Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Divide by zero in OPTmitosis with select name from tables #2701

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Divide by zero in OPTmitosis with select name from tables #2701

monetdb-team opened this issue Nov 30, 2020 · 0 comments

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2010-10-21 09:57:11 +0200
From: Guillaume Yziquel <<guillaume.yziquel>>
To: MonetDB5 devs <>
Version: 11.3.7 (Apr2011-SP2) [obsolete]
CC: @mlkersten, @drstmane

Last updated: 2011-09-16 15:04:40 +0200

Comment 15080

Date: 2010-10-21 09:57:11 +0200
From: Guillaume Yziquel <<guillaume.yziquel>>

User-Agent: Midori/0.2 (X11; Linux; U; fr-ch) WebKit/531.2+
Build Identifier:

Hello.

Using MonetDB on a 64 bit arch, using Debian and Debian packages. I'm currently working as time allows on my OCaml binding embedding MonetDB, and experienced a divide by 0 in OPTmitosis.

http://yziquel.homelinux.org/ocaml-monetdb5 (when online...)

Here are, hopefully helpful, details of the crash:

yziquel@seldon:~$ ocaml
Objective Caml version 3.12.0

use "topfind";;

  • : unit = ()
    Findlib has been successfully loaded. Additional directives:
    require "package";; to load a package
    list;; to list the available packages
    camlp4o;; to load camlp4 (standard syntax)
    camlp4r;; to load camlp4 (revised syntax)
    predicates "p,q,...";; to set these predicates
    Topfind.reset();; to force that packages will be reloaded
    thread;; to enable threads

  • : unit = ()
    require "monetdb5";;
    /usr/lib/ocaml/monetdb5: added to search path
    /usr/lib/ocaml/monetdb5/monetDB5.cma: loaded
    open MonetDB5;;
    module DB = struct
    include DB.SQL
    let farm = "/path/to/my/monetdb/farm"
    let name = "my_db"
    end;;
    module DB :
    sig
    val embedded : bool
    val backend : MonetDB5.language
    val farm : string
    val name : string
    end
    include Embedded (DB);;
    val mapi : MonetDB5.Mapi.mapi =
    val ask : int list -> string -> string option list list =
    ask [0] "select name from tables;";;
    Exception en point flottant
    yziquel@seldon:~$

Which translates as "floating point exception".

yziquel@seldon:~/git/ocaml-monetdb5$ make debug
gdb --quiet --args ocamlrun ocaml -init ocamlinit
Reading symbols from /usr/bin/ocamlrun...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/bin/ocamlrun ocaml -init ocamlinit
[Thread debugging using libthread_db enabled]
Objective Caml version 3.12.0

Findlib has been successfully loaded. Additional directives:
require "package";; to load a package
list;; to list the available packages
camlp4o;; to load camlp4 (standard syntax)
camlp4r;; to load camlp4 (revised syntax)
predicates "p,q,...";; to set these predicates
Topfind.reset();; to force that packages will be reloaded
thread;; to enable threads

[New Thread 0x2aaab0238710 (LWP 31881)]
[New Thread 0x2aaac2f6a710 (LWP 31884)]
[Thread 0x2aaab0238710 (LWP 31881) exited]

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread 0x2aaac2f6a710 (LWP 31884)]
0x00002aaabd8f65d9 in OPTmitosis () from /usr/lib/MonetDB5/lib/lib_optimizer.so.5
(gdb) bt
0 0x00002aaabd8f65d9 in OPTmitosis () from /usr/lib/MonetDB5/lib/lib_optimizer.so.5
1 0x00002aaabd8bcee6 in optimizeMALBlock () from /usr/lib/MonetDB5/lib/lib_optimizer.so.5
2 0x00002aaac2a60ac9 in addQueryToCache () from /usr/lib/MonetDB5/lib/lib_sql.so
3 0x00002aaac2a5fecc in backend_dumpproc () from /usr/lib/MonetDB5/lib/lib_sql.so
4 0x00002aaac2a58a7c in SQLparser () from /usr/lib/MonetDB5/lib/lib_sql.so
5 0x00002aaaaca6f057 in ?? () from /usr/lib/libmonetdb5.so.5
6 0x00002aaaaca6f2a7 in runScenario () from /usr/lib/libmonetdb5.so.5
7 0x00002aaaaca37e6e in MSserveClient () from /usr/lib/libmonetdb5.so.5
8 0x00002aaaab39e8ba in start_thread () from /lib/libpthread.so.0
9 0x00002aaaab68302d in clone () from /lib/libc.so.6
10 0x0000000000000000 in ?? ()

(gdb) info registers
rax 0x1f 31
rbx 0x2 2
rcx 0x2 2
rdx 0x0 0
rsi 0xb9a528 12166440
rdi 0x2aaaaded8fa0 46912550834080
rbp 0xaf5118 0xaf5118
rsp 0x2aaac2f69660 0x2aaac2f69660
r8 0x29 41
r9 0xb4b808 11843592
r10 0x2aaabdb04750 46912815253328
r11 0x2aaaacca3688 46912531740296
r12 0x0 0
r13 0xaf5118 11489560
r14 0xaaaaaaaaaaaaaaab -6148914691236517205
r15 0x1053758 17119064
rip 0x2aaabd8f65d9 0x2aaabd8f65d9 <OPTmitosis+1081>
eflags 0x10256 [ PF AF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0

(gdb) disassemble
Dump of assembler code for function OPTmitosis:
0x00002aaabd8f61a0 <+0>: push %r15
0x00002aaabd8f61a2 <+2>: mov %rsi,%r15
0x00002aaabd8f61a5 <+5>: push %r14
0x00002aaabd8f61a7 <+7>: push %r13
0x00002aaabd8f61a9 <+9>: push %r12
0x00002aaabd8f61ab <+11>: push %rbp
0x00002aaabd8f61ac <+12>: push %rbx
0x00002aaabd8f61ad <+13>: sub $0x538,%rsp
0x00002aaabd8f61b4 <+20>: mov %rdi,0x60(%rsp)
0x00002aaabd8f61b9 <+25>: mov %rdx,0x58(%rsp)
0x00002aaabd8f61be <+30>: mov %rcx,0x50(%rsp)
0x00002aaabd8f61c3 <+35>: callq 0x2aaabd8b8e70 GDKusec@plt
0x00002aaabd8f61c8 <+40>: mov %rax,0x68(%rsp)
0x00002aaabd8f61cd <+45>: callq 0x2aaabd8b9290 optimizerInit@plt
0x00002aaabd8f61d2 <+50>: cmpq $0x0,0x50(%rsp)
...

0x00002aaabd8f65a8 <+1032>:	div    %rbx
0x00002aaabd8f65ab <+1035>:	mov    %rax,0xa8(%rsp)
0x00002aaabd8f65b3 <+1043>:	mov    0xa8(%rsp),%r12
0x00002aaabd8f65bb <+1051>:	mov    $0x1,%eax
0x00002aaabd8f65c0 <+1056>:	cmp    %r12,0x80(%rsp)
0x00002aaabd8f65c8 <+1064>:	jle    0x2aaabd8f65e4 <OPTmitosis+1092>
0x00002aaabd8f65ca <+1066>:	mov    0x80(%rsp),%rdx
0x00002aaabd8f65d2 <+1074>:	mov    %rdx,%rax
0x00002aaabd8f65d5 <+1077>:	sar    $0x3f,%rdx

=> 0x00002aaabd8f65d9 <+1081>: idivq 0xa8(%rsp)

The floating point exception occurs here. With the following values:

(gdb) p/x $rsp
$1 = 0x2aaac2f69660
(gdb) x/g (0x2aaac2f69660 + 0xa8)
0x2aaac2f69708: 0x0000000000000000

This issue has nothing to do with my binding, and is purely MonetDB5-related. I suspect you would have the same result doing the following things: Start an embedded_sql() session, with monet_embedded and gdk_embedded to 'yes', nothing in the whole database, and doing a 'select name from tables' SQL instruction.

Guillaume Yziquel.

Reproducible: Always

Steps to Reproduce:

  1. Start en embedded_sql() session, with monetdb_embedded and gdk_embedded to 'yes'.
  2. Empty database.
  3. Issue 'select name from tables;' SQL statement.

Actual Results:

Crashes on an idivq instruction in OPTmitosis, with a floating point exception.

Expected Results:

Well, 'select name in tables'...

No merovingian, nothing. Just embedded_sql() in the OCaml binding.

Comment 15097

Date: 2010-10-25 12:59:10 +0200
From: @sjoerdmullender

Changeset 74f08442f0a7 made by Sjoerd Mullender sjoerd@acm.org in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=74f08442f0a7

Changeset description:

Make sure monet_memory is initialized.
In case of an embedded server, monet_hello() isn't called, but
monet_hello() normally initializes monet_memory.  So we make sure the
value is initialized in mal_init() which is always called.
monet_memory is used by the MAL interpreter, so it is appropriate to
do this here.

This fixes bug #2701.

Comment 15099

Date: 2010-10-25 15:19:09 +0200
From: @sjoerdmullender

Changeset 6b4c13dcae6d made by Sjoerd Mullender sjoerd@acm.org in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=6b4c13dcae6d

Changeset description:

Test for bug #2701.

Comment 15164

Date: 2010-10-30 11:29:13 +0200
From: @drstmane

The output for this test appears to differ between Unix-like systems

http://monetdb.cwi.nl/testing/projects/monetdb/Candidate/sql/.mTests103/GNU.64.64.d.1-Fedora10/src_test_BugTracker-2010/Mbedded-crash.Bug-2701.out.00.html

and Windows

http://monetdb.cwi.nl/testing/projects/monetdb/Candidate/sql/.mTests103/Int.32.32.d.1-Windows5.1/src_test_BugTracker-2010/Mbedded-crash.Bug-2701.out.00.html

In case this is a (desired/accepted) feature, we need to approve both outputs;
otherwise, there seems to be some bug that needs to be fixed.

Comment 15207

Date: 2010-11-17 15:12:20 +0100
From: @sjoerdmullender

(In reply to comment 3)

In case this is a (desired/accepted) feature, we need to approve both outputs;
otherwise, there seems to be some bug that needs to be fixed.

I expect the output to be the same, and in fact, when I run on my Fedora system, the test does give the correct output.

Comment 15230

Date: 2010-11-26 21:36:37 +0100
From: @mlkersten

Added more protection in the kernel, because the variable GDKnr_threads may be set at runtime.

Comment 15231

Date: 2010-11-28 11:46:55 +0100
From: @drstmane

FYI:
As far as I can see, global variable GDKnr_threads is only initialize / set in GDKinit() (MonetDB/src/gdk/gdk_utils.mx).
I assume that any start of a MonetDB server calls GDKinit() first.
Since GDKinit() seems to ensure that GDKnr_threads is not set to 0,
IMHO, the bug is not related to / triggered by GDKnr_threads being 0,
and the protective measures are not really required, here.
Rather, if GDKnr_threads was 0 this would IMHO be a logical bug in the code.

Comment 15232

Date: 2010-11-28 12:09:08 +0100
From: @mlkersten

The variable GDKnr_threads is a global variable that may (accidently) be set during execution, which warrants some protection. Indeed, the embedded code should provide a proper initial value by setting it as part of the startup phase.
This can be either hardwired, or the responsibility of the embedded application writer.

Comment 15233

Date: 2010-11-28 12:24:10 +0100
From: @drstmane

Changeset 1161f24990d1 made by Stefan Manegold Stefan.Manegold@cwi.nl in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=1161f24990d1

Changeset description:

more protection against potential division by zero
in case GDKnr_threads is not properly initialized by GDKinit(),
e.g., in case of embedded servers (?);
see also bug #2701 at
http://bugs.monetdb.org/show_bug.cgi?id=2701

Comment 15672

Date: 2011-03-28 17:35:56 +0200
From: @sjoerdmullender

The Mar2011 version has been released.

Comment 16031

Date: 2011-07-29 10:59:41 +0200
From: @sjoerdmullender

Apr2011-SP2 has been released.

Comment 16121

Date: 2011-08-21 19:01:24 +0200
From: @mlkersten

Made one more pass through the code for possible
mis-use of GDKnr_threads.
Closing until we reach a new generation of machines

Comment 16255

Date: 2011-09-16 15:04:40 +0200
From: @sjoerdmullender

The Aug2011 version has been released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant