Segfault - operator= (join=0x1fd0fd8, tables=<value optimized out>, conds=<value optimized out>, keyuse_array=<value optimized out>) at ./drizzled/join_table.h:73

Test case (sorry it is still pretty large, but automated simplification isn't working yet):

DROP TABLE IF EXISTS `p`;
CREATE TABLE `p` (
  `pk` int NOT NULL AUTO_INCREMENT,
  `col_int_key` int DEFAULT NULL,
  PRIMARY KEY (`pk`),
  KEY `col_int_key` (`col_int_key`)
) ENGINE=InnoDB;

ALTER TABLE `p` DISABLE KEYS;
INSERT INTO `p` VALUES (1,NULL),(2,261947392),(3,-1761017856),(4,NULL),(5,NULL),(6,NULL),(7,1941635072),(8,-610992128),(9,NULL),(10,-1486618624),(11,1047199744),(12,5),(13,2),(14,NULL),(15,NULL),(16,-828899328),(17,5),(18,NULL),(19,-1573322752),(20,NULL),(21,1),(22,1080360960),(23,NULL),(24,9),(25,243335168),(26,NULL),(27,2),(28,351469568),(29,NULL),(30,0),(31,1626865664),(32,NULL),(33,NULL),(34,6),(35,NULL),(36,6),(37,NULL),(38,838598656),(39,-1732706304),(40,-120061952),(41,NULL),(42,3),(43,2),(44,8),(45,-1234436096),(46,4),(47,-1542324224),(48,NULL),(49,1607073792),(50,0),(51,9),(52,NULL),(53,NULL),(54,-921174016),(55,-184877056),(56,NULL),(57,-1291059200),(58,0),(59,NULL),(60,565379072),(61,NULL),(62,506855424),(63,NULL),(64,NULL),(65,NULL),(66,5),(67,5),(68,5),(69,2),(70,6),(71,NULL),(72,9),(73,7),(74,-2108555264),(75,6),(76,1057095680),(77,8),(78,-409468928),(79,-438960128),(80,-939393024),(81,-927203328),(82,NULL),(83,-1834680320),(84,NULL),(85,1984561152),(86,8),(87,NULL),(88,8),(89,-326500352),(90,NULL),(91,4),(92,NULL),(93,NULL),(94,-1369833472),(95,NULL),(96,0),(97,31260672),(98,NULL),(99,NULL),(100,0);
ALTER TABLE `p` ENABLE KEYS;

DROP TABLE IF EXISTS `n`;
CREATE TABLE `n` (
  `pk` int NOT NULL AUTO_INCREMENT,
  `col_varchar_10_key` varchar(10) DEFAULT NULL,
  PRIMARY KEY (`pk`),
  KEY `col_varchar_10_key` (`col_varchar_10_key`)
) ENGINE=InnoDB;

ALTER TABLE `n` DISABLE KEYS;
INSERT INTO `n` VALUES (1,'rdtxodtcmi'),(2,'corrdtxodt'),(3,'v'),(4,'dcorrdtxod'),(5,'s'),(6,'my'),(7,'e'),(8,'qxszmrdcor'),(9,'bqxszmrdco'),(10,'wbqxszmrdc'),(11,'v'),(12,'kywbqxszmr'),(13,'v'),(14,'lngrakywbq'),(15,'umtlngraky'),(16,'could'),(17,'peiywumtln'),(18,'will'),(19,'tell'),(20,'w'),(21,'jenpeiywum'),(22,'cejenpeiyw'),(23,'x'),(24,'vxcejenpei');
ALTER TABLE `n` ENABLE KEYS;

DROP TABLE IF EXISTS `d`;
CREATE TABLE `d` (
  `pk` int NOT NULL AUTO_INCREMENT,
  `col_varchar_10` varchar(10) DEFAULT NULL,
  PRIMARY KEY (`pk`)
) ENGINE=InnoDB;

ALTER TABLE `d` DISABLE KEYS;
INSERT INTO `d` VALUES (1,'f'),(2,'zdvoleqxer'),(3,'i'),(4,'u'),(5,'q');
ALTER TABLE `d` ENABLE KEYS;

DROP TABLE IF EXISTS `h`;
CREATE TABLE `h` (
  `col_varchar_10` varchar(10) DEFAULT NULL,
  `pk` int NOT NULL AUTO_INCREMENT,
  `col_varchar_10_key` varchar(10) DEFAULT NULL,
  `col_int_key` int DEFAULT NULL,
  PRIMARY KEY (`pk`),
  KEY `col_varchar_10_key` (`col_varchar_10_key`),
  KEY `col_int_key` (`col_int_key`)
) ENGINE=InnoDB;

ALTER TABLE `h` DISABLE KEYS;
INSERT INTO `h` VALUES ('n',1,'rshrrbmsyd',4),('h',2,'okay',NULL),('ok',3,'i',-802095104),('just',4,'z',6),('hfnrshrrbm',5,'his',8),('f',6,'xhfnrshrrb',1),('h',7,'wxhfnrshrr',7),('wtwxhfnrsh',8,'v',7),('of',9,'cwtwxhfnrs',-1258487808);
ALTER TABLE `h` ENABLE KEYS;

DROP TABLE IF EXISTS `a`;
CREATE TABLE `a` (
  `pk` int NOT NULL AUTO_INCREMENT,
  PRIMARY KEY (`pk`)
) ENGINE=InnoDB;

DROP TABLE IF EXISTS `k`;
CREATE ...

Disregard my earlier comment about this possibly sharing a root cause with Bug#586578. Checking the backtrace of both bugs shows two different causes.

Hi!

If you have a test case can you push it up to LP so that I can pull it into my tree?

Thanks!
 -Brian

On Jun 10, 2010, at 4:17 PM, Patrick Crews wrote:

> Disregard my earlier comment about this possibly sharing a root cause
> with Bug#586578. Checking the backtrace of both bugs shows two
> different causes.
>
> ** Changed in: drizzle
> Status: New => Confirmed
>
> ** Changed in: drizzle
> Importance: Undecided => Medium
>
> --
> Segfault - operator= (join=0x1fd0fd8, tables=<value optimized out>, conds=<value optimized out>, keyuse_array=<value optimized out>) at ./drizzled/join_table.h:73
> https://bugs.launchpad.net/bugs/592444
> You received this bug notification because you are a member of Drizzle-
> developers, which is subscribed to Drizzle.
>
> Status in A Lightweight SQL Database for Cloud and Web: Confirmed
>
> Bug description:
> We are seeing a segfault here for certain queries - particularly those generated by the randgen grammar outer_join_drizzle.yy (large, multi-table JOIN operations with other assorted nastiness).
>
> Test case is forthcoming.
>
> Backtrace:
>
> #0 operator= (join=0x1fd0fd8, tables=<value optimized out>, conds=<value optimized out>, keyuse_array=<value optimized out>) at ./drizzled/join_table.h:73
> #1 get_best_combination (join=0x1fd0fd8, tables=<value optimized out>, conds=<value optimized out>, keyuse_array=<value optimized out>) at drizzled/join.cc:3215
> #2 make_join_statistics (join=0x1fd0fd8, tables=<value optimized out>, conds=<value optimized out>, keyuse_array=<value optimized out>) at drizzled/join.cc:5881
> #3 0x0000000000591c99 in drizzled::Join::optimize (this=0x1fd0fd8) at drizzled/join.cc:559
> #4 0x00000000006147a5 in drizzled::mysql_select (session=0x7f58fc12a0d0, rref_pointer_array=<value optimized out>, tables=0x1d4f768, wild_num=0, fields=..., conds=0x20000500004008,
> og_num=4, order=0x0, group=0x1f54328, having=0x0, select_options=2147500040, result=0x1f547f0, unit=0x7f58fc12ab38, select_lex=0x7f58fc12ad48) at drizzled/sql_select.cc:412
> #5 0x0000000000615120 in drizzled::handle_select (session=0x7f58fc12a0d0, lex=0x7f58fc12ab18, result=0x1f547f0, setup_tables_done_option=0) at drizzled/sql_select.cc:146
> #6 0x000000000060ecd5 in drizzled::execute_sqlcom_select (session=0x7f58fc12a0d0, all_tables=0x1d4f768) at drizzled/sql_parse.cc:543
> #7 0x000000000060e94e in mysql_execute_command (session=0x7f58fc12a0d0, inBuf=<value optimized out>, length=<value optimized out>) at drizzled/sql_parse.cc:478
> #8 drizzled::mysql_parse (session=0x7f58fc12a0d0, inBuf=<value optimized out>, length=<value optimized out>) at drizzled/sql_parse.cc:733
> #9 0x0000000000610b12 in drizzled::dispatch_command (command=drizzled::COM_QUERY, session=0x7f58fc12a0d0,
> packet=0x7f58fc12b831 " SELECT SQL_SMALL_RESULT table1 . `col_int` AS field1 , table2 . `col_int` AS field2 , table1 . `col_int` AS field3 , table2 . `pk` AS field4 FROM p AS table1 LEFT JOIN n AS table2 LEFT JOI"..., packet_length=<value optimized out>) at drizzled/sql_parse.cc:223
> #10 0x00000000005de61f in drizzled::Session::executeStatement (this=0x7f58fc12a0d0) at drizzled/session.cc:694
> #11...

Attached the branch based off lp:drizzle - https://code.launchpad.net/~patrick-crews/drizzle/bug592444

The test case is tests/t/bug592444.test

Crash is not present in MySQL 5.1

join->best_positions does not have all the tables.
Looking into why table8 is missing..

(gdb) p join->best_positions[0]->table->table->alias
$24 = 0x9025728 "table1"
(gdb) p join->best_positions[1]->table->table->alias
$25 = 0x903bda0 "table5"
(gdb) p join->best_positions[2]->table->table->alias
$26 = 0x90409f0 "table4"
(gdb) p join->best_positions[3]->table->table->alias
$27 = 0x903bdd0 "table2"
(gdb) p join->best_positions[4]->table->table->alias
$28 = 0x903c318 "table3"
(gdb) p join->best_positions[5]->table->table->alias
$29 = 0x903f320 "table6"
(gdb) p join->best_positions[6]->table->table->alias
$30 = 0x90487b8 "table7"
(gdb) p join->best_positions[7]->table->table->alias
Cannot access memory at address 0x0

Hi Patrick,
I have pushed a fix for this bug in
the following branch.
https://code.launchpad.net/~prafulla-tekawade/drizzle/dr-bug-592444
Could you please test it ?

Thanks,
Prafulla

Sure thing. I'll be looking at all of your pending patches today. I'll
update the bugs once testing is complete.

On Sat, Jul 17, 2010 at 11:01 PM, Prafulla Tekawade <
<email address hidden>> wrote:

> Hi Patrick,
> I have pushed a fix for this bug in
> the following branch.
> https://code.launchpad.net/~prafulla-tekawade/drizzle/dr-bug-592444
> Could you please test it ?
>
> Thanks,
> Prafulla
>
> ** Branch linked: lp:~prafulla-tekawade/drizzle/dr-bug-592444
>
> ** Changed in: drizzle
> Status: Confirmed => In Progress
>
> ** Changed in: drizzle
> Assignee: (unassigned) => Prafulla Tekawade (prafulla-tekawade)
>
> --
> Segfault - operator= (join=0x1fd0fd8, tables=<value optimized out>,
> conds=<value optimized out>, keyuse_array=<value optimized out>) at
> ./drizzled/join_table.h:73
> https://bugs.launchpad.net/bugs/592444
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in A Lightweight SQL Database for Cloud and Web: In Progress
>
> Bug description:
> We are seeing a segfault here for certain queries - particularly those
> generated by the randgen grammar outer_join_drizzle.yy (large, multi-table
> JOIN operations with other assorted nastiness).
>
> Test case is forthcoming.
>
> Backtrace:
>
> #0 operator= (join=0x1fd0fd8, tables=<value optimized out>, conds=<value
> optimized out>, keyuse_array=<value optimized out>) at
> ./drizzled/join_table.h:73
> #1 get_best_combination (join=0x1fd0fd8, tables=<value optimized out>,
> conds=<value optimized out>, keyuse_array=<value optimized out>) at
> drizzled/join.cc:3215
> #2 make_join_statistics (join=0x1fd0fd8, tables=<value optimized out>,
> conds=<value optimized out>, keyuse_array=<value optimized out>) at
> drizzled/join.cc:5881
> #3 0x0000000000591c99 in drizzled::Join::optimize (this=0x1fd0fd8) at
> drizzled/join.cc:559
> #4 0x00000000006147a5 in drizzled::mysql_select (session=0x7f58fc12a0d0,
> rref_pointer_array=<value optimized out>, tables=0x1d4f768, wild_num=0,
> fields=..., conds=0x20000500004008,
> og_num=4, order=0x0, group=0x1f54328, having=0x0,
> select_options=2147500040, result=0x1f547f0, unit=0x7f58fc12ab38,
> select_lex=0x7f58fc12ad48) at drizzled/sql_select.cc:412
> #5 0x0000000000615120 in drizzled::handle_select (session=0x7f58fc12a0d0,
> lex=0x7f58fc12ab18, result=0x1f547f0, setup_tables_done_option=0) at
> drizzled/sql_select.cc:146
> #6 0x000000000060ecd5 in drizzled::execute_sqlcom_select
> (session=0x7f58fc12a0d0, all_tables=0x1d4f768) at drizzled/sql_parse.cc:543
> #7 0x000000000060e94e in mysql_execute_command (session=0x7f58fc12a0d0,
> inBuf=<value optimized out>, length=<value optimized out>) at
> drizzled/sql_parse.cc:478
> #8 drizzled::mysql_parse (session=0x7f58fc12a0d0, inBuf=<value optimized
> out>, length=<value optimized out>) at drizzled/sql_parse.cc:733
> #9 0x0000000000610b12 in drizzled::dispatch_command
> (command=drizzled::COM_QUERY, session=0x7f58fc12a0d0,
> packet=0x7f58fc12b831 " SELECT SQL_SMALL_RESULT table1 . `col_int` AS
> field1 , table2 . `col_int` AS field2 , table1 . `col_int` AS field3 ,
> table2 . `pk` AS field4 FROM p AS table1 LEFT JOIN n AS table2 ...

This patch looks good per the usual randgen / test-suite testing.
Additionally, the result sets look correct now for the original test case.

I also checked a combination of the fixes for Bug#592444 and Bug#595305 and things look good.

As always, thanks for the fixes and solid work : )

If you could, would you add a test case for this bug - I noticed you added one for Bug#595305 - to optimizer.test and then it will be good to propose a merge with trunk (lp:drizzle). If I'm not mistaken, this tree also contains the fix you have for Bug#595305, right?

Hi Patrick
I have added the test from this bug to optimizer.test and pushed
it to the branch linked with this bug.
Yes this branch contains fixes for both this bug and Bug#595305

Thanks,
Prafulla

Fix merged at rev 1664 in lp:drizzle