Valgrind error: write of uninitialised bytes in xt_flush_indices()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
PBXT |
Fix Committed
|
Undecided
|
Vladimir Kolesnikov |
Bug Description
I'm trying to enable the PBXT test suite by default in MariaDB, however for
that I need it to run without failures also in the --valgrind mode.
I get the following Valgrind error in pbxt.auto_
==1562== Syscall param pwrite64(buf) points to uninitialised byte(s)
==1562== at 0x504E188: (within /usr/lib/
==1562== by 0xA58564: xt_pwrite_
==1562== by 0x9F60A7: XTIndexLog:
==1562== by 0x9F7B5E: xt_flush_
==1562== by 0xA1BCD1: xt_flush_
==1562== by 0xA1C179: xt_sync_
==1562== by 0xA4591A: db_lock_
==1562== by 0xA45D67: xt_db_lock_
==1562== by 0xA1D291: tab_lock_
==1562== by 0xA1EFA0: xt_drop_
==1562== by 0x9F3A45: ha_pbxt:
==1562== by 0x7C4E10: handler:
==1562== by 0x7CAD18: ha_delete_
==1562== by 0x7F2BB8: mysql_rm_
==1562== by 0x7F31CE: mysql_rm_
==1562== by 0x68D8D3: mysql_execute_
==1562== Address 0x10d2e2ae is 22 bytes inside a block of size 1,049,088 alloc'd
==1562== at 0x4C22FAB: malloc (vg_replace_
==1562== by 0x9FFB4A: xt_malloc_
==1562== by 0x9F68EB: XTIndexLogPool:
==1562== by 0x9F6B3D: XTIndexLogPool:
==1562== by 0x9F71FD: xt_flush_
==1562== by 0xA1BCD1: xt_flush_
==1562== by 0xA1C179: xt_sync_
==1562== by 0xA4591A: db_lock_
==1562== by 0xA45D67: xt_db_lock_
==1562== by 0xA1D291: tab_lock_
==1562== by 0xA1EFA0: xt_drop_
==1562== by 0x9F3A45: ha_pbxt:
==1562== by 0x7C4E10: handler:
==1562== by 0x7CAD18: ha_delete_
==1562== by 0x7F2BB8: mysql_rm_
==1562== by 0x7F31CE: mysql_rm_
I tried to track it down a bit further with the following patch (debug only):
Unable to load plugin 'gtk'. It requested API version (1, 17, 0) of module <module 'bzrlib' from '/usr/lib/
Unable to load plugin 'gtk'. It requested API version (1, 17, 0) of module <module 'bzrlib' from '/usr/lib/
=== modified file 'storage/
--- storage/
+++ storage/
@@ -51,6 +51,8 @@
#include "trace_xt.h"
#include "table_xt.h"
+#include <valgrind/
+
#ifdef DEBUG
#define MAX_SEARCH_DEPTH 32
//#define CHECK_AND_PRINT
@@ -3751,6 +3753,9 @@ static xtBool ind_add_
register u_int i;
register u_int guess;
+ u_int block_len = XT_GET_
+ if (VALGRIND_
+
if (*flush_count == IND_FLUSH_
if (!idx_flush_
return FAILED;
@@ -4308,6 +4313,7 @@ xtBool XTIndexLog:
{
if (!il_require_
return FAILED;
+ VALGRIND_
*(il_buffer + il_buffer_len) = byte;
il_buffer_len++;
return OK;
@@ -4320,6 +4326,7 @@ xtBool XTIndexLog:
if (!il_require_
return FAILED;
buffer = il_buffer + il_buffer_len;
+ VALGRIND_
XT_SET_
il_buffer_len += 4;
return OK;
@@ -4344,7 +4351,9 @@ xtBool XTIndexLog:
page_data = (XTIndPageDataDPtr) (il_buffer + il_buffer_len);
TRACK_
page_
+ VALGRIND_
XT_SET_
+ if (VALGRIND_
memcpy(
il_buffer_len += offsetof(
This shows that a block is at some point added to the dirty list with
partially undefined data:
==604== Uninitialised byte(s) found during client check request
==604== at 0x9F6FD3: ind_add_
==604== by 0x9F7476: xt_flush_
==604== by 0xA1BCD1: xt_flush_
==604== by 0xA1C179: xt_sync_
==604== by 0xA4591A: db_lock_
==604== by 0xA45D67: xt_db_lock_
==604== by 0xA1D291: tab_lock_
==604== by 0xA1EFA0: xt_drop_
==604== by 0x9F3A45: ha_pbxt:
==604== by 0x7C4E10: handler:
==604== by 0x7CAD18: ha_delete_
==604== by 0x7F2BB8: mysql_rm_
==604== by 0x7F31CE: mysql_rm_
==604== by 0x68D8D3: mysql_execute_
==604== by 0x692EB3: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:6034)
==604== by 0x693CC5: dispatch_
==604== Address 0xcf8ffee is 33,669,054 bytes inside a block of size 33,701,888 alloc'd
==604== at 0x4C22FAB: malloc (vg_replace_
==604== by 0x9FFC7E: xt_malloc(
==604== by 0xA43CA6: xt_ind_
==604== by 0x9EBBCC: pbxt_call_
==604== by 0x9EBF19: pbxt_init(void*) (ha_pbxt.cc:1194)
==604== by 0x7C8CBD: ha_initialize_
==604== by 0x88AC96: plugin_
==604== by 0x88E821: plugin_init(int*, char**, int) (sql_plugin.
==604== by 0x67A150: init_server_
==604== by 0x67AC29: main (mysqld.cc:4541)
block->
I don't know the code well enough to tell if this is a real problem, or just
some unused padding data which does not need to be initialised. In the latter
case, it would be good to add initialisation under #ifdef HAVE_valgrind
similar to Bug 451080.
Related branches
- PBXT Core: Pending requested
-
Diff: 42 lines (+9/-1)3 files modifiedChangeLog (+2/-0)
src/myxt_xt.cc (+5/-0)
src/xactlog_xt.cc (+2/-1)
Changed in pbxt: | |
assignee: | nobody → Vladimir Kolesnikov (vkolesnikov) |
status: | New → In Progress |
Another reason to eliminate these valgrind errors is that it would make it easier to distinguish the ones that are actual bugs. For example, this one, from testcase pbxt.multi_update, looks like a real problem:
==19278== Invalid write of size 1 strmem. c:586) :xlog_append( XTThread* , unsigned long, unsigned char*, unsigned long, unsigned char*, int, unsigned int*, long*) (xactlog_ xt.cc:1112) modify_ table(unsigned int, unsigned int, unsigned int, unsigned int, unsigned int, unsigned long, unsigned char*, XTThread*) (xactlog_ xt.cc:1657) record( XTOpenTable* , XTTabRecInfo*, unsigned int) (table_xt.cc:4017) new_record( XTOpenTable* , unsigned char*) (table_xt.cc:4380) :write_ row(unsigned char*) (ha_pbxt.cc:2645) :ha_write_ row(unsigned char*) (handler.cc:4647) cc:1632) insert: :send_data( List<Item> &) (sql_insert. cc:3212) cc:12455) join_record( JOIN*, st_join_table*, int) (sql_select. cc:11638) cc:11518) cc:11268) cc:2292) lex_unit* , st_select_lex*) (sql_select. cc:2486) malloc. c:195) XTThread* , unsigned long) (memory_xt.cc:101) :xlog_setup( XTThread* , XTDatabase*, long, unsigned long, int) (xactlog_xt.cc:632) db(XTThread* , XTDatabase*) (xaction_ xt.cc:1107) database( XTThread* , char*, int) (database_ xt.cc:471) database( XTThread* , char*, int) (database_ xt.cc:639) database_ of_table( XTThread* , XTPathStr*) (ha_pbxt.cc:512) :create( char const*, st_table*, st_ha_create_ information* ) (ha_pbxt.cc:5438) :ha_create( char const*, st_table*, st_ha_create_ information* ) (handler.cc:3397) table(THD* , char const*, char const*, char const*, st_ha_create_ information* , bool) (handler.cc:3604) table(THD* , char const*, char const*, char const*, st_ha_create_ information* , List<Create_ field>& , unsigned int, st_key*, h...
==19278== at 0x4C270D8: memset (mc_replace_
==19278== by 0xA50298: XTDatabaseLog:
==19278== by 0xA519A9: xt_xlog_
==19278== by 0xA3778A: tab_add_
==19278== by 0xA38214: xt_tab_
==19278== by 0xA0489A: ha_pbxt:
==19278== by 0x7D7B29: handler:
==19278== by 0x72ECDC: write_record(THD*, st_table*, st_copy_info*) (sql_insert.
==19278== by 0x733425: select_
==19278== by 0x71AAC2: end_send(JOIN*, st_join_table*, bool) (sql_select.
==19278== by 0x71897D: evaluate_
==19278== by 0x718616: sub_select(JOIN*, st_join_table*, bool) (sql_select.
==19278== by 0x71812A: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.
==19278== by 0x7013BE: JOIN::exec() (sql_select.
==19278== by 0x701B0F: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_
==19278== by 0x6F9E07: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:279)
==19278== Address 0xf1c13f0 is 0 bytes after a block of size 1,049,088 alloc'd
==19278== at 0x4C25153: malloc (vg_replace_
==19278== by 0xA159D3: xt_malloc(
==19278== by 0xA4F2FB: XTDatabaseLog:
==19278== by 0xA4A5D9: xt_xn_init_
==19278== by 0xA5BF89: xt_get_
==19278== by 0xA5C806: xt_open_
==19278== by 0xA0044D: xt_ha_open_
==19278== by 0xA09781: ha_pbxt:
==19278== by 0x7D4DB9: handler:
==19278== by 0x7D554D: ha_create_
==19278== by 0x77BA6C: rea_create_