The easiest way to compile and test the server with UBSAN is to run:
./BUILD/compile-pentium64-ubsan
and then run mysql-test-run.
After this commit, one should be able to run this without any UBSAN
warnings. There is still a few compiler warnings that should be fixed
at some point, but these do not expose any real bugs.
The 'special' cases where we disable, suppress or circumvent UBSAN are:
- ref10 source (as here we intentionally do some shifts that UBSAN
complains about.
- x86 version of optimized int#korr() methods. UBSAN do not like unaligned
memory access of integers. Fixed by using byte_order_generic.h when
compiling with UBSAN
- We use smaller thread stack with ASAN and UBSAN, which forced me to
disable a few tests that prints the thread stack size.
- Verifying class types does not work for shared libraries. I added
suppression in mysql-test-run.pl for this case.
- Added '#ifdef WITH_UBSAN' when using integer arithmetic where it is
safe to have overflows (two cases, in item_func.cc).
Things fixed:
- Don't left shift signed values
(byte_order_generic.h, mysqltest.c, item_sum.cc and many more)
- Don't assign not non existing values to enum variables.
- Ensure that bool and enum values are properly initialized in
constructors. This was needed as UBSAN checks that these types has
correct values when one copies an object.
(gcalc_tools.h, ha_partition.cc, item_sum.cc, partition_element.h ...)
- Ensure we do not called handler functions on unallocated objects or
deleted objects.
(events.cc, sql_acl.cc).
- Fixed bugs in Item_sp::Item_sp() where we did not call constructor
on Query_arena object.
- Fixed several cast of objects to an incompatible class!
(Item.cc, Item_buff.cc, item_timefunc.cc, opt_subselect.cc, sql_acl.cc,
sql_select.cc ...)
- Ensure we do not do integer arithmetic that causes over or underflows.
This includes also ++ and -- of integers.
(Item_func.cc, Item_strfunc.cc, item_timefunc.cc, sql_base.cc ...)
- Added JSON_VALUE_UNITIALIZED to json_value_types and ensure that
value_type is initialized to this instead of to -1, which is not a valid
enum value for json_value_types.
- Ensure we do not call memcpy() when second argument could be null.
- Fixed that Item_func_str::make_empty_result() creates an empty string
instead of a null string (safer as it ensures we do not do arithmetic
on null strings).
Other things:
- Changed struct st_position to an OBJECT and added an initialization
function to it to ensure that we do not copy or use uninitialized
members. The change to a class was also motived that we used "struct
st_position" and POSITION randomly trough the code which was
confusing.
- Notably big rewrite in sql_acl.cc to avoid using deleted objects.
- Changed in sql_partition to use '^' instead of '-'. This is safe as
the operator is either 0 or 0x8000000000000000ULL.
- Added check for select_nr < INT_MAX in JOIN::build_explain() to
avoid bug when get_select() could return NULL.
- Reordered elements in POSITION for better alignment.
- Changed sql_test.cc::print_plan() to use pointers instead of objects.
- Fixed bug in find_set() where could could execute '1 << -1'.
- Added variable have_sanitizer, used by mtr. (This variable was before
only in 10.5 and up). It can now have one of two values:
ASAN or UBSAN.
- Moved ~Archive_share() from ha_archive.cc to ha_archive.h and marked
it virtual. This was an effort to get UBSAN to work with loaded storage
engines. I kept the change as the new place is better.
- Added in CONNECT engine COLBLK::SetName(), to get around a wrong cast
in tabutil.cpp.
- Added HAVE_REPLICATION around usage of rgi_slave, to get embedded
server to compile with UBSAN. (Patch from Marko).
- Added #ifdef for powerpc64 to avoid a bug in old gcc versions related
to integer arithmetic.
Changes that should not be needed but had to be done to suppress warnings
from UBSAN:
- Added static_cast<<uint16_t>> around shift to get rid of a LOT of
compiler warnings when using UBSAN.
- Had to change some '/' of 2 base integers to shift to get rid of
some compile time warnings.
Reviewed by:
- Json changes: Alexey Botchkov
- Charset changes in ctype-uca.c: Alexander Barkov
- InnoDB changes & Embedded server: Marko Mäkelä
- sql_acl.cc changes: Vicențiu Ciorbaru
- build_explain() changes: Sergey Petrunia
This commit is based on the work of Michal Schorm, rebased on the
earliest MariaDB version.
Th command line used to generate this diff was:
find ./ -type f \
-exec sed -i -e 's/Foundation, Inc., 59 Temple Place, Suite 330, Boston, /Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, /g' {} \; \
-exec sed -i -e 's/Foundation, Inc. 59 Temple Place.* Suite 330, Boston, /Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, /g' {} \; \
-exec sed -i -e 's/MA.*.....-1307.*USA/MA 02110-1335 USA/g' {} \; \
-exec sed -i -e 's/Foundation, Inc., 59 Temple/Foundation, Inc., 51 Franklin/g' {} \; \
-exec sed -i -e 's/Place, Suite 330, Boston, MA.*02111-1307.*USA/Street, Fifth Floor, Boston, MA 02110-1335 USA/g' {} \; \
-exec sed -i -e 's/MA.*.....-1307/MA 02110-1335/g' {} \;
Checks for thd->killed state added to the long loops in geometry calculations.
per-file comments:
sql/gcalc_slicescan.cc
Fix for bug #809849 spatial operations must be KILL-able.
checks for TERMINATED_STATE added.
sql/gcalc_slicescan.h
Fix for bug #809849 spatial operations must be KILL-able.
defines added to include checks for termination in the
library.
sql/gcalc_tools.cc
Fix for bug #809849 spatial operations must be KILL-able.
checks for TERMINATED_STATE added.
sql/gcalc_tools.h
Fix for bug #809849 spatial operations must be KILL-able.
TERMINATED_STATE pointers added.
sql/item_geofunc.cc
Fix for bug #809849 spatial operations must be KILL-able.
sql/item_geofunc.h
Fix for bug #809849 spatial operations must be KILL-able.
Line autointersection point was treated as if it doesn't belong to the line.
It's in some way logical, but seems to confuse people. Fixed.
per_file_comments:
mysql-test/r/gis-precise.result
bug 857087 Wrong result with ST_INTERSECTS and LINESTRINGs
test result updated.
mysql-test/t/gis-precise.test
bug 857087 Wrong result with ST_INTERSECTS and LINESTRINGs
test case added.
sql/gcalc_tools.cc
bug 857087 Wrong result with ST_INTERSECTS and LINESTRINGs
Point of line autointersection handled as it belongs to the line.
sql/gcalc_tools.h
bug 857087 Wrong result with ST_INTERSECTS and LINESTRINGs
Gcalc_function::set_i_state() added
855485 ST_CROSSES returns different result than PostGIS for overlapping polygons
855487 ST_WITHIN returns wrong result for partially overlapping polygons
855492 ST_WITHIN returns TRUE on point on the edge of a polygon
855497 ST_ENVELOPE of GEOMETRYCOLLECTION EMPTY returns NULL and not GEOMETRYCOLLECTION EMPTY
855503 ST_EQUALS reports TRUE between a POLYGON and a MULTILINESTRING
855505 ST_TOUCHES reports TRUE for intersecting polygon and linestring
Changed the way weird functions like Crosses or Touches treated.
Added BORDER handling to the Gcalc_function.
per-file comments:
mysql-test/r/gis-precise.result
GIS bugs fixed.
test result updated.
mysql-test/t/gis-precise.test
GIS bugs fixed.
test cases added.
sql/gcalc_slicescan.h
GIS bugs fixed.
sql/gcalc_tools.cc
GIS bugs fixed.
sql/gcalc_tools.h
GIS bugs fixed.
sql/item_create.cc
GIS bugs fixed.
sql/item_geofunc.cc
GIS bugs fixed.
sql/item_geofunc.h
GIS bugs fixed.
sql/spatial.cc
GIS bugs fixed.
849789 Second assertion `m_poly_borders->next' failed in Gcalc_operation_reducer::count_slice in maria-5.3-gis
849791 Fourth assertion `n > 0 && n < SINUSES_CALCULATED*2+1' in get_n_sincos
849789 Second assertion `m_poly_borders->next' failed in Gcalc_operation_reducer::count_slice in maria-5.3-gis
848901 Assertion `fabs(cur_isc->x-m_cur_intersection->x) + fabs(cur_isc->y-m_cur_intersection->y) < 0.000000000001' failed in Gcalc_scan_iterator::intersection_scan() in maria-5.3-gis
per-file comments:
mysql-test/r/gis-precise.result
test result updated.
mysql-test/r/gis.result
test result updated.
sql/gcalc_slicescan.cc
bugfixes.
sql/gcalc_slicescan.h
bugfixes.
sql/gcalc_tools.cc
bugfixes.
sql/gcalc_tools.h
bugfixes.
sql/item_geofunc.cc
bugfixes.
sql/spatial.cc
bugfixes.
Second smaller hole in the polygon got link to the bigger one as it's the
outer ring. Fixed by specifying the outer ring explicitly.
per-file comments:
mysql-test/r/gis-precise.result
Fix for bug #804266 Memory corruption/valgrind warning/crash in move_hole() with ST_UNION.
test result updated.
mysql-test/t/gis-precise.test
Fix for bug #804266 Memory corruption/valgrind warning/crash in move_hole() with ST_UNION.
test case added.
sql/gcalc_tools.cc
Fix for bug #804266 Memory corruption/valgrind warning/crash in move_hole() with ST_UNION.
specify the outer ring explicitly in the get_polygon_result parameter.
sql/gcalc_tools.h
Fix for bug #804266 Memory corruption/valgrind warning/crash in move_hole() with ST_UNION.
add the outer ring as a parameter to the get_polygon_result.
That crash happened with the complicated topology of the result.
If we found a hole in a polygon whose outside border was already
found, we need to paste the hole right after it and respectively
shift polygons after it. Also we need to update poly_position fields
in these polygons. That last thing wasn't properly done that led to the
crash.
To fix that we keep the list of the found polygons and update the
poly_positions that are bigger or equal to where we placed the next hole.
per-file comments:
mysql-test/r/gis-precise.result
bug #804305 Crash in wkb_get_double with ST_INTERSECTION.
test result updated.
mysql-test/t/gis-precise.test
bug #804305 Crash in wkb_get_double with ST_INTERSECTION.
test result added.
sql/gcalc_tools.cc
bug #804305 Crash in wkb_get_double with ST_INTERSECTION.
keep the list of the found polygons and update their poly_position fields respectively.
sql/gcalc_tools.h
bug #804305 Crash in wkb_get_double with ST_INTERSECTION.
Gcalc_result_receiver::move_hole interface changed.
