Zorba

out of range vector access in plan generator

Bug #986075 reported by David Graf on 2012-04-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Zorba	Fix Released	Critical	Markos Zaharioudakis	Zorba 2.5 "Dionysus"

Bug Description

Hello Markos

We discovered an out-of-range vector access during plan generation on our windows machine. On Windows only, because windows does an out-of-range check in debug mode automatically. To reproduce and detect the problem on linux, you need to apply the following patch to zorba:

=== modified file 'src/compiler/expression/flwor_expr.h'
--- src/compiler/expression/flwor_expr.h 2012-04-19 21:40:27 +0000
+++ src/compiler/expression/flwor_expr.h 2012-04-20 08:51:10 +0000
@@ -708,7 +708,7 @@

void remove_clause(ulong pos);

- const flwor_clause* operator[](int i) const { return theClauses[i].getp(); }
+ const flwor_clause* operator[](int i) const { return theClauses.at(i).getp(); }

flwor_clause* get_clause(ulong i);

After applying the patch, you need to execute the following query:

declare %fn:private function local:serialize-request-as-xml()
{
  ()
};
declare function local:serialize-request-as-html()
{
  let $request := local:serialize-request-as-xml()
  return
        for $section in $request/element()
        return
              for $info in $section/element()
              return
                    for $value in $info/value
                    let $content :=
                      switch(false())
                        case false() return
                          ()
                        default return $value/text()
                      return
                        switch(string($value/@class))
                          case "error" return
                            $content
                          default return $content
};

local:serialize-request-as-html()

The result on my machine is:
$ ./bin/zorba -q ../../sausalito/build/test.xq -f
Zorba error [zerr:ZXQP0003]: internal error: vector::_M_range_check; raised at /home/dagraf/zorba/sandbox/src/api/zorbaimpl.cpp:288

In sausalito, we bypassing the issue currently by return 0 if the vector is empty:
- const flwor_clause* operator[](int i) const { return theClauses[i].getp(); }
+ const flwor_clause* operator[](int i) const { return (theClauses.empty() ? 0 : theClauses[i].getp()); }

I have no clue if this is a nice bypass. I am pretty sure this bypass hides another problem. But maybe, it is save to use it temporarily. What do you think?

By the way: The call stack is:
#0 0x00007ffff3af4dc0 in __cxa_throw () from /usr/lib/libstdc++.so.6
#1 0x00007ffff3a90647 in std::__throw_out_of_range(char const*) () from /usr/lib/libstdc++.so.6
#2 0x00007ffff69c332b in std::vector<zorba::rchandle<zorba::flwor_clause>, std::allocator<zorba::rchandle<zorba::flwor_clause> > >::_M_range_check (this=0x99b380, __n=0) at /usr/include/c++/4.4/bits/stl_vector.h:634
#3 0x00007ffff69b9db9 in std::vector<zorba::rchandle<zorba::flwor_clause>, std::allocator<zorba::rchandle<zorba::flwor_clause> > >::at (this=0x99b380, __n=0) at /usr/include/c++/4.4/bits/stl_vector.h:670
#4 0x00007ffff693ae2a in zorba::flwor_expr::operator[] (this=0x99b2f0, i=0) at /home/dagraf/zorba/sandbox/src/compiler/expression/flwor_expr.h:711
#5 0x00007ffff6af6eb9 in zorba::EliminateUnusedLetVars::rewritePre (this=0x9983b0, node=0x99b2f0, rCtx=...) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/flwor_rules.cpp:175
#6 0x00007ffff6aedf2b in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99b2f0, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:39
#7 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99d620, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#8 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99d9c0, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#9 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99da70, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#10 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99bdc0, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#11 0x00007ffff6aedfda in zorba::PrePostRewriteRule::apply (this=0x9983b0, rCtx=..., curExpr=0x99be80, modified=@0x7fffffffca6d) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rules/rule_base.cpp:51
#12 0x00007ffff6ae7388 in zorba::RuleMajorDriver::rewrite (this=0x7fffffffcad0, rCtx=...) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/framework/rule_driver.cpp:61
#13 0x00007ffff6ae9c23 in zorba::DefaultOptimizer::rewrite (this=0x9879f0, rCtx=...) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/rewriters/default_optimizer.cpp:98
#14 0x00007ffff6b1481e in zorba::UDFGraph::optimizeUDFs (this=0x7fffffffd160, ccb=0x98c930, node=0x9923d0, visit=2) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/tools/udf_graph.cpp:226
#15 0x00007ffff6b146c3 in zorba::UDFGraph::optimizeUDFs (this=0x7fffffffd160, ccb=0x98c930, node=0x992930, visit=2) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/tools/udf_graph.cpp:203
#16 0x00007ffff6b1461e in zorba::UDFGraph::optimizeUDFs (this=0x7fffffffd160, ccb=0x98c930) at /home/dagraf/zorba/sandbox/src/compiler/rewriter/tools/udf_graph.cpp:190
#17 0x00007ffff6b26fd8 in zorba::XQueryCompiler::optimize (this=0x7fffffffd430, lExpr=...) at /home/dagraf/zorba/sandbox/src/compiler/api/compiler_api.cpp:308
#18 0x00007ffff6b26c90 in zorba::XQueryCompiler::compile (this=0x7fffffffd430, ast=..., applyPUL=true, rootExpr=..., nextDynamicVarId=@0x7fffffffd458, aAuditRecord=...) at /home/dagraf/zorba/sandbox/src/compiler/api/compiler_api.cpp:252
#19 0x00007ffff6b26a34 in zorba::XQueryCompiler::compile (this=0x7fffffffd430, aXQuery=..., aFileName=..., nextDynamicVarId=@0x7fffffffd458) at /home/dagraf/zorba/sandbox/src/compiler/api/compiler_api.cpp:224
#20 0x00007ffff681e82f in zorba::XQueryImpl::doCompile (this=0x98c850, aQuery=..., aHints=..., fork_sctx=true) at /home/dagraf/zorba/sandbox/src/api/xqueryimpl.cpp:588
#21 0x00007ffff681e2d2 in zorba::XQueryImpl::compile (this=0x98c850, aQuery=..., aStaticContext=..., aHints=...) at /home/dagraf/zorba/sandbox/src/api/xqueryimpl.cpp:518
#22 0x00000000004124b2 in compileAndExecute (zorbaInstance=0x7ffff7dd54e0, properties=..., staticContext=..., qfilepath=..., qfile=..., outputStream=..., timing=...) at /home/dagraf/zorba/sandbox/bin/zorbacmd.cpp:632
#23 0x0000000000413fdc in main (argc=5, argv=0x7fffffffe398) at /home/dagraf/zorba/sandbox/bin/zorbacmd.cpp:990

Markos Zaharioudakis (markos-za) on 2012-04-23

Changed in zorba:
status:	New → In Progress

Markos Zaharioudakis (markos-za) on 2012-04-23

Changed in zorba:
status:	In Progress → Fix Committed

Markos Zaharioudakis (markos-za) on 2012-05-30

Changed in zorba:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.