--Bug#52157 various crashes and assertions with multi-table update, stored function
--Bug#54475 improper error handling causes cascading crashing failures in innodb/ndb
--Bug#57703 create view cause Assertion failed: 0, file .\item_subselect.cc, line 846
--Bug#57352 valgrind warnings when creating view
--Recently discovered problem when a nested materialized derived table is used
before being populated and it leads to incorrect result
We have several modes when we should disable subquery evaluation.
The reasons for disabling are different. It could be
uselessness of the evaluation as in case of 'CREATE VIEW'
or 'PREPARE stmt', or we should disable subquery evaluation
if tables are not locked yet as it happens in bug#54475, or
too early evaluation of subqueries can lead to wrong result
as it happened in Bug#19077.
Main problem is that if subquery items are treated as const
they are evaluated in ::fix_fields(), ::fix_length_and_dec()
of the parental items as a lot of these methods have
Item::val_...() calls inside.
We have to make subqueries non-const to prevent unnecessary
subquery evaluation. At the moment we have different methods
for this. Here is a list of these modes:
1. PREPARE stmt;
We use UNCACHEABLE_PREPARE flag.
It is set during parsing in sql_parse.cc, mysql_new_select() for
each SELECT_LEX object and cleared at the end of PREPARE in
sql_prepare.cc, init_stmt_after_parse(). If this flag is set
subquery becomes non-const and evaluation does not happen.
2. CREATE|ALTER VIEW, SHOW CREATE VIEW, I_S tables which
process FRM files
We use LEX::view_prepare_mode field. We set it before
view preparation and check this flag in
::fix_fields(), ::fix_length_and_dec().
Some bugs are fixed using this approach,
some are not(Bug#57352, Bug#57703). The problem here is
that we have a lot of ::fix_fields(), ::fix_length_and_dec()
where we use Item::val_...() calls for const items.
3. Derived tables with subquery = wrong result(Bug19077)
The reason of this bug is too early subquery evaluation.
It was fixed by adding Item::with_subselect field
The check of this field in appropriate places prevents
const item evaluation if the item have subquery.
The fix for Bug19077 fixes only the problem with
convert_constant_item() function and does not cover
other places(::fix_fields(), ::fix_length_and_dec() again)
where subqueries could be evaluated.
Example:
CREATE TABLE t1 (i INT, j BIGINT);
INSERT INTO t1 VALUES (1, 2), (2, 2), (3, 2);
SELECT * FROM (SELECT MIN(i) FROM t1
WHERE j = SUBSTRING('12', (SELECT * FROM (SELECT MIN(j) FROM t1) t2))) t3;
DROP TABLE t1;
4. Derived tables with subquery where subquery
is evaluated before table locking(Bug#54475, Bug#52157)
Suggested solution is following:
-Introduce new field LEX::context_analysis_only with the following
possible flags:
#define CONTEXT_ANALYSIS_ONLY_PREPARE 1
#define CONTEXT_ANALYSIS_ONLY_VIEW 2
#define CONTEXT_ANALYSIS_ONLY_DERIVED 4
-Set/clean these flags when we perform
context analysis operation
-Item_subselect::const_item() returns
result depending on LEX::context_analysis_only.
If context_analysis_only is set then we return
FALSE that means that subquery is non-const.
As all subquery types are wrapped by Item_subselect
it allow as to make subquery non-const when
it's necessary.
mysql-test/r/derived.result:
test case
mysql-test/r/multi_update.result:
test case
mysql-test/r/view.result:
test case
mysql-test/suite/innodb/r/innodb_multi_update.result:
test case
mysql-test/suite/innodb/t/innodb_multi_update.test:
test case
mysql-test/suite/innodb_plugin/r/innodb_multi_update.result:
test case
mysql-test/suite/innodb_plugin/t/innodb_multi_update.test:
test case
mysql-test/t/derived.test:
test case
mysql-test/t/multi_update.test:
test case
mysql-test/t/view.test:
test case
sql/item.cc:
--removed unnecessary code
sql/item_cmpfunc.cc:
--removed unnecessary checks
--THD::is_context_analysis_only() is replaced with LEX::is_ps_or_view_context_analysis()
sql/item_func.cc:
--refactored context analysis checks
sql/item_row.cc:
--removed unnecessary checks
sql/item_subselect.cc:
--removed unnecessary code
--added DBUG_ASSERT into Item_subselect::exec()
which asserts that subquery execution can not happen
if LEX::context_analysis_only is set, i.e. at context
analysis stage.
--Item_subselect::const_item()
Return FALSE if LEX::context_analysis_only is set.
It prevents subquery evaluation in ::fix_fields &
::fix_length_and_dec at context analysis stage.
sql/item_subselect.h:
--removed unnecessary code
sql/mysql_priv.h:
--Added new set of flags.
sql/sql_class.h:
--removed unnecessary code
sql/sql_derived.cc:
--added LEX::context_analysis_only analysis intialization/cleanup
sql/sql_lex.cc:
--init LEX::context_analysis_only field
sql/sql_lex.h:
--New LEX::context_analysis_only field
sql/sql_parse.cc:
--removed unnecessary code
sql/sql_prepare.cc:
--removed unnecessary code
--added LEX::context_analysis_only analysis intialization/cleanup
sql/sql_select.cc:
--refactored context analysis checks
sql/sql_show.cc:
--added LEX::context_analysis_only analysis intialization/cleanup
sql/sql_view.cc:
--added LEX::context_analysis_only analysis intialization/cleanup
On this platform we seem to get lots of other signals
while waiting for SIGKILL to be delivered.
Solution: use sigsuspend(<all signals blocked>)
dbug/dbug.c:
New function _db_suicide_() which does kill(myself, -9) and then waits forever.
include/my_dbug.h:
Let DBUG_SUICE wait forever until the KILL signal is delivered, and process dies.
Auto increment value wraps when performing a bulk insert with
auto_increment_increment and auto_increment_offset greater than
one.
The fix:
If overflow happened then return MAX_ULONGLONG value as an
indication of overflow and check this before storing the
value into the field in update_auto_increment().
mysql-test/r/auto_increment.result:
test case
mysql-test/suite/innodb/r/innodb-autoinc.result:
test case fix
mysql-test/suite/innodb/t/innodb-autoinc.test:
test case fix
mysql-test/suite/innodb_plugin/r/innodb-autoinc.result:
test case fix
mysql-test/suite/innodb_plugin/t/innodb-autoinc.test:
test case fix
mysql-test/t/auto_increment.test:
test case
sql/handler.cc:
If overflow happened then return MAX_ULONGLONG value as an
indication of overflow and check this before storing the
value into the field in update_auto_increment().
Explain fails at fix_fields stage and some items are left unfixed,
particulary Item_group_concat. Item_group_concat::orig_args field
is uninitialized in this case and Item_group_concat::print call
leads to crash.
The fix:
move the initialization of Item_group_concat::orig_args
into constructor.
mysql-test/r/func_gconcat.result:
test case
mysql-test/t/func_gconcat.test:
test case
sql/item_sum.cc:
move the initialization of Item_group_concat::orig_args
into constructor.
DROP/CREATE SCHEMA, CREATE TABLE, REPAIR.
The cause of assert was concurrent execution of
DROP DATABASE and REPAIR TABLE where first statement
deleted table's file .TMD at the same time as
REPAIR TABLE tried to read file details from the old file
that was just removed.
Additionally was fixed trouble when DROP TABLE try delete
all files belong to table being dropped at the same time
when REPAIR TABLE statement has just deleted .TMD file.
No regression test added because this would require adding a
sync point to mysys/my_redel.c. Since this bug is not present in
5.5+, adding test coverage was considered unnecessary.
The patch has been verified using RQG testing.
sql/sql_db.cc:
mysql_rm_known_files() modified: ignore possible ENOENT error
when trying delete all table's files. Such aggressive
algorithm permits skip already deleted (in another thread)
files.
Installation of Drop_table_error_handler as internal error handler
moved from mysql_rm_db() to mysql_rm_knowns_files() near to place
where source of possible errors (call to mysql_rm_table_part2) located.
storage/myisam/mi_check.c:
mi_repair() was modified: set param->retry_repair= 0
in order to don't call following failover procedure
in ha_myisam::repair().
mysql-trunk-innodb in rev revno: 3367 Tue 2010-12-07 02:25:25-0800.
The crash happens only when lower_case_table_names=2, such as on MacOS,
when running the new testcase innodb-system-table-view. Specifically,
it crashes when any query is made against the INFORMATION_SCHEMA.
INNODB_SYS_FOREIGN table. The function dict_process_sys_foreign_rec()
is only used for displaying SYS_FOREIGN records so it does not need a
lookup version of those names to be allocated. In this patch, those new
function calls are deleted.
mysqltest checks if the stmt is one that should be run in ps mode,
but regexp doesn't match if preceeded by /* */ comment.
Fix: match function will jump over /*..*/ if found at start
Backported use of setenv() from 5.5
This will remove the leak on systems that have setenv()
I have not fixed the string.c leak, it's a local variable
that the cleanup function cannot access.
Var's string value was not 0-terminated if intially null.
While at it, also removed some reported memory leaks
Added sanity check, setting val_len=0 if val==0
my_seek() and my_tell() functions now honour MY_WME flag.
include/mysys_err.h:
Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
- EE_CANT_SEEK added, used in my_seek() and my_tell() functions.
mysys/errors.c:
Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
- EE_CANT_SEEK added, used in my_seek() and my_tell() functions.
mysys/my_seek.c:
Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
- my_seek() and my_tell() handle MY_WME flag.
mysys/my_symlink.c:
Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
- __attribute__((unused)) removed, as myf MyFlags is
actually used in the my_realpath() function.
storage/myisam/ha_myisam.cc:
Fix for bug#48451: my_seek and my_tell ignore MY_WME flag
- check my_seek() result.
Fixed the references to security_ctx->priv_user
to be real char * pointers instead of a C array name reference.
This is somehow important for some 3d party
dtrace replacements
include/mysql/plugin_audit.h:
Connection auditing class.
include/mysql/plugin_audit.h.pp:
Connection auditing class.
sql/mysqld.cc:
Notify disconnect to auditing.
sql/sql_audit.cc:
Connection class event dispatcher.
sql/sql_audit.h:
mysql_audit_notify() is not available in embedded.
sql/sql_connect.cc:
Notify connect to auditing.
sql/sql_parse.cc:
Notify user change to auditing.
On this platform we seem to get lots of other signals
while waiting for SIGKILL to be delivered.
Solution: use sigsuspend(<all signals blocked>)
dbug/dbug.c:
New function _db_suicide_() which does kill(myself, -9) and then waits forever.
include/my_dbug.h:
Let DBUG_SUICE wait forever until the KILL signal is delivered, and process dies.
when semijoin=on
When setting the aggregate function as having no rows to report
the function no_rows_in_result() was calling Item_sum::reset().
However this function in addition to cleaning up the aggregate
value by calling aggregator_clear() was also adding the current
value to the aggregate value by calling aggregator_add().
Fixed by making no_rows_in_result() to call aggregator_clear()
directly.
Renamed Item_sum::reset to Item_sum::reset_and_add() to
and added a comment to avoid misinterpretation of what the
function does.
Before this fix, the output of SHOW ENGINE PERFORMANCE_SCHEMA STATUS
used uppercase to name performance schema tables.
This is inconsistent since performance schema tables have been renamed to lowercase.
Also, an old table 'PROCESSLIST' was still visible,
even after this table got renamed to 'threads'.
This fix:
- correctly uses lowercases in the output, to match the current naming.
- replaced 'PROCESSLIST' with 'threads'.
Tested the output of SHOW ENGINE PERFORMANCE_SCHEMA STATUS manually.
No automated test cases can be written for this,
since the output is too platform dependent (sizes).
Manual merge from mysql-5.1-bugteam into mysql-5.5-bugteam.
Conflicts
=========
Text conflict in sql/log.cc
Text conflict in sql/log.h
Text conflict in sql/slave.cc
Text conflict in sql/sql_parse.cc
Text conflict in sql/sql_priv.h
when there was one NULL value, AVG(DISTINCT) could forget about other values.
See commit comment of item_sum.cc.
mysql-test/r/func_group.result:
before the code fix, both SELECTs would return NULL
sql/item_sum.cc:
Assume we are executing "SELECT AVG([DISTINCT] some_field) FROM some_table".
and some_field is the single field of some_table for simplicity.
Each time a row is processed (evaluate_join_record()->
end_send_group()->update_sum_func()) an aggregator is notified,
which itself notifies an Item_sum_avg.
Without DISTINCT, this Item_sum_avg immediately increments its
internal "sum of values" and "count of values" (the latter being
Item_sum_avg::count). The count is incremented only if the row's value
is not NULL (in Item_sum_avg::add()), per AVG() semantices. This row's value
is available in args[0] of Item_sum_avg ("args[0]" stands for
"the first argument of the item": it's an Item_field which automatically
receives the row's value when a row is read from the table).
bool Item_sum_avg::add()
{
if (Item_sum_sum::add()) << calculates the sum (ignores NULL)
return TRUE;
if (!args[0]->null_value)<<if added value is not NULL
count++; <<increment "count"
return FALSE;
}
and everything works.
With DISTINCT, when a row is processed by evaluate_join_record(),
Item_sum_avg does no immediate computation, rather stores
the row's value in a tree (to throw the value away if it is a duplicate
of previous value, otherwise to remember all
distinct values). It's only when it's time to send the average to the
user (at end of the query:
sub_select(end_of_records=true)->end_send_group()->
select_send->send_data()->Protocol::send_result_set_row()->
Item::send()->Item_sum_avg->val_str()), that we iterate over the tree,
compute the sum and count: for this, for each element of the tree,
Item_sum_avg::add() is called and has the same two steps as before:
* Item_sum_sum::add() updates the sum (finding the tree element's value
correctly, and determining correctly its NULLness - look for "arg_is_null"
in that function)
* the "if (!args[0]->null_value)" test right after, breaks: it uses args[0],
which isn't the tree's element but rather the value for the last row
processed by evaluate_join_record(). So if that last row was NULL,
"count" stays 0 for each row, and AVG() then returns NULL (count==0 =>
NULL, per AVG() semantics).
The fix is to let the aggregator tell whether the value
it just saw was NULL. The aggregator knows where to get the info
thanks to virtual functions. Item_sum_sum::add() now asks
the aggregator. Item_sum_avg() also asks the aggregator
and then knows it shouldn't increment "count".
sql/item_sum.h:
Aggregator can now tell about value/NULLness of just-aggregated value
