MDEV-37510: crash when tracing with max_sel_arg_weight equal to 1#4505
Conversation
bsrikanth-mariadb
force-pushed
the
11.4-MDEV-37510-crash_with_optimizer_max_sel_arg_weight_equal_1
branch
from
426c6e5 to
6fd75f1
Compare
| ) | ||
| ) | ||
| WHERE t1.c1 NOT IN (5, 6, 7); | ||
|
|
There was a problem hiding this comment.
I don't believe this is the minimal testcase.
Please try to reduce it as much as possible.
Tables need to have two records to avoid the "1-row table is const table" code path.
when one sees
CREATE TABLE t2 (c1 INT, c2 VARCHAR(10), c3 VARCHAR(10) DEFAULT NULL);
one wonders what is DEFAULT NULL there for? It's not needed in any case, please remove it.
There was a problem hiding this comment.
So I just took the above query and removed things that were irrelevant.
Please verify that the below still crashes and if yes , use it:
select * from
t1
JOIN
(
SELECT c1, c2, c3 FROM t2
UNION
SELECT c1, c2, c3 FROM t2
) dt1
ON ((t1.c1 = dt1.c1 OR dt1.c1 IS NULL) AND
(t1.c2 = dt1.c2 OR dt1.c3 IS NULL));There was a problem hiding this comment.
yes, it crashes. So, using it.
sql/opt_range.cc
Outdated
| { | ||
| obj.add("key1_field", key1->field->field_name); | ||
| obj.add("key1_weight", (longlong) key1->weight); | ||
| } |
There was a problem hiding this comment.
Please print key1_weight and key2_weight in any case.
| obj.add("key2_weight", (longlong) key2->weight); | ||
| } | ||
| else | ||
| obj.add("key2_type", (uint) key2->type); |
There was a problem hiding this comment.
it is non-intuitive which condition the SEL_ARG with key2_type=X was made of...
But I see that SEL_ARG::part might not be set either. Ok, let's not bother and just print 'key2_type'.
There was a problem hiding this comment.
I am thinking to print type and weight for both key1, and key2. Additionally if key1 type is RANGE then also print the field name. What do you think?
bsrikanth-mariadb
force-pushed
the
11.4-MDEV-37510-crash_with_optimizer_max_sel_arg_weight_equal_1
branch
from
6fd75f1 to
d16b655
Compare
| ) | ||
| ) | ||
| WHERE t1.c1 NOT IN (5, 6, 7); | ||
|
|
There was a problem hiding this comment.
So I just took the above query and removed things that were irrelevant.
Please verify that the below still crashes and if yes , use it:
select * from
t1
JOIN
(
SELECT c1, c2, c3 FROM t2
UNION
SELECT c1, c2, c3 FROM t2
) dt1
ON ((t1.c1 = dt1.c1 OR dt1.c1 IS NULL) AND
(t1.c2 = dt1.c2 OR dt1.c3 IS NULL));
bsrikanth-mariadb
force-pushed
the
11.4-MDEV-37510-crash_with_optimizer_max_sel_arg_weight_equal_1
branch
2 times, most recently
from
ebb86bf to
cc2cc8e
Compare
|
Hmm looks very suspicious. |
spetrunia
left a comment
spetrunia
left a comment
There was a problem hiding this comment.
This is because
if (key1->type == SEL_ARG::KEY_RANGE)
obj.add("key1_field", key1->field->field_name);
else
obj.add("key1_type", (uint) key1->type);
if (key1->type == SEL_ARG::KEY_RANGE) /// <<-- why key1->type? key2->type !
obj.add("key2_field", key2->field->field_name);
else
obj.add("key2_type", (uint) key2->type);
When the optimizer_max_sel_arg_weight is set to 1, a nested query crashed while tracing. SEL_ARG object has a field named 'field', that is not set when the type is other than KEY_RANGE. But, the field was accessed to store its name, and weight to the trace. This resulted in a crash due to NULL pointer. Added a check to access field if the type is KEY_RANGE, and if not, just trace the type.
bsrikanth-mariadb
force-pushed
the
11.4-MDEV-37510-crash_with_optimizer_max_sel_arg_weight_equal_1
branch
from
cc2cc8e to
be4e1ec
Compare
3 participants
When the optimizer_max_sel_arg_weight is set to 1, a nested query crashed while tracing.
SEL_ARG object has a field named 'field', that is not set when the type is other than KEY_RANGE. But, the field was accessed to store its name, and weight to the trace. This resulted in a crash due to NULL pointer.
Added a check to access field if the type is KEY_RANGE, and if not, just trace the type.