Zorba - NoSQL Query Processor

out of range vector access in plan generator

Reported by David Graf on 2012-04-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zorba
Critical
Markos Zaharioudakis

Bug Description

Hello Markos

We discovered an out-of-range vector access during plan generation on our windows machine. On Windows only, because windows does an out-of-range check in debug mode automatically. To reproduce and detect the problem on linux, you need to apply the following patch to zorba:

=== modified file 'src/compiler/expression/flwor_expr.h'
--- src/compiler/expression/flwor_expr.h 2012-04-19 21:40:27 +0000
+++ src/compiler/expression/flwor_expr.h 2012-04-20 08:51:10 +0000
@@ -708,7 +708,7 @@

   void remove_clause(ulong pos);

- const flwor_clause* operator[](int i) const { return theClauses[i].getp(); }
+ const flwor_clause* operator[](int i) const { return theClauses.at(i).getp(); }

   flwor_clause* get_clause(ulong i);

After applying the patch, you need to execute the following query:

declare %fn:private function local:serialize-request-as-xml()
{
  ()
};
declare function local:serialize-request-as-html()
{
  let $request := local:serialize-request-as-xml()
  return
        for $section in $request/element()
        return
              for $info in $section/element()
              return
                    for $value in $info/value
                    let $content :=
                      switch(false())
                        case false() return
                          ()
                        default return $value/text()
                      return
                        switch(string($value/@class))
                          case "error" return
                            $content
                          default return $content
};

local:serialize-request-as-html()

The result on my machine is:
$ ./bin/zorba -q ../../sausalito/build/test.xq -f
Zorba error [zerr:ZXQP0003]: internal error: vector::_M_range_check; raised at /home/dagraf/zorba/sandbox/src/api/zorbaimpl.cpp:288

In sausalito, we bypassing the issue currently by return 0 if the vector is empty:
- const flwor_clause* operator[](int i) const { return theClauses[i].getp(); }
+ const flwor_clause* operator[](int i) const { return (theClauses.empty() ? 0 : theClauses[i].getp()); }

I have no clue if this is a nice bypass. I am pretty sure this bypass hides another problem. But maybe, it is save to use it temporarily. What do you think?

By the way: The call stack is:
#0 0x00007ffff3af4dc0 in __cxa_throw () from /usr/lib/libstdc++.so.6
#1 0x00007ffff3a90647 in std::__throw_out_of_range(char const*) () from /usr/lib/libstdc++.so.6
#2 0x00007ffff69c332b in std::vector<zorba::rchandle<zorba::flwor_clause>, std::allocator<zorba::rchandle<zorba::flwor_clause> > >::_M_range_check (this=0x99b380, __n=0) at /usr/include/c++/4.4/bits/stl_vector.h:634
#3 0x00007ffff69b9db9 in std::vector<zorba::rchandle<zorba::flwor_clause>, std::allocator<zorba::rchandle<zorba::flwor_clause> > >::at (this=0x99b380, __n=0) at /usr/include/c++/4.4/bits/stl_vector.h:670
#4 0x00007ffff693ae2a in zorba::flwor_expr::operator[] (this=0x99b2f0, i=0) at /home/dagraf/zorba/sandbox/src/compiler/expression/flwor_expr.h:711
#5 0x00007ffff6af6eb9 in zorba::EliminateUnusedLetVars::rewritePre (this=0x9983b0, node=0x99b2f0, rCtx=...) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/flwor_rules.cpp:175
#6 0x00007ffff6aedf2b in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99b2f0, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:39
#7 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99d620, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#8 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99d9c0, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#9 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99da70, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#10 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99bdc0, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#11 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99be80, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#12 0x00007ffff6ae7388 in zorba::RuleMajorDriver::rewrite (this=0x7fffffffcad0, rCtx=...) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/framework/rule_driver.cpp:61
#13 0x00007ffff6ae9c23 in zorba::DefaultOptimizer::rewrite (this=0x9879f0, rCtx=...) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rewriters/default_optimizer.cpp:98
#14 0x00007ffff6b1481e in zorba::UDFGraph::optimizeUDFs (this=0x7fffffffd160, ccb=0x98c930, node=0x9923d0, visit=2) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/tools/udf_graph.cpp:226
#15 0x00007ffff6b146c3 in zorba::UDFGraph::optimizeUDFs (this=0x7fffffffd160, ccb=0x98c930, node=0x992930, visit=2) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/tools/udf_graph.cpp:203
#16 0x00007ffff6b1461e in zorba::UDFGraph::optimizeUDFs (this=0x7fffffffd160, ccb=0x98c930) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/tools/udf_graph.cpp:190
#17 0x00007ffff6b26fd8 in zorba::XQueryCompiler::optimize (this=0x7fffffffd430, lExpr=...) at /home/dagraf/zorba/sandbox/src/compiler/api/compiler_api.cpp:308
#18 0x00007ffff6b26c90 in zorba::XQueryCompiler::compile (this=0x7fffffffd430, ast=..., applyPUL=true, rootExpr=..., nextDynamicVarId=@0x7fffffffd458, aAuditRecord=...) at /home/dagraf/zorba/sandbox/src/compiler/api/compiler_api.cpp:252
#19 0x00007ffff6b26a34 in zorba::XQueryCompiler::compile (this=0x7fffffffd430, aXQuery=..., aFileName=..., nextDynamicVarId=@0x7fffffffd458) at /home/dagraf/zorba/sandbox/src/compiler/api/compiler_api.cpp:224
#20 0x00007ffff681e82f in zorba::XQueryImpl::doCompile (this=0x98c850, aQuery=..., aHints=..., fork_sctx=true) at /home/dagraf/zorba/sandbox/src/api/xqueryimpl.cpp:588
#21 0x00007ffff681e2d2 in zorba::XQueryImpl::compile (this=0x98c850, aQuery=..., aStaticContext=..., aHints=...) at /home/dagraf/zorba/sandbox/src/api/xqueryimpl.cpp:518
#22 0x00000000004124b2 in compileAndExecute (zorbaInstance=0x7ffff7dd54e0, properties=..., staticContext=..., qfilepath=..., qfile=..., outputStream=..., timing=...) at /home/dagraf/zorba/sandbox/bin/zorbacmd.cpp:632
#23 0x0000000000413fdc in main (argc=5, argv=0x7fffffffe398) at /home/dagraf/zorba/sandbox/bin/zorbacmd.cpp:990

Changed in zorba:
status: New → In Progress
Changed in zorba:
status: In Progress → Fix Committed
Changed in zorba:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers