Commit graph

13 commits

Author SHA1 Message Date
unknown
18801aa829 Bug#20906 (Multiple assignments in SET in stored routine produce incorrect
instructions)

This bug can not be reproduced in the current version,
adding the test case to the test suite for coverage, no code change.


mysql-test/r/sp-code.result:
  Bug#20906 (Multiple assignments in SET in stored routine produce incorrect
  instructions)
mysql-test/t/sp-code.test:
  Bug#20906 (Multiple assignments in SET in stored routine produce incorrect
  instructions)
2008-03-25 11:20:11 -06:00
unknown
e6a077e348 Bug#33618 (Crash in sp_rcontext)
Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)

The server used to crash when REPEAT or another control instruction
was used in conjunction with labels and a LEAVE instruction.

The crash was caused by a missing "pop" of handlers or cursors in the
code representing the stored program. When executing the code in a loop,
this missing "pop" would result in a stack overflow, corrupting memory.

Code generation has been fixed to produce the missing h_pop/c_pop
instructions.

Also, the logic checking that labels at the beginning and the end of a
statement are matched was incorrect, causing Bug 33983.
End labels, when used, must match the label used at the beginning of a block.


mysql-test/r/sp-code.result:
  Bug#33618 (Crash in sp_rcontext)
mysql-test/r/sp-error.result:
  Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)
mysql-test/r/sp.result:
  Bug#33618 (Crash in sp_rcontext)
mysql-test/t/sp-code.test:
  Bug#33618 (Crash in sp_rcontext)
mysql-test/t/sp-error.test:
  Bug 33983 (Stored Procedures: wrong end <label> syntax is accepted)
mysql-test/t/sp.test:
  Bug#33618 (Crash in sp_rcontext)
sql/sp_head.cc:
  Bug#33618 (Crash in sp_rcontext)
sql/sp_head.h:
  Bug#33618 (Crash in sp_rcontext)
sql/sp_rcontext.cc:
  Bug#33618 (Crash in sp_rcontext)
sql/sp_rcontext.h:
  Bug#33618 (Crash in sp_rcontext)
sql/sql_yacc.yy:
  Bug#33618 (Crash in sp_rcontext)
2008-01-23 13:26:41 -07:00
unknown
72569cc66d Bug#26977 exception handlers never hreturn
- In some cases, flow control optimization implemented in sp::optimize
    removes hreturn instructions, causing SQL exception handlers to:
      * never return
      * execute wrong logic
  - This patch overrides default short cut optimization on hreturn instructions
    to avoid this problem.


mysql-test/r/sp-code.result:
  Added test case
mysql-test/t/sp-code.test:
  Added test case
sql/sp_head.cc:
  Override opt_mark to get correct execution paths without jump short cut 
  optimization.
sql/sp_head.h:
  Added override sp_instr_hreturn::opt_shortcut_jump so that jump short cuts aren't
  performed on hreturn instructions operating on handlers which are set to CONTINUE
  after interruption.
2007-05-07 10:23:10 +02:00
unknown
609277f942 Bug#23491 MySQLDump prefix function call in a view by database name
- mysqldump executes a SHOW CREATE VIEW statement to generate the text
that it outputs.  When the function name is retrieved it's database 
name is unconditionally prepended.  This change causes the function's 
database name to be prepended only when it was used to define the 
function.


mysql-test/r/information_schema.result:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Updated Results.
mysql-test/r/mysqldump.result:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Added new results.
mysql-test/r/sp-code.result:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Updated Results.
mysql-test/r/udf.result:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Updated Results.
mysql-test/t/mysqldump.test:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Added new testcase.
sql/item_func.cc:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Use new m_explicit_name member when deciding whether or not to prepend
  the db name while building the function name.
sql/sp.cc:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Use new sp_name constructor.
sql/sp_head.h:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Add m_explicit_name member to sp_name object.
  - Redefined sp_name constructor to include new member.
sql/sql_yacc.yy:
  Bug#23491 MySQLDump prefix function call in a view by database name
  - Use new sp_name constructors.
2007-03-27 12:31:44 -04:00
unknown
acef88bee3 Merge mysql.com:/home/gluh/MySQL/Merge/5.0
into  mysql.com:/home/gluh/MySQL/Merge/5.0-opt


mysql-test/r/func_in.result:
  Auto merged
mysql-test/r/range.result:
  Auto merged
mysql-test/r/sp-code.result:
  Auto merged
mysql-test/t/func_in.test:
  Auto merged
mysql-test/t/range.test:
  Auto merged
mysql-test/t/trigger.test:
  Auto merged
mysql-test/t/view.test:
  Auto merged
sql/item.cc:
  Auto merged
sql/item_func.cc:
  Auto merged
sql/mysql_priv.h:
  Auto merged
sql/sql_insert.cc:
  Auto merged
sql/sql_lex.cc:
  Auto merged
sql/sql_lex.h:
  Auto merged
sql/sql_prepare.cc:
  Auto merged
sql/sql_select.cc:
  Auto merged
sql/sql_table.cc:
  Auto merged
mysql-test/r/select.result:
  manual merge
mysql-test/r/view.result:
  manual merge
mysql-test/t/select.test:
  manual merge
2007-01-23 14:08:58 +04:00
unknown
af32168623 Fixed bug #25580: incorrect stored representations of views in cases
when they contain the '!' operator.
Added an implementation for the method Item_func_not::print. 
The method encloses any NOT expression into extra parentheses to avoid
incorrect stored representations of views that use the '!' operators.
Without this change when a view was created that contained
the expression !0*5  its stored representation contained not this
expression but rather the expression not(0)*5 . 
The operator '!' is of a higher precedence than '*', while NOT is 
of a lower precedence than '*'. That's why the expression !0*5 
is interpreted as not(0)*5, while the expression not(0)*5 is interpreted
as not((0)*5) unless sql_mode is set to HIGH_NOT_PRECEDENCE.
Now we translate !0*5 into (not(0))*5. 


mysql-test/r/sp-code.result:
  Adjusted results after the fix of bug 25580.
mysql-test/r/subselect.result:
  Adjusted results after the fix of bug 25580.
mysql-test/r/view.result:
  Added a test case for bug #25580.
mysql-test/t/view.test:
  Added a test case for bug #25580.
sql/item_cmpfunc.cc:
  Fixed bug #25580: incorrect stored representations of views in cases
  when they contain the '!' operator.
  Added an implementation for the method Item_func_not::print. 
  The method encloses the NOT expression into extra parenthesis to avoid
  incorrect stored representations of views that use the '!' operators.
sql/item_cmpfunc.h:
  Fixed bug #25580: incorrect stored representations of views in cases
  when they contain the '!' operator.
  Added an implementation for the method Item_func_not::print. 
  The method encloses the NOT expression into extra parenthesis to avoid
  incorrect stored representations of views that use the '!' operators.
2007-01-17 20:13:45 -08:00
unknown
476eaae84d Bug#19194 (Right recursion in parser for CASE causes excessive stack usage,
limitation)

Note to the reviewer
====================

Warning: reviewing this patch is somewhat involved.
Due to the nature of several issues all affecting the same area,
fixing separately each issue is not practical, since each fix can not be
implemented and tested independently.
In particular, the issues with
- rule recursion
- nested case statements
- forward jump resolution (backpatch list)
are tightly coupled (see below).

Definitions
===========

The expression
  CASE expr
  WHEN expr THEN expr
  WHEN expr THEN expr
  ...
  END
is a "Simple Case Expression".

The expression
  CASE
  WHEN expr THEN expr
  WHEN expr THEN expr
  ...
  END
is a "Searched Case Expression".

The statement
  CASE expr
  WHEN expr THEN stmts
  WHEN expr THEN stmts
  ...
  END CASE
is a "Simple Case Statement".

The statement
  CASE
  WHEN expr THEN stmts
  WHEN expr THEN stmts
  ...
  END CASE
is a "Searched Case Statement".

A "Left Recursive" rule is like
  list:
      element
    | list element
    ;

A "Right Recursive" rule is like
  list:
      element
    | element list
    ;

Left and right recursion produces the same language, the difference only
affects the *order* in which the text is parsed.

In a descendant parser (usually written manually), right recursion works
very well, and is typically implemented with a while loop.
In an ascendant parser (yacc/bison) left recursion works very well,
and is implemented naturally by the parser stack.
In both cases, using the wrong type or recursion is very bad and should be
avoided, as it causes technical issues with the parser implementation.

Before this change
==================

The "Simple Case Expression" and "Searched Case Expression" were both
implemented by the "when_list" and "when_list2" rules, which are left
recursive (ok).

These rules, however, used lex->when_list instead of using the parser stack,
which is more complex that necessary, and potentially dangerous because
of other rules using THD::reset_lex.

The "Simple Case Statement" and "Searched Case Statements" were implemented
by the "sp_case", "sp_whens" and in part by "sp_proc_stmt" rules.
Both cases were right recursive (bad).

The grammar involved was convoluted, and is assumed to be the results of
tweaks to get the code generation to work, but is not what someone would
naturally write.

In addition, using a common rule for both "Simple" and "Searched" case
statements was implemented with sp_head::m_flags |= IN_SIMPLE_CASE,
which is a flag and not a stack, and therefore does not take into account
*nested* case statements. This leads to incorrect generated code, and either
a server crash or an incorrect result.

With regards to the backpatch mechanism, a *different* backpatch list was
created for each jump from "WHEN expr THEN stmt" to "END CASE", which
relied on the grammar to be right recursive.
This is a mis-use of the backpatch list, since this list can resolve
multiple references to the same target at once.

The optimizer algorithm used to detect dead code in the "assembly" SQL
instructions, implemented by sp_head::opt_mark(uint ip), was recursive
in some cases (a conditional jump pointing forward to another conditional
jump).
In case of specially crafted code, like
- a long list of "IF expr THEN stmt END IF"
- a long CASE statement
this would actually cause a server crash with a stack overflow.
In general, having a stack that grows proportionally with user data (the
SQL code given by the client in a CREATE PROCEDURE) is to be avoided.

In debug builds only, creating a SP / SF / Trigger which had a significant
amount of code would spend --literally-- several minutes in sp_head::create,
because of the debug code involved with DBUG_PRINT("info", ("Code %s ...
There are several issues with this code:
- in a CASE with 5 000 WHEN, there are 15 000 instructions generated,
  which create a sting representation of the code which is 500 000 bytes
  long,
- using a String instead of an io stream causes performances to degrade
  to a total server freeze, as time is spent doing realloc of a buffer
  always too short,
- Printing a 500 000 long string in the debug log is too verbose,
- Generating this string even when DBUG_PRINT is off is useless,
- Having code that potentially can affect the server behavior, used with
  #ifdef / #endif is useful in some cases, but is also a bad practice.

After this change
=================

"Case Expressions" (both simple and searched) have been simplified to
not use LEX::when_list, which has been removed.

Considering all the issues affecting case statements, the grammar for these
has been totally re written.

The existing actions, used to generate "assembly" sp_inst* code, have been
preserved but moved in the new grammar, with the following changes:

a) Bison rules are no longer shared between "Simple" and "Searched" case
statements, because a stack instead of a flag is required to handle them.
Nested statements are handled naturally by the parser stack, which by
definition uses the correct rule in the correct context.
Nested statements of the opposite type (simple vs searched) works correctly.
The flag sp_head::IN_SIMPLE_CASE is no longer used.
This is a step towards resolution of WL#2999, which correctly identified
that temporary parsing flags do not belong to sp_head.
The code in the action is shared by mean of the case_stmt_action_xxx()
helpers.

b) The backpatch mechanism, used to resolve forward jumps in the generated
code, has been changed to:
- create a label for the instruction following 'END CASE',
- register each jump at the end of a "WHEN expr THEN stmt" in a *unique*
  backpatch list associated with the 'END CASE' label
- resolve all the forward jumps for this label at once.

In addition, the code involving backpatch has been commented, so that a
reader can now understand by reading matching "Registering" and "Resolving"
comments how the forward jumps are resolved and what target they resolve to,
as this is far from evident when reading the code alone.

The implementation of sp_head::opt_mark() has been revised to avoid
recursive calls from jump instructions, and instead add the jump location
to the list of paths to explore during the flow analysis of the instruction
graph, with a call to sp_head::add_mark_lead().
In addition, the flow analysis will stop if an instruction has already
been marked as reachable, which the previous code failed to do in the
recursive case.
sp_head::opt_mark() is now private, to prevent new calls to this method from
being introduced.

The debug code present in sp_head::create() has been removed.
Considering that SHOW PROCEDURE CODE is also available in debug builds,
and can be used anytime regardless of the trace level, as opposed to
"CREATE PROCEDURE" time and only if the trace was on,
removing the code actually makes debugging easier (usable trace).

Tests have been written to cover the parser overflow (big CASE),
and to cover nested CASE statements.


mysql-test/r/sp-code.result:
  Test cases for nested CASE statements.
mysql-test/t/sp-code.test:
  Test cases for nested CASE statements.
sql/sp_head.cc:
  Re factored opt_mark() to avoid recursion, clean up.
sql/sp_head.h:
  Re factored opt_mark() to avoid recursion, clean up.
sql/sql_lex.cc:
  Removed when_list.
sql/sql_lex.h:
  Removed when_list.
sql/sql_yacc.yy:
  Minor clean up for case expressions,
  Major re write for case statements (Bug#19194).
mysql-test/r/sp_stress_case.result:
  New test for massive CASE statements.
mysql-test/t/sp_stress_case.sh:
  New test for massive CASE statements.
mysql-test/t/sp_stress_case.test:
  New test for massive CASE statements.
2006-11-17 12:14:29 -07:00
unknown
7733615d8d Bug#19207: Final parenthesis omitted for CREATE INDEX in Stored Procedure
Wrong criteria was used to distinguish the case when there was no
lookahead performed in the parser.  Bug affected only statements
ending in one-character token without any optional tail, like CREATE
INDEX and CALL.


mysql-test/r/sp-code.result:
  Add result for bug#19207: Final parenthesis omitted for CREATE INDEX
  in Stored Procedure
mysql-test/t/sp-code.test:
  Add test case for bug#19207: Final parenthesis omitted for CREATE INDEX
  in Stored Procedure
sql/sql_yacc.yy:
  Use (yychar == YYEMPTY) as the criteria of whether lookahead was not
  performed.
2006-07-07 21:24:54 +04:00
unknown
466c30c11f Updated sp-code.result after merge (BUG#16568)
mysql-test/r/sp-code.result:
  Updated result after merge (BUG#16568)
2006-02-06 16:05:46 +01:00
unknown
7ee65fcf85 Fixed BUG#15737: Stored procedure optimizer bug with LEAVE
Second version.
  The problem was that the optimizer didn't work correctly with forwards jumps
  to "no-op" hpop and cpop instructions.
  Don't generate "no-op" instructions (hpop 0 and cpop 0), it isn't actually
  necessary.


mysql-test/r/sp-code.result:
  Updated results for new test case (BUG#15737)
mysql-test/t/sp-code.test:
  New test case (BUG#15737)
sql/sp_head.cc:
  Removed backpatch methods from sp_instr_hpop/cpop, since they're not needed any more.
  Added more documentation to sp_head::optimize()
sql/sp_head.h:
  Removed backpatch and opt_mark methods from sp_instr_hpop/cpop, since they're not needed
  any more.
  Added comments to optimizer methods in sp_instr.
sql/sql_yacc.yy:
  Don't generate "no-op" hpop and cpop instructions for LEAVE, it's not necessary.
  Just generate them when needed.
2006-01-25 15:11:49 +01:00
unknown
c5216f4eee Post-merge fixes (BUG#14498)
mysql-test/r/sp-code.result:
  Post-merge fix; updated result.
mysql-test/t/sp.test:
  Post-merge fix; added comment (still can't call bug14498_4 test)
2006-01-16 17:55:22 +01:00
unknown
e99f14e73b Removed forgotten test line in sp-code.test.
mysql-test/r/sp-code.result:
  Removed forgotten test line.
mysql-test/t/sp-code.test:
  Removed forgotten test line.
2005-11-18 18:05:04 +01:00
unknown
6726a6b8b9 Post-review fixes, mainly fixing all print() methods for sp_instr* classes.
Also added mysql-test files:
 include/is_debug_build.inc
 r/is_debug_build.require
 r/sp-code.result
 t/sp-code.test


sql/sp_head.cc:
  Review fixes:
  - Some minor editorial changes
  - Fixed all print() methods for instructions:
    - reserve() enough space
    - check return value from reserve()
    - use qs_append, with length arg, whenever possible
sql/sp_pcontext.cc:
  Review fixes.
  Also fixed bug in find_cursor().
sql/sp_pcontext.h:
  Changed parameter names (review fix).
sql/sql_parse.cc:
  Moved comment. (Review fix)
mysql-test/include/is_debug_build.inc:
  New BitKeeper file ``mysql-test/include/is_debug_build.inc''
mysql-test/r/is_debug_build.require:
  New BitKeeper file ``mysql-test/r/is_debug_build.require''
mysql-test/r/sp-code.result:
  New BitKeeper file ``mysql-test/r/sp-code.result''
mysql-test/t/sp-code.test:
  New BitKeeper file ``mysql-test/t/sp-code.test''
2005-11-18 16:30:27 +01:00