
| LOGFILE_SYM {}
|
|
|
|
| LOGS_SYM {}
|
|
|
|
| MAX_ROWS {}
|
|
|
|
| MASTER_SYM {}
|
|
|
|
| MASTER_HOST_SYM {}
|
|
|
|
| MASTER_PORT_SYM {}
|
|
|
|
| MASTER_LOG_FILE_SYM {}
|
|
|
|
| MASTER_LOG_POS_SYM {}
|
|
|
|
| MASTER_USER_SYM {}
|
|
|
|
| MASTER_PASSWORD_SYM {}
|
|
|
|
| MASTER_SERVER_ID_SYM {}
|
|
|
|
| MASTER_CONNECT_RETRY_SYM {}
|
|
|
|
| MASTER_SSL_SYM {}
|
|
|
|
| MASTER_SSL_CA_SYM {}
|
|
|
|
| MASTER_SSL_CAPATH_SYM {}
|
|
|
|
| MASTER_SSL_CERT_SYM {}
|
|
|
|
| MASTER_SSL_CIPHER_SYM {}
|
|
|
|
| MASTER_SSL_KEY_SYM {}
|
|
|
|
| MAX_CONNECTIONS_PER_HOUR {}
|
|
|
|
| MAX_QUERIES_PER_HOUR {}
|
|
|
|
| MAX_SIZE_SYM {}
|
|
|
|
| MAX_UPDATES_PER_HOUR {}
|
|
|
|
| MAX_USER_CONNECTIONS_SYM {}
|
|
|
|
| MAX_VALUE_SYM {}
|
|
|
|
| MEDIUM_SYM {}
|
|
|
|
| MEMORY_SYM {}
|
|
|
|
| MERGE_SYM {}
|
|
|
|
| MICROSECOND_SYM {}
|
|
|
|
| MIGRATE_SYM {}
|
|
|
|
| MINUTE_SYM {}
|
|
|
|
| MIN_ROWS {}
|
|
|
|
| MODIFY_SYM {}
|
|
|
|
| MODE_SYM {}
|
|
|
|
| MONTH_SYM {}
|
|
|
|
| MULTILINESTRING {}
|
|
|
|
| MULTIPOINT {}
|
|
|
|
| MULTIPOLYGON {}
|
|
|
|
| MUTEX_SYM {}
|
|
|
|
| NAME_SYM {}
|
|
|
|
| NAMES_SYM {}
|
|
|
|
| NATIONAL_SYM {}
|
|
|
|
| NCHAR_SYM {}
|
|
|
|
| NDBCLUSTER_SYM {}
|
|
|
|
| NEXT_SYM {}
|
|
|
|
| NEW_SYM {}
|
|
|
|
| NO_WAIT_SYM {}
|
|
|
|
| NODEGROUP_SYM {}
|
|
|
|
| NONE_SYM {}
|
|
|
|
| NVARCHAR_SYM {}
|
|
|
|
| OFFSET_SYM {}
|
|
|
|
| OLD_PASSWORD {}
|
|
|
|
| ONE_SHOT_SYM {}
|
|
|
|
| ONE_SYM {}
|
|
|
|
| PACK_KEYS_SYM {}
|
2007-08-22 17:29:38 +03:00
|
|
|
| PAGE_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| PARTIAL {}
|
|
|
|
| PARTITIONING_SYM {}
|
|
|
|
| PARTITIONS_SYM {}
|
|
|
|
| PASSWORD {}
|
|
|
|
| PHASE_SYM {}
|
|
|
|
| PLUGIN_SYM {}
|
|
|
|
| PLUGINS_SYM {}
|
|
|
|
| POINT_SYM {}
|
|
|
|
| POLYGON {}
|
|
|
|
| PRESERVE_SYM {}
|
|
|
|
| PREV_SYM {}
|
|
|
|
| PRIVILEGES {}
|
|
|
|
| PROCESS {}
|
|
|
|
| PROCESSLIST_SYM {}
|
2007-10-17 14:05:43 -04:00
|
|
|
| PROFILE_SYM {}
|
|
|
|
| PROFILES_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| QUARTER_SYM {}
|
|
|
|
| QUERY_SYM {}
|
|
|
|
| QUICK {}
|
2008-02-29 12:21:19 +03:00
|
|
|
| READ_ONLY_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| REBUILD_SYM {}
|
|
|
|
| RECOVER_SYM {}
|
|
|
|
| REDO_BUFFER_SIZE_SYM {}
|
|
|
|
| REDOFILE_SYM {}
|
|
|
|
| REDUNDANT_SYM {}
|
|
|
|
| RELAY_LOG_FILE_SYM {}
|
|
|
|
| RELAY_LOG_POS_SYM {}
|
|
|
|
| RELAY_THREAD {}
|
|
|
|
| RELOAD {}
|
|
|
|
| REORGANIZE_SYM {}
|
|
|
|
| REPEATABLE_SYM {}
|
|
|
|
| REPLICATION {}
|
|
|
|
| RESOURCES {}
|
|
|
|
| RESUME_SYM {}
|
|
|
|
| RETURNS_SYM {}
|
|
|
|
| ROLLUP_SYM {}
|
|
|
|
| ROUTINE_SYM {}
|
|
|
|
| ROWS_SYM {}
|
|
|
|
| ROW_FORMAT_SYM {}
|
|
|
|
| ROW_SYM {}
|
|
|
|
| RTREE_SYM {}
|
|
|
|
| SCHEDULE_SYM {}
|
|
|
|
| SECOND_SYM {}
|
|
|
|
| SERIAL_SYM {}
|
|
|
|
| SERIALIZABLE_SYM {}
|
|
|
|
| SESSION_SYM {}
|
|
|
|
| SIMPLE_SYM {}
|
|
|
|
| SHARE_SYM {}
|
|
|
|
| SHUTDOWN {}
|
|
|
|
| SNAPSHOT_SYM {}
|
|
|
|
| SOUNDS_SYM {}
|
2007-10-17 14:05:43 -04:00
|
|
|
| SOURCE_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| SQL_CACHE_SYM {}
|
|
|
|
| SQL_BUFFER_RESULT {}
|
|
|
|
| SQL_NO_CACHE_SYM {}
|
|
|
|
| SQL_THREAD {}
|
|
|
|
| STARTS_SYM {}
|
|
|
|
| STATUS_SYM {}
|
|
|
|
| STORAGE_SYM {}
|
|
|
|
| STRING_SYM {}
|
|
|
|
| SUBDATE_SYM {}
|
|
|
|
| SUBJECT_SYM {}
|
|
|
|
| SUBPARTITION_SYM {}
|
|
|
|
| SUBPARTITIONS_SYM {}
|
|
|
|
| SUPER_SYM {}
|
|
|
|
| SUSPEND_SYM {}
|
2007-10-17 14:05:43 -04:00
|
|
|
| SWAPS_SYM {}
|
|
|
|
| SWITCHES_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TABLES {}
|
2007-10-11 18:07:40 +03:00
|
|
|
| TABLE_CHECKSUM_SYM {}
|
2007-08-14 20:31:06 -06:00
|
|
|
| TABLESPACE {}
|
|
|
|
| TEMPORARY {}
|
|
|
|
| TEMPTABLE_SYM {}
|
|
|
|
| TEXT_SYM {}
|
|
|
|
| THAN_SYM {}
|
|
|
|
| TRANSACTION_SYM {}
|
|
|
|
| TRIGGERS_SYM {}
|
|
|
|
| TIMESTAMP {}
|
|
|
|
| TIMESTAMP_ADD {}
|
|
|
|
| TIMESTAMP_DIFF {}
|
|
|
|
| TIME_SYM {}
|
|
|
|
| TYPES_SYM {}
|
|
|
|
| TYPE_SYM {}
|
|
|
|
| UDF_RETURNS_SYM {}
|
|
|
|
| FUNCTION_SYM {}
|
|
|
|
| UNCOMMITTED_SYM {}
|
|
|
|
| UNDEFINED_SYM {}
|
|
|
|
| UNDO_BUFFER_SIZE_SYM {}
|
|
|
|
| UNDOFILE_SYM {}
|
|
|
|
| UNKNOWN_SYM {}
|
|
|
|
| UNTIL_SYM {}
|
|
|
|
| USER {}
|
|
|
|
| USE_FRM {}
|
|
|
|
| VARIABLES {}
|
|
|
|
| VIEW_SYM {}
|
|
|
|
| VALUE_SYM {}
|
|
|
|
| WARNINGS {}
|
|
|
|
| WAIT_SYM {}
|
|
|
|
| WEEK_SYM {}
|
|
|
|
| WORK_SYM {}
|
|
|
|
| X509_SYM {}
|
|
|
|
| YEAR_SYM {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
/* Option functions */
|
|
|
|
|
|
|
|
set:
|
2007-08-14 20:31:06 -06:00
|
|
|
SET opt_option
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SET_OPTION;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->option_type=OPT_SESSION;
|
|
|
|
lex->var_list.empty();
|
|
|
|
lex->one_shot_set= 0;
|
2007-10-30 20:51:04 -02:00
|
|
|
lex->autocommit= 0;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
option_value_list
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| OPTION {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
option_value_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
option_type_value
|
|
|
|
| option_value_list ',' option_type_value
|
|
|
|
;
|
2005-03-04 16:35:28 +03:00
|
|
|
|
|
|
|
option_type_value:
|
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2005-05-17 17:08:43 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
2005-03-04 16:35:28 +03:00
|
|
|
/*
|
2007-08-14 20:31:06 -06:00
|
|
|
If we are in SP we want have own LEX for each assignment.
|
|
|
|
This is mostly because it is hard for several sp_instr_set
|
|
|
|
and sp_instr_set_trigger instructions share one LEX.
|
|
|
|
(Well, it is theoretically possible but adds some extra
|
|
|
|
overhead on preparation for execution stage and IMO less
|
|
|
|
robust).
|
|
|
|
|
|
|
|
QQ: May be we should simply prohibit group assignments in SP?
|
2005-03-04 16:35:28 +03:00
|
|
|
*/
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sphead->reset_lex(thd);
|
|
|
|
lex= thd->lex;
|
|
|
|
|
|
|
|
/* Set new LEX as if we at start of set rule. */
|
|
|
|
lex->sql_command= SQLCOM_SET_OPTION;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->option_type=OPT_SESSION;
|
|
|
|
lex->var_list.empty();
|
|
|
|
lex->one_shot_set= 0;
|
2007-10-30 20:51:04 -02:00
|
|
|
lex->autocommit= 0;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sphead->m_tmp_query= lip->get_tok_start();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ext_option_value
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2005-05-17 17:08:43 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
sp_head *sp= lex->sphead;
|
2005-05-17 17:08:43 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (!lex->var_list.is_empty())
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
We have assignment to user or system variable or
|
|
|
|
option setting, so we should construct sp_instr_stmt
|
|
|
|
for it.
|
|
|
|
*/
|
|
|
|
LEX_STRING qbuff;
|
|
|
|
sp_instr_stmt *i;
|
|
|
|
|
|
|
|
if (!(i= new sp_instr_stmt(sp->instructions(), lex->spcont,
|
|
|
|
lex)))
|
|
|
|
MYSQL_YYABORT;
|
2005-05-17 17:08:43 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
Extract the query statement from the tokenizer. The
|
|
|
|
end is either lip->ptr, if there was no lookahead,
|
|
|
|
lip->tok_end otherwise.
|
|
|
|
*/
|
|
|
|
if (yychar == YYEMPTY)
|
|
|
|
qbuff.length= lip->get_ptr() - sp->m_tmp_query;
|
|
|
|
else
|
|
|
|
qbuff.length= lip->get_tok_end() - sp->m_tmp_query;
|
|
|
|
|
|
|
|
if (!(qbuff.str= (char*) alloc_root(thd->mem_root,
|
|
|
|
qbuff.length + 5)))
|
|
|
|
MYSQL_YYABORT;
|
2005-05-17 17:08:43 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
strmake(strmake(qbuff.str, "SET ", 4), sp->m_tmp_query,
|
|
|
|
qbuff.length);
|
|
|
|
qbuff.length+= 4;
|
|
|
|
i->m_query= qbuff;
|
2009-04-29 07:59:10 +05:00
|
|
|
if (sp->add_instr(i))
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
lex->sphead->restore_lex(thd);
|
2005-03-04 16:35:28 +03:00
|
|
|
}
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2002-07-23 18:31:22 +03:00
|
|
|
|
|
|
|
option_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
option_type2 {}
|
|
|
|
| GLOBAL_SYM { $$=OPT_GLOBAL; }
|
|
|
|
| LOCAL_SYM { $$=OPT_SESSION; }
|
|
|
|
| SESSION_SYM { $$=OPT_SESSION; }
|
|
|
|
;
|
2005-05-18 12:47:45 +05:00
|
|
|
|
|
|
|
option_type2:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$= OPT_DEFAULT; }
|
|
|
|
| ONE_SHOT_SYM { Lex->one_shot_set= 1; $$= OPT_SESSION; }
|
|
|
|
;
|
2002-07-23 18:31:22 +03:00
|
|
|
|
|
|
|
opt_var_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=OPT_SESSION; }
|
|
|
|
| GLOBAL_SYM { $$=OPT_GLOBAL; }
|
|
|
|
| LOCAL_SYM { $$=OPT_SESSION; }
|
|
|
|
| SESSION_SYM { $$=OPT_SESSION; }
|
|
|
|
;
|
2002-07-23 18:31:22 +03:00
|
|
|
|
|
|
|
opt_var_ident_type:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=OPT_DEFAULT; }
|
|
|
|
| GLOBAL_SYM '.' { $$=OPT_GLOBAL; }
|
|
|
|
| LOCAL_SYM '.' { $$=OPT_SESSION; }
|
|
|
|
| SESSION_SYM '.' { $$=OPT_SESSION; }
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-05-18 12:47:45 +05:00
|
|
|
ext_option_value:
|
2007-08-14 20:31:06 -06:00
|
|
|
sys_option_value
|
|
|
|
| option_type2 option_value
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2005-05-18 12:47:45 +05:00
|
|
|
sys_option_value:
|
2007-08-14 20:31:06 -06:00
|
|
|
option_type internal_variable_name equal set_expr_or_default
|
2005-05-18 12:47:45 +05:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
THD *thd= YYTHD;
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
|
|
|
|
|
|
|
if ($2.var == trg_new_row_fake_var)
|
2005-05-18 12:47:45 +05:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
/* We are in trigger and assigning value to field of new row */
|
|
|
|
Item *it;
|
|
|
|
Item_trigger_field *trg_fld;
|
|
|
|
sp_instr_set_trigger_field *sp_fld;
|
|
|
|
LINT_INIT(sp_fld);
|
|
|
|
if ($1)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if ($4)
|
|
|
|
it= $4;
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* QQ: Shouldn't this be field's default value ? */
|
|
|
|
it= new Item_null();
|
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
DBUG_ASSERT(lex->trg_chistics.action_time == TRG_ACTION_BEFORE &&
|
|
|
|
(lex->trg_chistics.event == TRG_EVENT_INSERT ||
|
|
|
|
lex->trg_chistics.event == TRG_EVENT_UPDATE));
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
|
|
|
|
trg_fld= new (thd->mem_root)
|
|
|
|
Item_trigger_field(Lex->current_context(),
|
|
|
|
Item_trigger_field::NEW_ROW,
|
|
|
|
$2.base_name.str,
|
|
|
|
UPDATE_ACL, FALSE);
|
|
|
|
if (trg_fld == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
|
|
|
|
sp_fld= new sp_instr_set_trigger_field(lex->sphead->
|
|
|
|
instructions(),
|
|
|
|
lex->spcont,
|
|
|
|
trg_fld,
|
|
|
|
it, lex);
|
|
|
|
if (sp_fld == NULL)
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/*
|
|
|
|
Let us add this item to list of all Item_trigger_field
|
|
|
|
objects in trigger.
|
|
|
|
*/
|
|
|
|
lex->trg_table_fields.link_in_list((uchar *)trg_fld,
|
|
|
|
(uchar **) &trg_fld->
|
|
|
|
next_trg_field);
|
2005-05-18 12:47:45 +05:00
|
|
|
|
2009-04-29 07:59:10 +05:00
|
|
|
if (lex->sphead->add_instr(sp_fld))
|
|
|
|
MYSQL_YYABORT;
|
2005-05-18 12:47:45 +05:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else if ($2.var)
|
|
|
|
{ /* System variable */
|
|
|
|
if ($1)
|
|
|
|
lex->option_type= $1;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
set_var *var= new set_var(lex->option_type, $2.var,
|
|
|
|
&$2.base_name, $4);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->var_list.push_back(var);
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
|
|
|
else
|
2005-05-18 12:47:45 +05:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
/* An SP local variable */
|
|
|
|
sp_pcontext *ctx= lex->spcont;
|
|
|
|
sp_variable_t *spv;
|
|
|
|
sp_instr_set *sp_set;
|
|
|
|
Item *it;
|
|
|
|
if ($1)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2005-05-18 12:47:45 +05:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
spv= ctx->find_variable(&$2.base_name);
|
2005-05-18 12:47:45 +05:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if ($4)
|
|
|
|
it= $4;
|
|
|
|
else if (spv->dflt)
|
|
|
|
it= spv->dflt;
|
|
|
|
else
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
it= new (thd->mem_root) Item_null();
|
|
|
|
if (it == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_set= new sp_instr_set(lex->sphead->instructions(), ctx,
|
|
|
|
spv->offset, it, spv->type, lex, TRUE);
|
2009-04-29 07:59:10 +05:00
|
|
|
if (sp_set == NULL ||
|
|
|
|
lex->sphead->add_instr(sp_set))
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2005-05-18 12:47:45 +05:00
|
|
|
}
|
|
|
|
| option_type TRANSACTION_SYM ISOLATION LEVEL_SYM isolation_types
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
THD *thd= YYTHD;
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->option_type= $1;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *item= new (thd->mem_root) Item_int((int32) $5);
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
set_var *var= new set_var(lex->option_type,
|
|
|
|
find_sys_var(thd, "tx_isolation"),
|
|
|
|
&null_lex_str,
|
|
|
|
item);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->var_list.push_back(var);
|
2005-05-18 12:47:45 +05:00
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
option_value:
|
2007-08-14 20:31:06 -06:00
|
|
|
'@' ident_or_text equal expr
|
2005-05-18 12:47:45 +05:00
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item_func_set_user_var *item;
|
|
|
|
item= new (YYTHD->mem_root) Item_func_set_user_var($2, $4);
|
|
|
|
if (item == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
set_var_user *var= new set_var_user(item);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->var_list.push_back(var);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| '@' '@' opt_var_ident_type internal_variable_name equal set_expr_or_default
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
set_var *var= new set_var($3, $4.var, &$4.base_name, $6);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->var_list.push_back(var);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| charset old_or_new_charset_name_or_default
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
CHARSET_INFO *cs2;
|
|
|
|
cs2= $2 ? $2: global_system_variables.character_set_client;
|
|
|
|
set_var_collation_client *var;
|
|
|
|
var= new set_var_collation_client(cs2,
|
|
|
|
thd->variables.collation_database,
|
|
|
|
cs2);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->var_list.push_back(var);
|
2005-05-18 12:47:45 +05:00
|
|
|
}
|
2005-10-11 15:01:38 +02:00
|
|
|
| NAMES_SYM equal expr
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2005-10-11 15:01:38 +02:00
|
|
|
sp_pcontext *spc= lex->spcont;
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX_STRING names;
|
2005-10-11 15:01:38 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
names.str= (char *)"names";
|
|
|
|
names.length= 5;
|
|
|
|
if (spc && spc->find_variable(&names))
|
2005-10-11 15:01:38 +02:00
|
|
|
my_error(ER_SP_BAD_VAR_SHADOW, MYF(0), names.str);
|
2005-11-19 01:22:12 +03:00
|
|
|
else
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
2005-11-19 01:22:12 +03:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| NAMES_SYM charset_name_or_default opt_collate
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
CHARSET_INFO *cs2;
|
|
|
|
CHARSET_INFO *cs3;
|
|
|
|
cs2= $2 ? $2 : global_system_variables.character_set_client;
|
|
|
|
cs3= $3 ? $3 : cs2;
|
|
|
|
if (!my_charset_same(cs2, cs3))
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
my_error(ER_COLLATION_CHARSET_MISMATCH, MYF(0),
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
cs3->name, cs2->csname);
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
set_var_collation_client *var;
|
|
|
|
var= new set_var_collation_client(cs3, cs3, cs3);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->var_list.push_back(var);
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| PASSWORD equal text_or_password
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
LEX_USER *user;
|
2005-10-11 15:01:38 +02:00
|
|
|
sp_pcontext *spc= lex->spcont;
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX_STRING pw;
|
2005-10-11 15:01:38 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
pw.str= (char *)"password";
|
|
|
|
pw.length= 8;
|
|
|
|
if (spc && spc->find_variable(&pw))
|
|
|
|
{
|
2005-10-11 15:01:38 +02:00
|
|
|
my_error(ER_SP_BAD_VAR_SHADOW, MYF(0), pw.str);
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (!(user=(LEX_USER*) thd->alloc(sizeof(LEX_USER))))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
user->host=null_lex_str;
|
|
|
|
user->user.str=thd->security_ctx->priv_user;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
set_var_password *var= new set_var_password(user, $3);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
thd->lex->var_list.push_back(var);
|
2007-10-30 20:51:04 -02:00
|
|
|
thd->lex->autocommit= TRUE;
|
|
|
|
if (lex->sphead)
|
|
|
|
lex->sphead->m_flags|= sp_head::HAS_SET_AUTOCOMMIT_STMT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| PASSWORD FOR_SYM user equal text_or_password
|
|
|
|
{
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
set_var_password *var= new set_var_password($3,$5);
|
|
|
|
if (var == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->var_list.push_back(var);
|
2007-10-30 20:51:04 -02:00
|
|
|
Lex->autocommit= TRUE;
|
|
|
|
if (Lex->sphead)
|
|
|
|
Lex->sphead->m_flags|= sp_head::HAS_SET_AUTOCOMMIT_STMT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2001-06-28 10:49:16 +03:00
|
|
|
|
2002-07-23 18:31:22 +03:00
|
|
|
internal_variable_name:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
sp_pcontext *spc= lex->spcont;
|
|
|
|
sp_variable_t *spv;
|
|
|
|
|
|
|
|
/* We have to lookup here since local vars can shadow sysvars */
|
|
|
|
if (!spc || !(spv = spc->find_variable(&$1)))
|
2004-03-16 14:01:05 +04:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Not an SP local variable */
|
|
|
|
sys_var *tmp=find_sys_var(thd, $1.str, $1.length);
|
|
|
|
if (!tmp)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
$$.var= tmp;
|
|
|
|
$$.base_name= null_lex_str;
|
|
|
|
if (spc && tmp == &sys_autocommit)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
We don't allow setting AUTOCOMMIT from a stored function
|
|
|
|
or trigger.
|
|
|
|
*/
|
|
|
|
lex->sphead->m_flags|= sp_head::HAS_SET_AUTOCOMMIT_STMT;
|
|
|
|
}
|
2005-09-14 10:54:02 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
else
|
|
|
|
{
|
|
|
|
/* An SP local variable */
|
|
|
|
$$.var= NULL;
|
|
|
|
$$.base_name= $1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| ident '.' ident
|
|
|
|
{
|
2004-11-11 19:01:46 -08:00
|
|
|
LEX *lex= Lex;
|
2004-03-16 14:01:05 +04:00
|
|
|
if (check_reserved_words(&$1))
|
|
|
|
{
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
2004-03-16 14:01:05 +04:00
|
|
|
}
|
2004-11-11 19:01:46 -08:00
|
|
|
if (lex->sphead && lex->sphead->m_type == TYPE_ENUM_TRIGGER &&
|
|
|
|
(!my_strcasecmp(system_charset_info, $1.str, "NEW") ||
|
|
|
|
!my_strcasecmp(system_charset_info, $1.str, "OLD")))
|
|
|
|
{
|
|
|
|
if ($1.str[0]=='O' || $1.str[0]=='o')
|
|
|
|
{
|
2004-10-20 04:04:37 +03:00
|
|
|
my_error(ER_TRG_CANT_CHANGE_ROW, MYF(0), "OLD", "");
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
|
|
|
if (lex->trg_chistics.event == TRG_EVENT_DELETE)
|
|
|
|
{
|
2004-10-20 04:04:37 +03:00
|
|
|
my_error(ER_TRG_NO_SUCH_ROW_IN_TRG, MYF(0),
|
|
|
|
"NEW", "on DELETE");
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
|
|
|
if (lex->trg_chistics.action_time == TRG_ACTION_AFTER)
|
|
|
|
{
|
2004-10-20 04:04:37 +03:00
|
|
|
my_error(ER_TRG_CANT_CHANGE_ROW, MYF(0), "NEW", "after ");
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
}
|
|
|
|
/* This special combination will denote field of NEW row */
|
2005-11-06 01:36:40 +01:00
|
|
|
$$.var= trg_new_row_fake_var;
|
2004-11-11 19:01:46 -08:00
|
|
|
$$.base_name= $3;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2007-03-02 08:43:45 -08:00
|
|
|
sys_var *tmp=find_sys_var(YYTHD, $3.str, $3.length);
|
2004-11-11 19:01:46 -08:00
|
|
|
if (!tmp)
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2004-11-11 19:01:46 -08:00
|
|
|
if (!tmp->is_struct())
|
2004-11-13 19:35:51 +02:00
|
|
|
my_error(ER_VARIABLE_IS_NOT_STRUCT, MYF(0), $3.str);
|
2004-11-11 19:01:46 -08:00
|
|
|
$$.var= tmp;
|
|
|
|
$$.base_name= $1;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| DEFAULT '.' ident
|
|
|
|
{
|
|
|
|
sys_var *tmp=find_sys_var(YYTHD, $3.str, $3.length);
|
|
|
|
if (!tmp)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
if (!tmp->is_struct())
|
|
|
|
my_error(ER_VARIABLE_IS_NOT_STRUCT, MYF(0), $3.str);
|
|
|
|
$$.var= tmp;
|
|
|
|
$$.base_name.str= (char*) "default";
|
|
|
|
$$.base_name.length= 7;
|
|
|
|
}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2002-07-23 18:31:22 +03:00
|
|
|
|
|
|
|
isolation_types:
|
2007-08-14 20:31:06 -06:00
|
|
|
READ_SYM UNCOMMITTED_SYM { $$= ISO_READ_UNCOMMITTED; }
|
|
|
|
| READ_SYM COMMITTED_SYM { $$= ISO_READ_COMMITTED; }
|
|
|
|
| REPEATABLE_SYM READ_SYM { $$= ISO_REPEATABLE_READ; }
|
|
|
|
| SERIALIZABLE_SYM { $$= ISO_SERIALIZABLE; }
|
|
|
|
;
|
2002-12-05 01:14:51 +03:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
text_or_password:
|
2007-08-14 20:31:06 -06:00
|
|
|
TEXT_STRING { $$=$1.str;}
|
|
|
|
| PASSWORD '(' TEXT_STRING ')'
|
|
|
|
{
|
|
|
|
$$= $3.length ? YYTHD->variables.old_passwords ?
|
2009-06-01 16:00:38 +04:00
|
|
|
Item_func_old_password::alloc(YYTHD, $3.str, $3.length) :
|
|
|
|
Item_func_password::alloc(YYTHD, $3.str, $3.length) :
|
2007-08-14 20:31:06 -06:00
|
|
|
$3.str;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
| OLD_PASSWORD '(' TEXT_STRING ')'
|
|
|
|
{
|
2009-06-01 16:00:38 +04:00
|
|
|
$$= $3.length ? Item_func_old_password::alloc(YYTHD, $3.str,
|
|
|
|
$3.length) :
|
2007-08-14 20:31:06 -06:00
|
|
|
$3.str;
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-03-21 01:02:22 +02:00
|
|
|
|
2002-07-25 01:00:56 +03:00
|
|
|
set_expr_or_default:
|
2007-08-14 20:31:06 -06:00
|
|
|
expr { $$=$1; }
|
|
|
|
| DEFAULT { $$=0; }
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
| ON
|
|
|
|
{
|
|
|
|
$$=new (YYTHD->mem_root) Item_string("ON", 2, system_charset_info);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| ALL
|
|
|
|
{
|
|
|
|
$$=new (YYTHD->mem_root) Item_string("ALL", 3, system_charset_info);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| BINARY
|
|
|
|
{
|
|
|
|
$$=new (YYTHD->mem_root) Item_string("binary", 6, system_charset_info);
|
|
|
|
if ($$ == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2001-03-21 01:02:22 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* Lock function */
|
|
|
|
|
|
|
|
lock:
|
2007-08-14 20:31:06 -06:00
|
|
|
LOCK_SYM table_or_tables
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2005-02-08 20:52:50 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "LOCK");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command= SQLCOM_LOCK_TABLES;
|
|
|
|
}
|
|
|
|
table_lock_list
|
|
|
|
{}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
table_or_tables:
|
2007-08-14 20:31:06 -06:00
|
|
|
TABLE_SYM
|
|
|
|
| TABLES
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
table_lock_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_lock
|
|
|
|
| table_lock_list ',' table_lock
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
table_lock:
|
2007-08-14 20:31:06 -06:00
|
|
|
table_ident opt_table_alias lock_option
|
|
|
|
{
|
2009-04-03 16:46:00 -03:00
|
|
|
thr_lock_type lock_type= (thr_lock_type) $3;
|
|
|
|
if (!Select->add_table_to_list(YYTHD, $1, $2, 0, lock_type))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
2009-04-03 16:46:00 -03:00
|
|
|
/* If table is to be write locked, protect from a impending GRL. */
|
|
|
|
if (lock_type >= TL_WRITE_ALLOW_WRITE)
|
|
|
|
Lex->protect_against_global_read_lock= TRUE;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
lock_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
READ_SYM { $$= TL_READ_NO_INSERT; }
|
|
|
|
| WRITE_SYM { $$= TL_WRITE_DEFAULT; }
|
|
|
|
| LOW_PRIORITY WRITE_SYM { $$= TL_WRITE_LOW_PRIORITY; }
|
|
|
|
| READ_SYM LOCAL_SYM { $$= TL_READ; }
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
unlock:
|
2007-08-14 20:31:06 -06:00
|
|
|
UNLOCK_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
2005-02-08 20:52:50 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "UNLOCK");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command= SQLCOM_UNLOCK_TABLES;
|
|
|
|
}
|
|
|
|
table_or_tables
|
|
|
|
{}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2001-04-07 00:18:33 +02:00
|
|
|
/*
|
2001-04-13 16:18:44 +02:00
|
|
|
** Handler: direct access to ISAM functions
|
2001-04-07 00:18:33 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
handler:
|
2007-08-14 20:31:06 -06:00
|
|
|
HANDLER_SYM table_ident OPEN_SYM opt_table_alias
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "HANDLER");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command = SQLCOM_HA_OPEN;
|
|
|
|
if (!lex->current_select->add_table_to_list(lex->thd, $2, $4, 0))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| HANDLER_SYM table_ident_nodb CLOSE_SYM
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "HANDLER");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command = SQLCOM_HA_CLOSE;
|
|
|
|
if (!lex->current_select->add_table_to_list(lex->thd, $2, 0, 0))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| HANDLER_SYM table_ident_nodb READ_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_BADSTATEMENT, MYF(0), "HANDLER");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->expr_allows_subselect= FALSE;
|
|
|
|
lex->sql_command = SQLCOM_HA_READ;
|
|
|
|
lex->ha_rkey_mode= HA_READ_KEY_EXACT; /* Avoid purify warnings */
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
Item *one= new (YYTHD->mem_root) Item_int((int32) 1);
|
|
|
|
if (one == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->current_select->select_limit= one;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->current_select->offset_limit= 0;
|
|
|
|
if (!lex->current_select->add_table_to_list(lex->thd, $2, 0, 0))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
handler_read_or_scan where_clause opt_limit_clause
|
|
|
|
{
|
|
|
|
Lex->expr_allows_subselect= TRUE;
|
|
|
|
}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2001-04-07 00:18:33 +02:00
|
|
|
|
2001-04-13 16:18:44 +02:00
|
|
|
handler_read_or_scan:
|
2007-08-14 20:31:06 -06:00
|
|
|
handler_scan_function { Lex->ident= null_lex_str; }
|
2005-01-16 13:16:23 +01:00
|
|
|
| ident handler_rkey_function { Lex->ident= $1; }
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2001-04-13 16:18:44 +02:00
|
|
|
|
|
|
|
handler_scan_function:
|
2007-08-14 20:31:06 -06:00
|
|
|
FIRST_SYM { Lex->ha_read_mode = RFIRST; }
|
|
|
|
| NEXT_SYM { Lex->ha_read_mode = RNEXT; }
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2001-04-13 16:18:44 +02:00
|
|
|
|
|
|
|
handler_rkey_function:
|
2007-08-14 20:31:06 -06:00
|
|
|
FIRST_SYM { Lex->ha_read_mode = RFIRST; }
|
|
|
|
| NEXT_SYM { Lex->ha_read_mode = RNEXT; }
|
|
|
|
| PREV_SYM { Lex->ha_read_mode = RPREV; }
|
|
|
|
| LAST_SYM { Lex->ha_read_mode = RLAST; }
|
|
|
|
| handler_rkey_mode
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->ha_read_mode = RKEY;
|
|
|
|
lex->ha_rkey_mode=$1;
|
|
|
|
if (!(lex->insert_list = new List_item))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
'(' values ')'
|
|
|
|
{}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2001-04-07 00:18:33 +02:00
|
|
|
|
|
|
|
handler_rkey_mode:
|
2007-08-14 20:31:06 -06:00
|
|
|
EQ { $$=HA_READ_KEY_EXACT; }
|
|
|
|
| GE { $$=HA_READ_KEY_OR_NEXT; }
|
|
|
|
| LE { $$=HA_READ_KEY_OR_PREV; }
|
|
|
|
| GT_SYM { $$=HA_READ_AFTER_KEY; }
|
|
|
|
| LT { $$=HA_READ_BEFORE_KEY; }
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2001-04-07 00:18:33 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
/* GRANT / REVOKE */
|
|
|
|
|
|
|
|
revoke:
|
2007-08-14 20:31:06 -06:00
|
|
|
REVOKE clear_privileges revoke_command
|
|
|
|
{}
|
2003-06-06 17:43:23 +05:00
|
|
|
;
|
|
|
|
|
|
|
|
revoke_command:
|
2007-08-14 20:31:06 -06:00
|
|
|
grant_privileges ON opt_table grant_ident FROM grant_list
|
2005-05-17 19:54:20 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_REVOKE;
|
|
|
|
lex->type= 0;
|
2005-05-17 19:54:20 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| grant_privileges ON FUNCTION_SYM grant_ident FROM grant_list
|
2005-05-17 19:54:20 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->columns.elements)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command= SQLCOM_REVOKE;
|
|
|
|
lex->type= TYPE_ENUM_FUNCTION;
|
2005-05-17 19:54:20 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| grant_privileges ON PROCEDURE grant_ident FROM grant_list
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->columns.elements)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command= SQLCOM_REVOKE;
|
|
|
|
lex->type= TYPE_ENUM_PROCEDURE;
|
|
|
|
}
|
|
|
|
| ALL opt_privileges ',' GRANT OPTION FROM grant_list
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_REVOKE_ALL;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
grant:
|
2007-08-14 20:31:06 -06:00
|
|
|
GRANT clear_privileges grant_command
|
|
|
|
{}
|
2005-05-17 19:54:20 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
grant_command:
|
2007-08-14 20:31:06 -06:00
|
|
|
grant_privileges ON opt_table grant_ident TO_SYM grant_list
|
|
|
|
require_clause grant_options
|
2005-05-17 19:54:20 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_GRANT;
|
|
|
|
lex->type= 0;
|
2005-05-17 19:54:20 +01:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| grant_privileges ON FUNCTION_SYM grant_ident TO_SYM grant_list
|
|
|
|
require_clause grant_options
|
2005-05-17 19:54:20 +01:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->columns.elements)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command= SQLCOM_GRANT;
|
|
|
|
lex->type= TYPE_ENUM_FUNCTION;
|
|
|
|
}
|
|
|
|
| grant_privileges ON PROCEDURE grant_ident TO_SYM grant_list
|
|
|
|
require_clause grant_options
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
if (lex->columns.elements)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command= SQLCOM_GRANT;
|
|
|
|
lex->type= TYPE_ENUM_PROCEDURE;
|
2005-05-17 19:54:20 +01:00
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-05-17 19:54:20 +01:00
|
|
|
opt_table:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */
|
|
|
|
| TABLE_SYM
|
|
|
|
;
|
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
grant_privileges:
|
2007-08-14 20:31:06 -06:00
|
|
|
object_privilege_list {}
|
|
|
|
| ALL opt_privileges
|
|
|
|
{
|
|
|
|
Lex->all_privileges= 1;
|
|
|
|
Lex->grant= GLOBAL_ACLS;
|
|
|
|
}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-11-10 18:53:16 +00:00
|
|
|
opt_privileges:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
| PRIVILEGES
|
|
|
|
;
|
2004-11-10 18:53:16 +00:00
|
|
|
|
2004-12-23 10:46:24 +00:00
|
|
|
object_privilege_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
object_privilege
|
|
|
|
| object_privilege_list ',' object_privilege
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2004-12-23 10:46:24 +00:00
|
|
|
object_privilege:
|
2007-08-14 20:31:06 -06:00
|
|
|
SELECT_SYM
|
|
|
|
{ Lex->which_columns = SELECT_ACL;}
|
|
|
|
opt_column_list {}
|
|
|
|
| INSERT
|
|
|
|
{ Lex->which_columns = INSERT_ACL;}
|
|
|
|
opt_column_list {}
|
|
|
|
| UPDATE_SYM
|
|
|
|
{ Lex->which_columns = UPDATE_ACL; }
|
|
|
|
opt_column_list {}
|
|
|
|
| REFERENCES
|
|
|
|
{ Lex->which_columns = REFERENCES_ACL;}
|
|
|
|
opt_column_list {}
|
|
|
|
| DELETE_SYM { Lex->grant |= DELETE_ACL;}
|
|
|
|
| USAGE {}
|
|
|
|
| INDEX_SYM { Lex->grant |= INDEX_ACL;}
|
|
|
|
| ALTER { Lex->grant |= ALTER_ACL;}
|
|
|
|
| CREATE { Lex->grant |= CREATE_ACL;}
|
|
|
|
| DROP { Lex->grant |= DROP_ACL;}
|
|
|
|
| EXECUTE_SYM { Lex->grant |= EXECUTE_ACL;}
|
|
|
|
| RELOAD { Lex->grant |= RELOAD_ACL;}
|
|
|
|
| SHUTDOWN { Lex->grant |= SHUTDOWN_ACL;}
|
|
|
|
| PROCESS { Lex->grant |= PROCESS_ACL;}
|
|
|
|
| FILE_SYM { Lex->grant |= FILE_ACL;}
|
|
|
|
| GRANT OPTION { Lex->grant |= GRANT_ACL;}
|
|
|
|
| SHOW DATABASES { Lex->grant |= SHOW_DB_ACL;}
|
|
|
|
| SUPER_SYM { Lex->grant |= SUPER_ACL;}
|
|
|
|
| CREATE TEMPORARY TABLES { Lex->grant |= CREATE_TMP_ACL;}
|
|
|
|
| LOCK_SYM TABLES { Lex->grant |= LOCK_TABLES_ACL; }
|
|
|
|
| REPLICATION SLAVE { Lex->grant |= REPL_SLAVE_ACL; }
|
|
|
|
| REPLICATION CLIENT_SYM { Lex->grant |= REPL_CLIENT_ACL; }
|
|
|
|
| CREATE VIEW_SYM { Lex->grant |= CREATE_VIEW_ACL; }
|
|
|
|
| SHOW VIEW_SYM { Lex->grant |= SHOW_VIEW_ACL; }
|
|
|
|
| CREATE ROUTINE_SYM { Lex->grant |= CREATE_PROC_ACL; }
|
|
|
|
| ALTER ROUTINE_SYM { Lex->grant |= ALTER_PROC_ACL; }
|
|
|
|
| CREATE USER { Lex->grant |= CREATE_USER_ACL; }
|
|
|
|
| EVENT_SYM { Lex->grant |= EVENT_ACL;}
|
|
|
|
| TRIGGER_SYM { Lex->grant |= TRIGGER_ACL; }
|
|
|
|
;
|
2001-09-19 19:45:13 -06:00
|
|
|
|
2002-09-05 16:17:08 +03:00
|
|
|
opt_and:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| AND_SYM {}
|
|
|
|
;
|
2002-09-05 16:17:08 +03:00
|
|
|
|
|
|
|
require_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
require_list_element opt_and require_list
|
|
|
|
| require_list_element
|
|
|
|
;
|
2002-09-05 16:17:08 +03:00
|
|
|
|
|
|
|
require_list_element:
|
2007-08-14 20:31:06 -06:00
|
|
|
SUBJECT_SYM TEXT_STRING
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->x509_subject)
|
|
|
|
{
|
|
|
|
my_error(ER_DUP_ARGUMENT, MYF(0), "SUBJECT");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->x509_subject=$2.str;
|
|
|
|
}
|
|
|
|
| ISSUER_SYM TEXT_STRING
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->x509_issuer)
|
|
|
|
{
|
|
|
|
my_error(ER_DUP_ARGUMENT, MYF(0), "ISSUER");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->x509_issuer=$2.str;
|
|
|
|
}
|
|
|
|
| CIPHER_SYM TEXT_STRING
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (lex->ssl_cipher)
|
|
|
|
{
|
|
|
|
my_error(ER_DUP_ARGUMENT, MYF(0), "CIPHER");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->ssl_cipher=$2.str;
|
|
|
|
}
|
|
|
|
;
|
2002-12-05 01:14:51 +03:00
|
|
|
|
2005-05-17 19:54:20 +01:00
|
|
|
grant_ident:
|
2007-08-14 20:31:06 -06:00
|
|
|
'*'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
WL#3817: Simplify string / memory area types and make things more consistent (first part)
The following type conversions was done:
- Changed byte to uchar
- Changed gptr to uchar*
- Change my_string to char *
- Change my_size_t to size_t
- Change size_s to size_t
Removed declaration of byte, gptr, my_string, my_size_t and size_s.
Following function parameter changes was done:
- All string functions in mysys/strings was changed to use size_t
instead of uint for string lengths.
- All read()/write() functions changed to use size_t (including vio).
- All protocoll functions changed to use size_t instead of uint
- Functions that used a pointer to a string length was changed to use size_t*
- Changed malloc(), free() and related functions from using gptr to use void *
as this requires fewer casts in the code and is more in line with how the
standard functions work.
- Added extra length argument to dirname_part() to return the length of the
created string.
- Changed (at least) following functions to take uchar* as argument:
- db_dump()
- my_net_write()
- net_write_command()
- net_store_data()
- DBUG_DUMP()
- decimal2bin() & bin2decimal()
- Changed my_compress() and my_uncompress() to use size_t. Changed one
argument to my_uncompress() from a pointer to a value as we only return
one value (makes function easier to use).
- Changed type of 'pack_data' argument to packfrm() to avoid casts.
- Changed in readfrm() and writefrom(), ha_discover and handler::discover()
the type for argument 'frmdata' to uchar** to avoid casts.
- Changed most Field functions to use uchar* instead of char* (reduced a lot of
casts).
- Changed field->val_xxx(xxx, new_ptr) to take const pointers.
Other changes:
- Removed a lot of not needed casts
- Added a few new cast required by other changes
- Added some cast to my_multi_malloc() arguments for safety (as string lengths
needs to be uint, not size_t).
- Fixed all calls to hash-get-key functions to use size_t*. (Needed to be done
explicitely as this conflict was often hided by casting the function to
hash_get_key).
- Changed some buffers to memory regions to uchar* to avoid casts.
- Changed some string lengths from uint to size_t.
- Changed field->ptr to be uchar* instead of char*. This allowed us to
get rid of a lot of casts.
- Some changes from true -> TRUE, false -> FALSE, unsigned char -> uchar
- Include zlib.h in some files as we needed declaration of crc32()
- Changed MY_FILE_ERROR to be (size_t) -1.
- Changed many variables to hold the result of my_read() / my_write() to be
size_t. This was needed to properly detect errors (which are
returned as (size_t) -1).
- Removed some very old VMS code
- Changed packfrm()/unpackfrm() to not be depending on uint size
(portability fix)
- Removed windows specific code to restore cursor position as this
causes slowdown on windows and we should not mix read() and pread()
calls anyway as this is not thread safe. Updated function comment to
reflect this. Changed function that depended on original behavior of
my_pwrite() to itself restore the cursor position (one such case).
- Added some missing checking of return value of malloc().
- Changed definition of MOD_PAD_CHAR_TO_FULL_LENGTH to avoid 'long' overflow.
- Changed type of table_def::m_size from my_size_t to ulong to reflect that
m_size is the number of elements in the array, not a string/memory
length.
- Moved THD::max_row_length() to table.cc (as it's not depending on THD).
Inlined max_row_length_blob() into this function.
- More function comments
- Fixed some compiler warnings when compiled without partitions.
- Removed setting of LEX_STRING() arguments in declaration (portability fix).
- Some trivial indentation/variable name changes.
- Some trivial code simplifications:
- Replaced some calls to alloc_root + memcpy to use
strmake_root()/strdup_root().
- Changed some calls from memdup() to strmake() (Safety fix)
- Simpler loops in client-simple.c
2007-05-10 12:59:39 +03:00
|
|
|
size_t dummy;
|
2007-07-16 23:31:36 +04:00
|
|
|
if (lex->copy_db_to(&lex->current_select->db, &dummy))
|
A fix for Bug#26750 "valgrind leak in sp_head" (and post-review
fixes).
The legend: on a replication slave, in case a trigger creation
was filtered out because of application of replicate-do-table/
replicate-ignore-table rule, the parsed definition of a trigger was not
cleaned up properly. LEX::sphead member was left around and leaked
memory. Until the actual implementation of support of
replicate-ignore-table rules for triggers by the patch for Bug 24478 it
was never the case that "case SQLCOM_CREATE_TRIGGER"
was not executed once a trigger was parsed,
so the deletion of lex->sphead there worked and the memory did not leak.
The fix:
The real cause of the bug is that there is no 1 or 2 places where
we can clean up the main LEX after parse. And the reason we
can not have just one or two places where we clean up the LEX is
asymmetric behaviour of MYSQLparse in case of success or error.
One of the root causes of this behaviour is the code in Item::Item()
constructor. There, a newly created item adds itself to THD::free_list
- a single-linked list of Items used in a statement. Yuck. This code
is unaware that we may have more than one statement active at a time,
and always assumes that the free_list of the current statement is
located in THD::free_list. One day we need to be able to explicitly
allocate an item in a given Query_arena.
Thus, when parsing a definition of a stored procedure, like
CREATE PROCEDURE p1() BEGIN SELECT a FROM t1; SELECT b FROM t1; END;
we actually need to reset THD::mem_root, THD::free_list and THD::lex
to parse the nested procedure statement (SELECT *).
The actual reset and restore is implemented in semantic actions
attached to sp_proc_stmt grammar rule.
The problem is that in case of a parsing error inside a nested statement
Bison generated parser would abort immediately, without executing the
restore part of the semantic action. This would leave THD in an
in-the-middle-of-parsing state.
This is why we couldn't have had a single place where we clean up the LEX
after MYSQLparse - in case of an error we needed to do a clean up
immediately, in case of success a clean up could have been delayed.
This left the door open for a memory leak.
One of the following possibilities were considered when working on a fix:
- patch the replication logic to do the clean up. Rejected
as breaks module borders, replication code should not need to know the
gory details of clean up procedure after CREATE TRIGGER.
- wrap MYSQLparse with a function that would do a clean up.
Rejected as ideally we should fix the problem when it happens, not
adjust for it outside of the problematic code.
- make sure MYSQLparse cleans up after itself by invoking the clean up
functionality in the appropriate places before return. Implemented in
this patch.
- use %destructor rule for sp_proc_stmt to restore THD - cleaner
than the prevoius approach, but rejected
because needs a careful analysis of the side effects, and this patch is
for 5.0, and long term we need to use the next alternative anyway
- make sure that sp_proc_stmt doesn't juggle with THD - this is a
large work that will affect many modules.
Cleanup: move main_lex and main_mem_root from Statement to its
only two descendants Prepared_statement and THD. This ensures that
when a Statement instance was created for purposes of statement backup,
we do not involve LEX constructor/destructor, which is fairly expensive.
In order to track that the transformation produces equivalent
functionality please check the respective constructors and destructors
of Statement, Prepared_statement and THD - these members were
used only there.
This cleanup is unrelated to the patch.
2007-03-07 12:24:46 +03:00
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->grant == GLOBAL_ACLS)
|
|
|
|
lex->grant = DB_ACLS & ~GRANT_ACL;
|
|
|
|
else if (lex->columns.elements)
|
|
|
|
{
|
|
|
|
my_message(ER_ILLEGAL_GRANT_FOR_TABLE,
|
2004-11-12 14:34:00 +02:00
|
|
|
ER(ER_ILLEGAL_GRANT_FOR_TABLE), MYF(0));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| ident '.' '*'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->current_select->db = $1.str;
|
|
|
|
if (lex->grant == GLOBAL_ACLS)
|
|
|
|
lex->grant = DB_ACLS & ~GRANT_ACL;
|
|
|
|
else if (lex->columns.elements)
|
|
|
|
{
|
|
|
|
my_message(ER_ILLEGAL_GRANT_FOR_TABLE,
|
2004-11-12 14:34:00 +02:00
|
|
|
ER(ER_ILLEGAL_GRANT_FOR_TABLE), MYF(0));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| '*' '.' '*'
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->current_select->db = NULL;
|
|
|
|
if (lex->grant == GLOBAL_ACLS)
|
|
|
|
lex->grant= GLOBAL_ACLS & ~GRANT_ACL;
|
|
|
|
else if (lex->columns.elements)
|
|
|
|
{
|
|
|
|
my_message(ER_ILLEGAL_GRANT_FOR_TABLE,
|
2004-11-12 14:34:00 +02:00
|
|
|
ER(ER_ILLEGAL_GRANT_FOR_TABLE), MYF(0));
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| table_ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (!lex->current_select->add_table_to_list(lex->thd, $1,NULL,
|
2007-03-29 14:12:32 +02:00
|
|
|
TL_OPTION_UPDATING))
|
2007-08-14 20:31:06 -06:00
|
|
|
MYSQL_YYABORT;
|
|
|
|
if (lex->grant == GLOBAL_ACLS)
|
|
|
|
lex->grant = TABLE_ACLS & ~GRANT_ACL;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
user_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
user
|
|
|
|
{
|
|
|
|
if (Lex->users_list.push_back($1))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| user_list ',' user
|
|
|
|
{
|
|
|
|
if (Lex->users_list.push_back($3))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2004-11-25 21:55:49 +01:00
|
|
|
|
|
|
|
grant_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
grant_user
|
|
|
|
{
|
|
|
|
if (Lex->users_list.push_back($1))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
| grant_list ',' grant_user
|
|
|
|
{
|
|
|
|
if (Lex->users_list.push_back($3))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
grant_user:
|
2007-08-14 20:31:06 -06:00
|
|
|
user IDENTIFIED_SYM BY TEXT_STRING
|
|
|
|
{
|
|
|
|
$$=$1; $1->password=$4;
|
|
|
|
if ($4.length)
|
|
|
|
{
|
|
|
|
if (YYTHD->variables.old_passwords)
|
|
|
|
{
|
|
|
|
char *buff=
|
|
|
|
(char *) YYTHD->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH_323+1);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (buff == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2009-06-01 16:00:38 +04:00
|
|
|
my_make_scrambled_password_323(buff, $4.str, $4.length);
|
2007-08-14 20:31:06 -06:00
|
|
|
$1->password.str= buff;
|
|
|
|
$1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
char *buff=
|
|
|
|
(char *) YYTHD->alloc(SCRAMBLED_PASSWORD_CHAR_LENGTH+1);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (buff == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2009-06-01 16:00:38 +04:00
|
|
|
my_make_scrambled_password(buff, $4.str, $4.length);
|
2007-08-14 20:31:06 -06:00
|
|
|
$1->password.str= buff;
|
|
|
|
$1->password.length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
| user IDENTIFIED_SYM BY PASSWORD TEXT_STRING
|
|
|
|
{ $$= $1; $1->password= $5; }
|
|
|
|
| user
|
|
|
|
{ $$= $1; $1->password= null_lex_str; }
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_column_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->grant |= lex->which_columns;
|
|
|
|
}
|
|
|
|
| '(' column_list ')'
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
column_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
column_list ',' column_list_id
|
|
|
|
| column_list_id
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
column_list_id:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
String *new_str = new (YYTHD->mem_root) String((const char*) $1.str,$1.length,system_charset_info);
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (new_str == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
List_iterator <LEX_COLUMN> iter(Lex->columns);
|
|
|
|
class LEX_COLUMN *point;
|
|
|
|
LEX *lex=Lex;
|
|
|
|
while ((point=iter++))
|
|
|
|
{
|
|
|
|
if (!my_strcasecmp(system_charset_info,
|
|
|
|
point->column.ptr(), new_str->ptr()))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
lex->grant_tot_col|= lex->which_columns;
|
|
|
|
if (point)
|
|
|
|
point->rights |= lex->which_columns;
|
|
|
|
else
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
{
|
|
|
|
LEX_COLUMN *col= new LEX_COLUMN (*new_str,lex->which_columns);
|
|
|
|
if (col == NULL)
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
lex->columns.push_back(col);
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
require_clause:
|
|
|
|
/* empty */
|
2002-12-05 01:14:51 +03:00
|
|
|
| REQUIRE_SYM require_list
|
2002-09-05 16:17:08 +03:00
|
|
|
{
|
|
|
|
Lex->ssl_type=SSL_TYPE_SPECIFIED;
|
|
|
|
}
|
2001-09-30 10:46:20 +08:00
|
|
|
| REQUIRE_SYM SSL_SYM
|
2002-09-05 16:17:08 +03:00
|
|
|
{
|
|
|
|
Lex->ssl_type=SSL_TYPE_ANY;
|
|
|
|
}
|
2001-09-30 10:46:20 +08:00
|
|
|
| REQUIRE_SYM X509_SYM
|
2002-09-05 16:17:08 +03:00
|
|
|
{
|
|
|
|
Lex->ssl_type=SSL_TYPE_X509;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
| REQUIRE_SYM NONE_SYM
|
|
|
|
{
|
|
|
|
Lex->ssl_type=SSL_TYPE_NONE;
|
|
|
|
}
|
|
|
|
;
|
2001-09-01 16:29:37 +08:00
|
|
|
|
2002-01-29 18:32:16 +02:00
|
|
|
grant_options:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| WITH grant_option_list
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2002-01-29 18:32:16 +02:00
|
|
|
grant_option_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
grant_option_list grant_option {}
|
|
|
|
| grant_option {}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2002-01-29 18:32:16 +02:00
|
|
|
|
|
|
|
grant_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
GRANT OPTION { Lex->grant |= GRANT_ACL;}
|
2005-04-04 00:50:05 +02:00
|
|
|
| MAX_QUERIES_PER_HOUR ulong_num
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->mqh.questions=$2;
|
|
|
|
lex->mqh.specified_limits|= USER_RESOURCES::QUERIES_PER_HOUR;
|
|
|
|
}
|
2005-04-04 00:50:05 +02:00
|
|
|
| MAX_UPDATES_PER_HOUR ulong_num
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->mqh.updates=$2;
|
|
|
|
lex->mqh.specified_limits|= USER_RESOURCES::UPDATES_PER_HOUR;
|
|
|
|
}
|
2005-04-04 00:50:05 +02:00
|
|
|
| MAX_CONNECTIONS_PER_HOUR ulong_num
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->mqh.conn_per_hour= $2;
|
|
|
|
lex->mqh.specified_limits|= USER_RESOURCES::CONNECTIONS_PER_HOUR;
|
|
|
|
}
|
2005-04-04 00:50:05 +02:00
|
|
|
| MAX_USER_CONNECTIONS_SYM ulong_num
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->mqh.user_conn= $2;
|
|
|
|
lex->mqh.specified_limits|= USER_RESOURCES::USER_CONNECTIONS;
|
|
|
|
}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2001-12-26 16:49:10 +02:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
begin:
|
2007-08-14 20:31:06 -06:00
|
|
|
BEGIN_SYM
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command = SQLCOM_BEGIN;
|
|
|
|
lex->start_transaction_opt= 0;
|
|
|
|
}
|
|
|
|
opt_work {}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
opt_work:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| WORK_SYM {}
|
2002-10-16 16:55:08 +03:00
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
2005-02-01 19:48:05 +00:00
|
|
|
opt_chain:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{ $$= (YYTHD->variables.completion_type == 1); }
|
|
|
|
| AND_SYM NO_SYM CHAIN_SYM { $$=0; }
|
|
|
|
| AND_SYM CHAIN_SYM { $$=1; }
|
|
|
|
;
|
2005-02-01 19:48:05 +00:00
|
|
|
|
|
|
|
opt_release:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{ $$= (YYTHD->variables.completion_type == 2); }
|
|
|
|
| RELEASE_SYM { $$=1; }
|
|
|
|
| NO_SYM RELEASE_SYM { $$=0; }
|
|
|
|
;
|
|
|
|
|
2005-02-01 19:48:05 +00:00
|
|
|
opt_savepoint:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| SAVEPOINT_SYM {}
|
|
|
|
;
|
2005-02-01 19:48:05 +00:00
|
|
|
|
2000-07-31 21:29:14 +02:00
|
|
|
commit:
|
2007-08-14 20:31:06 -06:00
|
|
|
COMMIT_SYM opt_work opt_chain opt_release
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_COMMIT;
|
|
|
|
lex->tx_chain= $3;
|
|
|
|
lex->tx_release= $4;
|
|
|
|
}
|
|
|
|
;
|
2000-07-31 21:29:14 +02:00
|
|
|
|
|
|
|
rollback:
|
2007-08-14 20:31:06 -06:00
|
|
|
ROLLBACK_SYM opt_work opt_chain opt_release
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_ROLLBACK;
|
|
|
|
lex->tx_chain= $3;
|
|
|
|
lex->tx_release= $4;
|
|
|
|
}
|
|
|
|
| ROLLBACK_SYM opt_work
|
|
|
|
TO_SYM opt_savepoint ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_ROLLBACK_TO_SAVEPOINT;
|
|
|
|
lex->ident= $5;
|
|
|
|
}
|
|
|
|
;
|
2005-02-01 19:48:05 +00:00
|
|
|
|
2003-06-06 04:18:58 +03:00
|
|
|
savepoint:
|
2007-08-14 20:31:06 -06:00
|
|
|
SAVEPOINT_SYM ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_SAVEPOINT;
|
|
|
|
lex->ident= $2;
|
|
|
|
}
|
|
|
|
;
|
2005-02-01 19:48:05 +00:00
|
|
|
|
|
|
|
release:
|
2007-08-14 20:31:06 -06:00
|
|
|
RELEASE_SYM SAVEPOINT_SYM ident
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
lex->sql_command= SQLCOM_RELEASE_SAVEPOINT;
|
|
|
|
lex->ident= $3;
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2001-06-13 13:36:53 +03:00
|
|
|
/*
|
2002-08-30 12:40:40 +03:00
|
|
|
UNIONS : glue selects together
|
2001-06-13 13:36:53 +03:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
2002-11-28 17:25:41 +01:00
|
|
|
union_clause:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ {}
|
|
|
|
| union_list
|
|
|
|
;
|
2001-06-13 13:36:53 +03:00
|
|
|
|
|
|
|
union_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
UNION_SYM union_option
|
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2008-05-13 18:10:46 +03:00
|
|
|
if (lex->result &&
|
|
|
|
(lex->result->get_nest_level() == -1 ||
|
|
|
|
lex->result->get_nest_level() == lex->nest_level))
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
Only the last SELECT can have INTO unless the INTO and UNION
|
|
|
|
are at different nest levels. In version 5.1 and above, INTO
|
|
|
|
will onle be allowed at top level.
|
|
|
|
*/
|
|
|
|
my_error(ER_WRONG_USAGE, MYF(0), "UNION", "INTO");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->current_select->linkage == GLOBAL_OPTIONS_TYPE)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
/* This counter shouldn't be incremented for UNION parts */
|
|
|
|
Lex->nest_level--;
|
|
|
|
if (mysql_new_select(lex, 0))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
mysql_init_select(lex);
|
|
|
|
lex->current_select->linkage=UNION_TYPE;
|
|
|
|
if ($2) /* UNION DISTINCT - remember position */
|
|
|
|
lex->current_select->master_unit()->union_distinct=
|
|
|
|
lex->current_select;
|
|
|
|
}
|
|
|
|
select_init
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
Remove from the name resolution context stack the context of the
|
|
|
|
last select in the union.
|
|
|
|
*/
|
|
|
|
Lex->pop_context();
|
|
|
|
}
|
|
|
|
;
|
2001-10-25 14:41:49 +03:00
|
|
|
|
|
|
|
union_opt:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Empty */ { $$= 0; }
|
|
|
|
| union_list { $$= 1; }
|
|
|
|
| union_order_or_limit { $$= 1; }
|
|
|
|
;
|
2001-10-19 17:43:30 +03:00
|
|
|
|
2005-03-16 00:13:23 +00:00
|
|
|
union_order_or_limit:
|
2003-01-14 18:00:34 +02:00
|
|
|
{
|
2007-08-14 20:31:06 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
DBUG_ASSERT(lex->current_select->linkage != GLOBAL_OPTIONS_TYPE);
|
|
|
|
SELECT_LEX *sel= lex->current_select;
|
|
|
|
SELECT_LEX_UNIT *unit= sel->master_unit();
|
|
|
|
SELECT_LEX *fake= unit->fake_select_lex;
|
|
|
|
if (fake)
|
|
|
|
{
|
|
|
|
unit->global_parameters= fake;
|
|
|
|
fake->no_table_names_allowed= 1;
|
|
|
|
lex->current_select= fake;
|
|
|
|
}
|
|
|
|
thd->where= "global ORDER clause";
|
2003-01-14 18:00:34 +02:00
|
|
|
}
|
2007-08-14 20:31:06 -06:00
|
|
|
order_or_limit
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
thd->lex->current_select->no_table_names_allowed= 0;
|
|
|
|
thd->where= "";
|
|
|
|
}
|
|
|
|
;
|
2002-12-01 17:10:13 +01:00
|
|
|
|
|
|
|
order_or_limit:
|
2007-08-14 20:31:06 -06:00
|
|
|
order_clause opt_limit_clause_init
|
|
|
|
| limit_clause
|
|
|
|
;
|
2001-07-22 13:25:56 +03:00
|
|
|
|
|
|
|
union_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */ { $$=1; }
|
|
|
|
| DISTINCT { $$=1; }
|
|
|
|
| ALL { $$=0; }
|
2004-03-23 14:43:24 +01:00
|
|
|
;
|
2002-05-12 23:46:42 +03:00
|
|
|
|
2007-11-26 13:36:24 +02:00
|
|
|
take_first_select: /* empty */
|
|
|
|
{
|
|
|
|
$$= Lex->current_select->master_unit()->first_select();
|
|
|
|
};
|
2002-10-27 23:27:00 +02:00
|
|
|
|
2006-08-31 18:00:25 +03:00
|
|
|
subselect:
|
2007-11-26 13:36:24 +02:00
|
|
|
SELECT_SYM subselect_start select_init2 take_first_select
|
|
|
|
subselect_end
|
2006-08-31 18:00:25 +03:00
|
|
|
{
|
2007-11-26 13:36:24 +02:00
|
|
|
$$= $4;
|
2006-08-31 18:00:25 +03:00
|
|
|
}
|
2007-11-26 13:36:24 +02:00
|
|
|
| '(' subselect_start select_paren take_first_select
|
|
|
|
subselect_end ')'
|
|
|
|
{
|
|
|
|
$$= $4;
|
|
|
|
};
|
2002-10-27 23:27:00 +02:00
|
|
|
|
2002-05-12 23:46:42 +03:00
|
|
|
subselect_start:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
|
|
|
if (!lex->expr_allows_subselect ||
|
|
|
|
lex->sql_command == (int)SQLCOM_PURGE)
|
|
|
|
{
|
|
|
|
my_parse_error(ER(ER_SYNTAX_ERROR));
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
we are making a "derived table" for the parenthesis
|
|
|
|
as we need to have a lex level to fit the union
|
|
|
|
after the parenthesis, e.g.
|
|
|
|
(SELECT .. ) UNION ... becomes
|
|
|
|
SELECT * FROM ((SELECT ...) UNION ...)
|
|
|
|
*/
|
|
|
|
if (mysql_new_select(Lex, 1))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2002-05-12 23:46:42 +03:00
|
|
|
|
|
|
|
subselect_end:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex=Lex;
|
2009-03-05 15:22:33 +01:00
|
|
|
/*
|
|
|
|
Set the required lock level for the tables associated with the
|
|
|
|
current sub-select. This will overwrite previous lock options set
|
|
|
|
using st_select_lex::add_table_to_list in any of the following
|
|
|
|
rules: single_multi, table_wild_one, load_data, table_alias_ref,
|
|
|
|
table_factor.
|
|
|
|
The default lock level is TL_READ_DEFAULT but it can be modified
|
|
|
|
with query options specific for a certain (sub-)SELECT.
|
|
|
|
*/
|
|
|
|
lex->current_select->
|
|
|
|
set_lock_for_tables(lex->current_select->lock_option);
|
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->pop_context();
|
|
|
|
SELECT_LEX *child= lex->current_select;
|
|
|
|
lex->current_select = lex->current_select->return_after_parsing();
|
|
|
|
lex->nest_level--;
|
|
|
|
lex->current_select->n_child_sum_items += child->n_sum_items;
|
|
|
|
/*
|
|
|
|
A subselect can add fields to an outer select. Reserve space for
|
|
|
|
them.
|
|
|
|
*/
|
|
|
|
lex->current_select->select_n_where_fields+=
|
2007-02-24 23:04:15 +03:00
|
|
|
child->select_n_where_fields;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
;
|
2003-08-05 21:14:15 +02:00
|
|
|
|
2006-03-02 15:18:49 +03:00
|
|
|
/**************************************************************************
|
|
|
|
|
|
|
|
CREATE VIEW | TRIGGER | PROCEDURE statements.
|
|
|
|
|
|
|
|
**************************************************************************/
|
|
|
|
|
2006-06-27 13:15:40 +02:00
|
|
|
view_or_trigger_or_sp_or_event:
|
2007-10-16 20:47:08 -06:00
|
|
|
definer definer_tail
|
2007-08-14 20:31:06 -06:00
|
|
|
{}
|
2007-10-16 20:47:08 -06:00
|
|
|
| no_definer no_definer_tail
|
|
|
|
{}
|
|
|
|
| view_replace_or_algorithm definer_opt view_tail
|
2007-08-14 20:31:06 -06:00
|
|
|
{}
|
|
|
|
;
|
2006-03-02 15:18:49 +03:00
|
|
|
|
2007-10-16 20:47:08 -06:00
|
|
|
definer_tail:
|
2007-08-14 20:31:06 -06:00
|
|
|
view_tail
|
|
|
|
| trigger_tail
|
|
|
|
| sp_tail
|
2007-10-16 20:47:08 -06:00
|
|
|
| sf_tail
|
|
|
|
| event_tail
|
|
|
|
;
|
|
|
|
|
|
|
|
no_definer_tail:
|
|
|
|
view_tail
|
|
|
|
| trigger_tail
|
|
|
|
| sp_tail
|
|
|
|
| sf_tail
|
|
|
|
| udf_tail
|
2007-08-14 20:31:06 -06:00
|
|
|
| event_tail
|
|
|
|
;
|
2006-03-02 15:18:49 +03:00
|
|
|
|
|
|
|
/**************************************************************************
|
|
|
|
|
|
|
|
DEFINER clause support.
|
|
|
|
|
|
|
|
**************************************************************************/
|
|
|
|
|
2007-10-16 20:47:08 -06:00
|
|
|
definer_opt:
|
|
|
|
no_definer
|
|
|
|
| definer
|
|
|
|
;
|
|
|
|
|
|
|
|
no_definer:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
We have to distinguish missing DEFINER-clause from case when
|
|
|
|
CURRENT_USER specified as definer explicitly in order to properly
|
|
|
|
handle CREATE TRIGGER statements which come to replication thread
|
|
|
|
from older master servers (i.e. to create non-suid trigger in this
|
|
|
|
case).
|
|
|
|
*/
|
|
|
|
YYTHD->lex->definer= 0;
|
|
|
|
}
|
2007-10-16 20:47:08 -06:00
|
|
|
;
|
|
|
|
|
|
|
|
definer:
|
|
|
|
DEFINER_SYM EQ user
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
YYTHD->lex->definer= get_current_user(YYTHD, $3);
|
|
|
|
}
|
|
|
|
;
|
2005-11-10 22:25:03 +03:00
|
|
|
|
|
|
|
/**************************************************************************
|
|
|
|
|
2006-03-02 15:18:49 +03:00
|
|
|
CREATE VIEW statement parts.
|
2005-11-10 22:25:03 +03:00
|
|
|
|
|
|
|
**************************************************************************/
|
|
|
|
|
|
|
|
view_replace_or_algorithm:
|
2007-08-14 20:31:06 -06:00
|
|
|
view_replace
|
|
|
|
{}
|
|
|
|
| view_replace view_algorithm
|
|
|
|
{}
|
|
|
|
| view_algorithm
|
|
|
|
{}
|
|
|
|
;
|
2005-11-10 22:25:03 +03:00
|
|
|
|
|
|
|
view_replace:
|
2007-08-14 20:31:06 -06:00
|
|
|
OR_SYM REPLACE
|
|
|
|
{ Lex->create_view_mode= VIEW_CREATE_OR_REPLACE; }
|
|
|
|
;
|
2005-11-10 22:25:03 +03:00
|
|
|
|
|
|
|
view_algorithm:
|
2007-08-14 20:31:06 -06:00
|
|
|
ALGORITHM_SYM EQ UNDEFINED_SYM
|
|
|
|
{ Lex->create_view_algorithm= VIEW_ALGORITHM_UNDEFINED; }
|
|
|
|
| ALGORITHM_SYM EQ MERGE_SYM
|
|
|
|
{ Lex->create_view_algorithm= VIEW_ALGORITHM_MERGE; }
|
|
|
|
| ALGORITHM_SYM EQ TEMPTABLE_SYM
|
|
|
|
{ Lex->create_view_algorithm= VIEW_ALGORITHM_TMPTABLE; }
|
|
|
|
;
|
2005-11-10 22:25:03 +03:00
|
|
|
|
|
|
|
view_suid:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{ Lex->create_view_suid= VIEW_SUID_DEFAULT; }
|
|
|
|
| SQL_SYM SECURITY_SYM DEFINER_SYM
|
|
|
|
{ Lex->create_view_suid= VIEW_SUID_DEFINER; }
|
|
|
|
| SQL_SYM SECURITY_SYM INVOKER_SYM
|
|
|
|
{ Lex->create_view_suid= VIEW_SUID_INVOKER; }
|
|
|
|
;
|
2005-11-10 22:25:03 +03:00
|
|
|
|
|
|
|
view_tail:
|
2007-08-14 20:31:06 -06:00
|
|
|
view_suid VIEW_SYM table_ident
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
lex->sql_command= SQLCOM_CREATE_VIEW;
|
|
|
|
/* first table in list is target VIEW name */
|
|
|
|
if (!lex->select_lex.add_table_to_list(thd, $3, NULL, TL_OPTION_UPDATING))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2008-02-22 13:30:33 +03:00
|
|
|
view_list_opt AS view_select
|
2007-08-14 20:31:06 -06:00
|
|
|
;
|
2005-11-10 22:25:03 +03:00
|
|
|
|
|
|
|
view_list_opt:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{}
|
|
|
|
| '(' view_list ')'
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
|
|
|
view_list:
|
2007-08-14 20:31:06 -06:00
|
|
|
ident
|
|
|
|
{
|
|
|
|
Lex->view_list.push_back((LEX_STRING*)
|
|
|
|
sql_memdup(&$1, sizeof(LEX_STRING)));
|
|
|
|
}
|
|
|
|
| view_list ',' ident
|
|
|
|
{
|
|
|
|
Lex->view_list.push_back((LEX_STRING*)
|
|
|
|
sql_memdup(&$3, sizeof(LEX_STRING)));
|
|
|
|
}
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2005-11-10 22:25:03 +03:00
|
|
|
view_select:
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->parsing_options.allows_variable= FALSE;
|
|
|
|
lex->parsing_options.allows_select_into= FALSE;
|
|
|
|
lex->parsing_options.allows_select_procedure= FALSE;
|
|
|
|
lex->parsing_options.allows_derived= FALSE;
|
2008-07-14 19:43:12 -06:00
|
|
|
lex->create_view_select.str= (char *) YYLIP->get_cpp_ptr();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
view_select_aux view_check_option
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= Lex;
|
2008-07-14 19:43:12 -06:00
|
|
|
uint len= YYLIP->get_cpp_ptr() - lex->create_view_select.str;
|
2008-02-20 17:26:50 -03:00
|
|
|
void *create_view_select= thd->memdup(lex->create_view_select.str, len);
|
|
|
|
lex->create_view_select.length= len;
|
|
|
|
lex->create_view_select.str= (char *) create_view_select;
|
|
|
|
trim_whitespace(thd->charset(), &lex->create_view_select);
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->parsing_options.allows_variable= TRUE;
|
|
|
|
lex->parsing_options.allows_select_into= TRUE;
|
|
|
|
lex->parsing_options.allows_select_procedure= TRUE;
|
|
|
|
lex->parsing_options.allows_derived= TRUE;
|
|
|
|
}
|
2006-10-12 18:02:57 +04:00
|
|
|
;
|
|
|
|
|
|
|
|
view_select_aux:
|
2007-08-14 20:31:06 -06:00
|
|
|
SELECT_SYM select_init2
|
Bug#25411 (trigger code truncated), PART II
Bug 28127 (Some valid identifiers names are not parsed correctly)
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
This patch is the second part of a major cleanup, required to fix
Bug 25411 (trigger code truncated).
The root cause of the issue stems from the function skip_rear_comments,
which was a work around to remove "extra" "*/" characters from the query
text, when parsing a query and reusing the text fragments to represent a
view, trigger, function or stored procedure.
The reason for this work around is that "special comments",
like /*!50002 XXX */, were not parsed properly, so that a query like:
AAA /*!50002 BBB */ CCC
would be seen by the parser as "AAA BBB */ CCC" when the current version
is greater or equal to 5.0.2
The root cause of this stems from how special comments are parsed.
Special comments are really out-of-bound text that appear inside a query,
that affects how the parser behave.
In nature, /*!50002 XXX */ in MySQL is similar to the C concept
of preprocessing :
#if VERSION >= 50002
XXX
#endif
Depending on the current VERSION of the server, either the special comment
should be expanded or it should be ignored, but in all cases the "text" of
the query should be re-written to strip the "/*!50002" and "*/" markers,
which does not belong to the SQL language itself.
Prior to this fix, these markers would leak into :
- the storage format for VIEW,
- the storage format for FUNCTION,
- the storage format for FUNCTION parameters, in mysql.proc (param_list),
- the storage format for PROCEDURE,
- the storage format for PROCEDURE parameters, in mysql.proc (param_list),
- the storage format for TRIGGER,
- the binary log used for replication.
In all cases, not only this cause format corruption, but also provide a vector
for dormant security issues, by allowing to tunnel code that will be activated
after an upgrade.
The proper solution is to deal with special comments strictly during parsing,
when accepting a query from the outside world.
Once a query is parsed and an object is created with a persistant
representation, this object should not arbitrarily mutate after an upgrade.
In short, special comments are a useful but limited feature for MYSQLdump,
when used at an *interface* level to facilitate import/export,
but bloating the server *internal* storage format is *not* the proper way
to deal with configuration management of the user logic.
With this fix:
- the Lex_input_stream class now acts as a comment pre-processor,
and either expands or ignore special comments on the fly.
- MYSQLlex and sql_yacc.yy have been cleaned up to strictly use the
public interface of Lex_input_stream. In particular, how the input stream
accepts or rejects a character is private to Lex_input_stream, and the
internal buffer pointers of that class are strictly private, and should not
be tempered with during parsing.
This caused many changes mostly in sql_lex.cc.
During the code cleanup in case MY_LEX_NUMBER_IDENT,
Bug 28127 (Some valid identifiers names are not parsed correctly)
was found and fixed.
By parsing special comments properly, and removing the function
'skip_rear_comments' [sic],
Bug 26302 (MySQL server cuts off trailing "*/" from comments in SP/func)
has been fixed as well.
2007-06-12 15:23:58 -06:00
|
|
|
| '(' select_paren ')' union_opt
|
|
|
|
;
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2005-11-10 22:25:03 +03:00
|
|
|
view_check_option:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* empty */
|
|
|
|
{ Lex->create_view_check= VIEW_CHECK_NONE; }
|
|
|
|
| WITH CHECK_SYM OPTION
|
|
|
|
{ Lex->create_view_check= VIEW_CHECK_CASCADED; }
|
|
|
|
| WITH CASCADED CHECK_SYM OPTION
|
|
|
|
{ Lex->create_view_check= VIEW_CHECK_CASCADED; }
|
|
|
|
| WITH LOCAL_SYM CHECK_SYM OPTION
|
|
|
|
{ Lex->create_view_check= VIEW_CHECK_LOCAL; }
|
|
|
|
;
|
2005-09-14 10:53:09 +03:00
|
|
|
|
2005-11-10 22:25:03 +03:00
|
|
|
/**************************************************************************
|
|
|
|
|
|
|
|
CREATE TRIGGER statement parts.
|
|
|
|
|
|
|
|
**************************************************************************/
|
|
|
|
|
|
|
|
trigger_tail:
|
2007-08-14 20:31:06 -06:00
|
|
|
TRIGGER_SYM
|
|
|
|
remember_name
|
|
|
|
sp_name
|
|
|
|
trg_action_time
|
|
|
|
trg_event
|
|
|
|
ON
|
|
|
|
remember_name /* $7 */
|
|
|
|
{ /* $8 */
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex->raw_trg_on_table_name_begin= YYLIP->get_tok_start();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
table_ident /* $9 */
|
|
|
|
FOR_SYM
|
|
|
|
remember_name /* $11 */
|
|
|
|
{ /* $12 */
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex->raw_trg_on_table_name_end= YYLIP->get_tok_start();
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
EACH_SYM
|
|
|
|
ROW_SYM
|
|
|
|
{ /* $15 */
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2007-08-14 20:31:06 -06:00
|
|
|
sp_head *sp;
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_RECURSIVE_CREATE, MYF(0), "TRIGGER");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-02-14 13:19:54 +01:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (!(sp= new sp_head()))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
sp->reset_thd_mem_root(thd);
|
|
|
|
sp->init(lex);
|
|
|
|
sp->m_type= TYPE_ENUM_TRIGGER;
|
|
|
|
sp->init_sp_name(thd, $3);
|
|
|
|
lex->stmt_definition_begin= $2;
|
|
|
|
lex->ident.str= $7;
|
|
|
|
lex->ident.length= $11 - $7;
|
|
|
|
|
|
|
|
lex->sphead= sp;
|
|
|
|
lex->spname= $3;
|
|
|
|
|
|
|
|
bzero((char *)&lex->sp_chistics, sizeof(st_sp_chistics));
|
|
|
|
lex->sphead->m_chistics= &lex->sp_chistics;
|
|
|
|
lex->sphead->set_body_start(thd, lip->get_cpp_ptr());
|
|
|
|
}
|
|
|
|
sp_proc_stmt /* $16 */
|
|
|
|
{ /* $17 */
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
|
|
|
|
lex->sql_command= SQLCOM_CREATE_TRIGGER;
|
|
|
|
sp->set_stmt_end(YYTHD);
|
|
|
|
sp->restore_thd_mem_root(YYTHD);
|
|
|
|
|
|
|
|
if (sp->is_not_allowed_in_function("trigger"))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
|
|
|
|
/*
|
|
|
|
We have to do it after parsing trigger body, because some of
|
|
|
|
sp_proc_stmt alternatives are not saving/restoring LEX, so
|
|
|
|
lex->query_tables can be wiped out.
|
|
|
|
*/
|
|
|
|
if (!lex->select_lex.add_table_to_list(YYTHD, $9,
|
|
|
|
(LEX_STRING*) 0,
|
|
|
|
TL_OPTION_UPDATING,
|
|
|
|
TL_IGNORE))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
;
|
2005-09-14 10:53:09 +03:00
|
|
|
|
2006-03-02 15:18:49 +03:00
|
|
|
/**************************************************************************
|
|
|
|
|
|
|
|
CREATE FUNCTION | PROCEDURE statements parts.
|
|
|
|
|
|
|
|
**************************************************************************/
|
|
|
|
|
2007-10-16 20:47:08 -06:00
|
|
|
udf_tail:
|
|
|
|
AGGREGATE_SYM remember_name FUNCTION_SYM ident
|
|
|
|
RETURNS_SYM udf_type SONAME_SYM TEXT_STRING_sys
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
2007-10-16 20:47:08 -06:00
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
if (is_native_function(thd, & $4))
|
|
|
|
{
|
|
|
|
my_error(ER_NATIVE_FCT_NAME_COLLISION, MYF(0),
|
|
|
|
$4.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command = SQLCOM_CREATE_FUNCTION;
|
|
|
|
lex->udf.type= UDFTYPE_AGGREGATE;
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->stmt_definition_begin= $2;
|
2007-10-16 20:47:08 -06:00
|
|
|
lex->udf.name = $4;
|
|
|
|
lex->udf.returns=(Item_result) $6;
|
|
|
|
lex->udf.dl=$8.str;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
2007-10-16 20:47:08 -06:00
|
|
|
| remember_name FUNCTION_SYM ident
|
|
|
|
RETURNS_SYM udf_type SONAME_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
if (is_native_function(thd, & $3))
|
|
|
|
{
|
|
|
|
my_error(ER_NATIVE_FCT_NAME_COLLISION, MYF(0),
|
|
|
|
$3.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
lex->sql_command = SQLCOM_CREATE_FUNCTION;
|
|
|
|
lex->udf.type= UDFTYPE_FUNCTION;
|
|
|
|
lex->stmt_definition_begin= $1;
|
|
|
|
lex->udf.name = $3;
|
|
|
|
lex->udf.returns=(Item_result) $5;
|
|
|
|
lex->udf.dl=$7.str;
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
sf_tail:
|
|
|
|
remember_name /* $1 */
|
|
|
|
FUNCTION_SYM /* $2 */
|
|
|
|
sp_name /* $3 */
|
|
|
|
'(' /* $4 */
|
|
|
|
{ /* $5 */
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 15:41:30 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2007-10-16 20:47:08 -06:00
|
|
|
sp_head *sp;
|
|
|
|
const char* tmp_param_begin;
|
|
|
|
|
|
|
|
lex->stmt_definition_begin= $1;
|
|
|
|
lex->spname= $3;
|
|
|
|
|
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_RECURSIVE_CREATE, MYF(0), "FUNCTION");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
/* Order is important here: new - reset - init */
|
|
|
|
sp= new sp_head();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (sp == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-10-16 20:47:08 -06:00
|
|
|
sp->reset_thd_mem_root(thd);
|
|
|
|
sp->init(lex);
|
|
|
|
sp->init_sp_name(thd, lex->spname);
|
|
|
|
|
|
|
|
sp->m_type= TYPE_ENUM_FUNCTION;
|
|
|
|
lex->sphead= sp;
|
|
|
|
|
|
|
|
tmp_param_begin= lip->get_cpp_tok_start();
|
|
|
|
tmp_param_begin++;
|
|
|
|
lex->sphead->m_param_begin= tmp_param_begin;
|
|
|
|
}
|
|
|
|
sp_fdparam_list /* $6 */
|
|
|
|
')' /* $7 */
|
|
|
|
{ /* $8 */
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex->sphead->m_param_end= YYLIP->get_cpp_tok_start();
|
2007-10-16 20:47:08 -06:00
|
|
|
}
|
|
|
|
RETURNS_SYM /* $9 */
|
|
|
|
{ /* $10 */
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->charset= NULL;
|
|
|
|
lex->length= lex->dec= NULL;
|
|
|
|
lex->interval_list.empty();
|
|
|
|
lex->type= 0;
|
|
|
|
}
|
|
|
|
type /* $11 */
|
|
|
|
{ /* $12 */
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
/*
|
|
|
|
This was disabled in 5.1.12. See bug #20701
|
|
|
|
When collation support in SP is implemented, then this test
|
|
|
|
should be removed.
|
|
|
|
*/
|
|
|
|
if (($11 == MYSQL_TYPE_STRING || $11 == MYSQL_TYPE_VARCHAR)
|
|
|
|
&& (lex->type & BINCMP_FLAG))
|
|
|
|
{
|
|
|
|
my_error(ER_NOT_SUPPORTED_YET, MYF(0), "return value collation");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sp->fill_field_definition(YYTHD, lex,
|
|
|
|
(enum enum_field_types) $11,
|
|
|
|
&sp->m_return_field_def))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
|
|
|
|
bzero((char *)&lex->sp_chistics, sizeof(st_sp_chistics));
|
|
|
|
}
|
|
|
|
sp_c_chistics /* $13 */
|
|
|
|
{ /* $14 */
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
2008-07-14 15:41:30 -06:00
|
|
|
Lex_input_stream *lip= YYLIP;
|
2007-10-16 20:47:08 -06:00
|
|
|
|
|
|
|
lex->sphead->m_chistics= &lex->sp_chistics;
|
|
|
|
lex->sphead->set_body_start(thd, lip->get_cpp_tok_start());
|
|
|
|
}
|
|
|
|
sp_proc_stmt /* $15 */
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
|
|
|
|
if (sp->is_not_allowed_in_function("function"))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
|
|
|
|
lex->sql_command= SQLCOM_CREATE_SPFUNCTION;
|
|
|
|
sp->set_stmt_end(thd);
|
|
|
|
if (!(sp->m_flags & sp_head::HAS_RETURN))
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NORETURN, MYF(0), sp->m_qname.str);
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
|
|
|
if (is_native_function(thd, & sp->m_name))
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
This warning will be printed when
|
|
|
|
[1] A client query is parsed,
|
|
|
|
[2] A stored function is loaded by db_load_routine.
|
|
|
|
Printing the warning for [2] is intentional, to cover the
|
|
|
|
following scenario:
|
|
|
|
- A user define a SF 'foo' using MySQL 5.N
|
|
|
|
- An application uses select foo(), and works.
|
|
|
|
- MySQL 5.{N+1} defines a new native function 'foo', as
|
|
|
|
part of a new feature.
|
|
|
|
- MySQL 5.{N+1} documentation is updated, and should mention
|
|
|
|
that there is a potential incompatible change in case of
|
|
|
|
existing stored function named 'foo'.
|
|
|
|
- The user deploys 5.{N+1}. At this point, 'select foo()'
|
|
|
|
means something different, and the user code is most likely
|
|
|
|
broken (it's only safe if the code is 'select db.foo()').
|
|
|
|
With a warning printed when the SF is loaded (which has to occur
|
|
|
|
before the call), the warning will provide a hint explaining
|
|
|
|
the root cause of a later failure of 'select foo()'.
|
|
|
|
With no warning printed, the user code will fail with no
|
|
|
|
apparent reason.
|
|
|
|
Printing a warning each time db_load_routine is executed for
|
|
|
|
an ambiguous function is annoying, since that can happen a lot,
|
|
|
|
but in practice should not happen unless there *are* name
|
|
|
|
collisions.
|
|
|
|
If a collision exists, it should not be silenced but fixed.
|
|
|
|
*/
|
|
|
|
push_warning_printf(thd,
|
|
|
|
MYSQL_ERROR::WARN_LEVEL_NOTE,
|
|
|
|
ER_NATIVE_FCT_NAME_COLLISION,
|
|
|
|
ER(ER_NATIVE_FCT_NAME_COLLISION),
|
|
|
|
sp->m_name.str);
|
|
|
|
}
|
|
|
|
sp->restore_thd_mem_root(thd);
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
sp_tail:
|
|
|
|
PROCEDURE remember_name sp_name
|
2007-08-14 20:31:06 -06:00
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp;
|
2006-03-02 15:18:49 +03:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
if (lex->sphead)
|
|
|
|
{
|
|
|
|
my_error(ER_SP_NO_RECURSIVE_CREATE, MYF(0), "PROCEDURE");
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
}
|
2006-03-02 15:18:49 +03:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->stmt_definition_begin= $2;
|
2006-03-02 15:18:49 +03:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
/* Order is important here: new - reset - init */
|
|
|
|
sp= new sp_head();
|
Bug#38296 (low memory crash with many conditions in a query)
This fix is for 5.1 only : back porting the 6.0 patch manually
The parser code in sql/sql_yacc.yy needs to be more robust to out of
memory conditions, so that when parsing a query fails due to OOM,
the thread gracefully returns an error.
Before this fix, a new/alloc returning NULL could:
- cause a crash, if dereferencing the NULL pointer,
- produce a corrupted parsed tree, containing NULL nodes,
- alter the semantic of a query, by silently dropping token values or nodes
With this fix:
- C++ constructors are *not* executed with a NULL "this" pointer
when operator new fails.
This is achieved by declaring "operator new" with a "throw ()" clause,
so that a failed new gracefully returns NULL on OOM conditions.
- calls to new/alloc are tested for a NULL result,
- The thread diagnostic area is set to an error status when OOM occurs.
This ensures that a request failing in the server properly returns an
ER_OUT_OF_RESOURCES error to the client.
- OOM conditions cause the parser to stop immediately (MYSQL_YYABORT).
This prevents causing further crashes when using a partially built parsed
tree in further rules in the parser.
No test scripts are provided, since automating OOM failures is not
instrumented in the server.
Tested under the debugger, to verify that an error in alloc_root cause the
thread to returns gracefully all the way to the client application, with
an ER_OUT_OF_RESOURCES error.
2008-08-12 17:05:19 -06:00
|
|
|
if (sp == NULL)
|
|
|
|
MYSQL_YYABORT;
|
2007-08-14 20:31:06 -06:00
|
|
|
sp->reset_thd_mem_root(YYTHD);
|
|
|
|
sp->init(lex);
|
|
|
|
sp->m_type= TYPE_ENUM_PROCEDURE;
|
|
|
|
sp->init_sp_name(YYTHD, $3);
|
2006-03-02 15:18:49 +03:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
lex->sphead= sp;
|
|
|
|
}
|
|
|
|
'('
|
|
|
|
{
|
|
|
|
const char* tmp_param_begin;
|
2006-03-02 15:18:49 +03:00
|
|
|
|
2008-07-14 19:43:12 -06:00
|
|
|
tmp_param_begin= YYLIP->get_cpp_tok_start();
|
2007-08-14 20:31:06 -06:00
|
|
|
tmp_param_begin++;
|
2008-07-14 19:43:12 -06:00
|
|
|
Lex->sphead->m_param_begin= tmp_param_begin;
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
sp_pdparam_list
|
|
|
|
')'
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
|
2008-07-14 19:43:12 -06:00
|
|
|
lex->sphead->m_param_end= YYLIP->get_cpp_tok_start();
|
2007-08-14 20:31:06 -06:00
|
|
|
bzero((char *)&lex->sp_chistics, sizeof(st_sp_chistics));
|
|
|
|
}
|
|
|
|
sp_c_chistics
|
|
|
|
{
|
|
|
|
THD *thd= YYTHD;
|
|
|
|
LEX *lex= thd->lex;
|
|
|
|
|
|
|
|
lex->sphead->m_chistics= &lex->sp_chistics;
|
2008-07-14 19:43:12 -06:00
|
|
|
lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start());
|
2007-08-14 20:31:06 -06:00
|
|
|
}
|
|
|
|
sp_proc_stmt
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
sp_head *sp= lex->sphead;
|
|
|
|
|
|
|
|
sp->set_stmt_end(YYTHD);
|
|
|
|
lex->sql_command= SQLCOM_CREATE_PROCEDURE;
|
|
|
|
sp->restore_thd_mem_root(YYTHD);
|
|
|
|
}
|
|
|
|
;
|
2006-03-02 15:18:49 +03:00
|
|
|
|
2005-11-10 22:25:03 +03:00
|
|
|
/*************************************************************************/
|
2004-11-11 19:01:46 -08:00
|
|
|
|
2007-08-14 20:31:06 -06:00
|
|
|
xa:
|
|
|
|
XA_SYM begin_or_start xid opt_join_or_resume
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_XA_START;
|
|
|
|
}
|
|
|
|
| XA_SYM END xid opt_suspend
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_XA_END;
|
|
|
|
}
|
|
|
|
| XA_SYM PREPARE_SYM xid
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_XA_PREPARE;
|
|
|
|
}
|
|
|
|
| XA_SYM COMMIT_SYM xid opt_one_phase
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_XA_COMMIT;
|
|
|
|
}
|
|
|
|
| XA_SYM ROLLBACK_SYM xid
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_XA_ROLLBACK;
|
|
|
|
}
|
|
|
|
| XA_SYM RECOVER_SYM
|
|
|
|
{
|
|
|
|
Lex->sql_command = SQLCOM_XA_RECOVER;
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
xid:
|
|
|
|
text_string
|
|
|
|
{
|
|
|
|
MYSQL_YYABORT_UNLESS($1->length() <= MAXGTRIDSIZE);
|
|
|
|
if (!(Lex->xid=(XID *)YYTHD->alloc(sizeof(XID))))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->xid->set(1L, $1->ptr(), $1->length(), 0, 0);
|
|
|
|
}
|
|
|
|
| text_string ',' text_string
|
|
|
|
{
|
|
|
|
MYSQL_YYABORT_UNLESS($1->length() <= MAXGTRIDSIZE && $3->length() <= MAXBQUALSIZE);
|
|
|
|
if (!(Lex->xid=(XID *)YYTHD->alloc(sizeof(XID))))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->xid->set(1L, $1->ptr(), $1->length(), $3->ptr(), $3->length());
|
|
|
|
}
|
|
|
|
| text_string ',' text_string ',' ulong_num
|
|
|
|
{
|
|
|
|
MYSQL_YYABORT_UNLESS($1->length() <= MAXGTRIDSIZE && $3->length() <= MAXBQUALSIZE);
|
|
|
|
if (!(Lex->xid=(XID *)YYTHD->alloc(sizeof(XID))))
|
|
|
|
MYSQL_YYABORT;
|
|
|
|
Lex->xid->set($5, $1->ptr(), $1->length(), $3->ptr(), $3->length());
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
|
|
|
begin_or_start:
|
|
|
|
BEGIN_SYM {}
|
|
|
|
| START_SYM {}
|
|
|
|
;
|
2005-01-16 13:16:23 +01:00
|
|
|
|
|
|
|
opt_join_or_resume:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* nothing */ { Lex->xa_opt=XA_NONE; }
|
|
|
|
| JOIN_SYM { Lex->xa_opt=XA_JOIN; }
|
|
|
|
| RESUME_SYM { Lex->xa_opt=XA_RESUME; }
|
|
|
|
;
|
2005-01-16 13:16:23 +01:00
|
|
|
|
|
|
|
opt_one_phase:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* nothing */ { Lex->xa_opt=XA_NONE; }
|
|
|
|
| ONE_SYM PHASE_SYM { Lex->xa_opt=XA_ONE_PHASE; }
|
|
|
|
;
|
2005-01-16 13:16:23 +01:00
|
|
|
|
2005-08-19 18:00:16 +04:00
|
|
|
opt_suspend:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* nothing */
|
|
|
|
{ Lex->xa_opt=XA_NONE; }
|
|
|
|
| SUSPEND_SYM
|
|
|
|
{ Lex->xa_opt=XA_SUSPEND; }
|
|
|
|
opt_migrate
|
|
|
|
;
|
2005-08-19 18:00:16 +04:00
|
|
|
|
|
|
|
opt_migrate:
|
2007-08-14 20:31:06 -06:00
|
|
|
/* nothing */ {}
|
|
|
|
| FOR_SYM MIGRATE_SYM { Lex->xa_opt=XA_FOR_MIGRATE; }
|
|
|
|
;
|
2005-01-16 13:16:23 +01:00
|
|
|
|
2005-11-06 13:13:06 +01:00
|
|
|
install:
|
2007-08-14 20:31:06 -06:00
|
|
|
INSTALL_SYM PLUGIN_SYM ident SONAME_SYM TEXT_STRING_sys
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_INSTALL_PLUGIN;
|
|
|
|
lex->comment= $3;
|
|
|
|
lex->ident= $5;
|
|
|
|
}
|
|
|
|
;
|
2005-01-16 13:16:23 +01:00
|
|
|
|
2005-11-06 13:13:06 +01:00
|
|
|
uninstall:
|
2007-08-14 20:31:06 -06:00
|
|
|
UNINSTALL_SYM PLUGIN_SYM ident
|
|
|
|
{
|
|
|
|
LEX *lex= Lex;
|
|
|
|
lex->sql_command= SQLCOM_UNINSTALL_PLUGIN;
|
|
|
|
lex->comment= $3;
|
|
|
|
}
|
|
|
|
;
|
|
|
|
|
2007-08-15 19:08:44 +04:00
|
|
|
/**
|
|
|
|
@} (end of group Parser)
|
|
|
|
*/
|