Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[fix](mysql)fix mysql row buffer open_dynamic_mode make _pos pointer out range of _buf #37936

Merged

Conversation

amorynan
Copy link
Contributor

if we select nested type such as map/array/struct after large string , when string type in mysql_row_buf reserve make buffer size is not large enough , which will lead nested type open_dynamic_mode make _pos pointer out range of mysql_row_buf, then nested type call push_string, and reserve() will make heap_buffer_overflow

==200769==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d0051c12ba at pc 0x55a77788692d bp 0x7fb52f474a30 sp 0x7fb52f4741f8
READ of size 36541 at 0x62d0051c12ba thread T2309 (Pipe_normal [wo)
    #0 0x55a77788692c in __asan_memcpy (/mnt/disk1/wangqiannan/amory/doris/output/be/lib/doris_be+0x60c1c92c) (BuildId: 4513940b6b9e22fa)
    #1 0x55a7a1f622fa in doris::MysqlRowBuffer<false>::reserve(long) /mnt/disk1/wangqiannan/amory/doris/be/src/util/mysql_row_buffer.cpp:140:5
    #2 0x55a7a1f638eb in doris::MysqlRowBuffer<false>::push_string(char const*, long) /mnt/disk1/wangqiannan/amory/doris/be/src/util/mysql_row_buffer.cpp:473:5
    #3 0x55a7a21f16eb in doris::Status doris::vectorized::DataTypeMapSerDe::_write_column_to_mysql<false>(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_map_serde.cpp:410:21
    #4 0x55a7a21e4c1e in doris::vectorized::DataTypeMapSerDe::write_column_to_mysql(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_map_serde.cpp:478:12
    #5 0x55a7a22070e6 in doris::Status doris::vectorized::DataTypeNullableSerDe::_write_column_to_mysql<false>(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_nullable_serde.cpp:300:9
    #6 0x55a7a21fbc5e in doris::vectorized::DataTypeNullableSerDe::write_column_to_mysql(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_nullable_serde.cpp:317:12
    #7 0x55a7c2e97e6c in doris::vectorized::VMysqlResultWriter<false>::write(doris::RuntimeState*, doris::vectorized::Block&) /mnt/disk1/wangqiannan/amory/doris/be/src/vec/sink/vmysql_result_writer.cpp:216:17
    #8 0x55a7c8031b83 in doris::pipeline::ResultSinkOperatorX::sink(doris::RuntimeState*, doris::vectorized::Block*, bool) /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/exec/result_sink_operator.cpp:142:5
    #9 0x55a7c99a81d6 in doris::pipeline::PipelineTask::execute(bool*)::$_1::operator()() const /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/pipeline_task.cpp:361:38
    #10 0x55a7c99a4b27 in doris::pipeline::PipelineTask::execute(bool*) /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/pipeline_task.cpp:364:22
    #11 0x55a7c9a23a2b in doris::pipeline::TaskScheduler::_do_work(unsigned long) /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/task_scheduler.cpp:138:9
    #12 0x55a7c9a269ca in doris::pipeline::TaskScheduler::start()::$_0::operator()() const /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/task_scheduler.cpp:64:9
    #13 0x55a7c9a2694e in void std::__invoke_impl<void, doris::pipeline::TaskScheduler::start()::$_0&>(std::__invoke_other, doris::pipeline::TaskScheduler::start()::$_0&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14
    #14 0x55a7c9a268ae in std::enable_if<is_invocable_r_v<void, doris::pipeline::TaskScheduler::start()::$_0&>, void>::type std::__invoke_r<void, doris::pipeline::TaskScheduler::start()::$_0&>(doris::pipeline::TaskScheduler::start()::$_0&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:111:2
    #15 0x55a7c9a26635 in std::_Function_handler<void (), doris::pipeline::TaskScheduler::start()::$_0>::_M_invoke(std::_Any_data const&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9
    #16 0x55a777b226da in std::function<void ()>::operator()() const /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9
    #17 0x55a77e95ec94 in doris::FunctionRunnable::run() /mnt/disk1/wangqiannan/amory/doris/be/src/util/threadpool.cpp:48:27
    #18 0x55a77e941015 in doris::ThreadPool::dispatch_thread() /mnt/disk1/wangqiannan/amory/doris/be/src/util/threadpool.cpp:543:24
    #19 0x55a77e97eb23 in void std::__invoke_impl<void, void (doris::ThreadPool::*&)(), doris::ThreadPool*&>(std::__invoke_memfun_deref, void (doris::ThreadPool::*&)(), doris::ThreadPool*&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:74:14
    #20 0x55a77e97e928 in std::__invoke_result<void (doris::ThreadPool::*&)(), doris::ThreadPool*&>::type std::__invoke<void (doris::ThreadPool::*&)(), doris::ThreadPool*&>(void (doris::ThreadPool::*&)(), doris::ThreadPool*&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:96:14
    #21 0x55a77e97e860 in void std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>::__call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:420:11
    #22 0x55a77e97e655 in void std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>::operator()<void>() /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:503:17
    #23 0x55a77e97e54e in void std::__invoke_impl<void, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>(std::__invoke_other, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14
    #24 0x55a77e97e48e in std::enable_if<is_invocable_r_v<void, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>, void>::type std::__invoke_r<void, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>(std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:111:2
    #25 0x55a77e97dd85 in std::_Function_handler<void (), std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>>::_M_invoke(std::_Any_data const&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9
    #26 0x55a777b226da in std::function<void ()>::operator()() const /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9
    #27 0x55a77e8fb841 in doris::Thread::supervise_thread(void*) /mnt/disk1/wangqiannan/amory/doris/be/src/util/thread.cpp:498:5
    #28 0x7fc1c3a111c9 in start_thread (/lib64/libpthread.so.0+0x81c9) (BuildId: 823fccea3475e5870a4167dfe47df20e53222db0)
    #29 0x7fc1c4400e72 in clone (/lib64/libc.so.6+0x39e72) (BuildId: ec3d7025354f1f1985831ff08ef0eb3b50aefbce)

0x62d0051c12ba is located 0 bytes after 36538-byte region [0x62d0051b8400,0x62d0051c12ba)
allocated by thread T2309 (Pipe_normal [wo) here:
    #0 0x55a7778c20bd in operator new[](unsigned long) (/mnt/disk1/wangqiannan/amory/doris/output/be/lib/doris_be+0x60c580bd) (BuildId: 4513940b6b9e22fa)
    #1 0x55a7a1f621c1 in doris::MysqlRowBuffer<false>::reserve(long) /mnt/disk1/wangqiannan/amory/doris/be/src/util/mysql_row_buffer.cpp:137:21
    #2 0x55a7a1f638eb in doris::MysqlRowBuffer<false>::push_string(char const*, long) /mnt/disk1/wangqiannan/amory/doris/be/src/util/mysql_row_buffer.cpp:473:5
    #3 0x55a7a1fd0d75 in doris::Status doris::vectorized::DataTypeStringSerDeBase<doris::vectorized::ColumnStr<unsigned int>>::_write_column_to_mysql<false>(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_string_serde.h:260:16
    #4 0x55a7a1fccc1e in doris::vectorized::DataTypeStringSerDeBase<doris::vectorized::ColumnStr<unsigned int>>::write_column_to_mysql(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_string_serde.h:215:16
    #5 0x55a7c2e97e6c in doris::vectorized::VMysqlResultWriter<false>::write(doris::RuntimeState*, doris::vectorized::Block&) /mnt/disk1/wangqiannan/amory/doris/be/src/vec/sink/vmysql_result_writer.cpp:216:17
    #6 0x55a7c8031b83 in doris::pipeline::ResultSinkOperatorX::sink(doris::RuntimeState*, doris::vectorized::Block*, bool) /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/exec/result_sink_operator.cpp:142:5
    #7 0x55a7c99a81d6 in doris::pipeline::PipelineTask::execute(bool*)::$_1::operator()() const /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/pipeline_task.cpp:361:38

Proposed changes

Issue Number: close #xxx

@doris-robot
Copy link

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR

Since 2024-03-18, the Document has been moved to doris-website.
See Doris Document.

@amorynan
Copy link
Contributor Author

run buildall

@amorynan
Copy link
Contributor Author

run buildall

Copy link
Contributor

clang-tidy review says "All clean, LGTM! 👍"

2 similar comments
Copy link
Contributor

clang-tidy review says "All clean, LGTM! 👍"

Copy link
Contributor

clang-tidy review says "All clean, LGTM! 👍"

@doris-robot
Copy link

TPC-H: Total hot run time: 40347 ms
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit a98e5014df23c6c7477ea7ac21f3a0ee4b320cdf, data reload: false

------ Round 1 ----------------------------------
q1	17614	4613	4309	4309
q2	2021	191	189	189
q3	10472	1362	1297	1297
q4	10385	854	891	854
q5	7587	2774	2837	2774
q6	227	136	141	136
q7	977	604	616	604
q8	9333	2151	2328	2151
q9	8829	6710	6606	6606
q10	8626	3799	3766	3766
q11	468	238	243	238
q12	407	221	217	217
q13	17769	2970	2988	2970
q14	280	229	225	225
q15	517	486	495	486
q16	505	391	376	376
q17	976	681	663	663
q18	8119	7511	7365	7365
q19	6107	1414	1419	1414
q20	678	314	322	314
q21	4853	3115	3252	3115
q22	359	278	284	278
Total cold run time: 117109 ms
Total hot run time: 40347 ms

----- Round 2, with runtime_filter_mode=off -----
q1	4389	4238	4207	4207
q2	382	270	268	268
q3	2973	2810	2755	2755
q4	1875	1586	1602	1586
q5	5259	5307	5345	5307
q6	217	130	129	129
q7	2125	1730	1668	1668
q8	3206	3394	3318	3318
q9	8469	8391	8425	8391
q10	3874	3721	3671	3671
q11	600	494	486	486
q12	784	597	633	597
q13	16717	2975	3005	2975
q14	317	281	277	277
q15	517	481	472	472
q16	481	417	418	417
q17	1775	1475	1483	1475
q18	7768	7571	7453	7453
q19	1666	1554	1577	1554
q20	1988	1776	1781	1776
q21	4918	4711	4781	4711
q22	600	510	496	496
Total cold run time: 70900 ms
Total hot run time: 53989 ms

@doris-robot
Copy link

TPC-DS: Total hot run time: 172786 ms
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit a98e5014df23c6c7477ea7ac21f3a0ee4b320cdf, data reload: false

query1	906	374	371	371
query2	6486	1858	1870	1858
query3	6679	208	219	208
query4	28148	17525	17435	17435
query5	4187	480	486	480
query6	280	161	167	161
query7	4609	290	280	280
query8	241	192	186	186
query9	8539	2386	2368	2368
query10	428	275	288	275
query11	11285	10105	10010	10010
query12	128	90	85	85
query13	1642	366	377	366
query14	10027	6985	7578	6985
query15	218	165	168	165
query16	7826	317	327	317
query17	1793	569	549	549
query18	1970	279	276	276
query19	201	153	158	153
query20	87	81	82	81
query21	208	131	132	131
query22	4248	4087	4020	4020
query23	33705	33081	33332	33081
query24	12013	2928	2860	2860
query25	687	387	400	387
query26	1809	153	148	148
query27	2989	270	274	270
query28	7786	2005	1993	1993
query29	1182	636	635	635
query30	287	151	148	148
query31	973	763	746	746
query32	98	54	56	54
query33	787	312	301	301
query34	963	488	479	479
query35	711	620	588	588
query36	1103	954	969	954
query37	296	89	86	86
query38	2862	2746	2762	2746
query39	860	793	802	793
query40	279	122	123	122
query41	47	47	47	47
query42	117	101	100	100
query43	515	448	466	448
query44	1237	741	724	724
query45	195	167	165	165
query46	1086	726	756	726
query47	1859	1788	1782	1782
query48	355	293	297	293
query49	1219	420	416	416
query50	802	402	400	400
query51	6942	6772	6809	6772
query52	105	93	96	93
query53	363	294	307	294
query54	1031	451	456	451
query55	76	74	78	74
query56	308	288	290	288
query57	1159	1035	1048	1035
query58	265	256	258	256
query59	2959	2789	2607	2607
query60	291	268	274	268
query61	93	94	114	94
query62	835	646	656	646
query63	329	289	289	289
query64	10435	2214	7420	2214
query65	3173	3106	3092	3092
query66	1384	336	329	329
query67	15767	15052	15065	15052
query68	8616	554	559	554
query69	712	432	335	335
query70	1232	1150	1160	1150
query71	537	275	312	275
query72	9138	5951	5417	5417
query73	906	342	330	330
query74	6231	5726	5603	5603
query75	5177	2648	2647	2647
query76	5079	948	879	879
query77	755	303	298	298
query78	11638	9604	8913	8913
query79	12697	561	538	538
query80	913	516	490	490
query81	595	224	216	216
query82	588	137	133	133
query83	338	178	168	168
query84	280	86	88	86
query85	971	304	303	303
query86	403	325	338	325
query87	3305	3089	3128	3089
query88	4840	2401	2412	2401
query89	518	388	390	388
query90	2112	204	196	196
query91	167	100	101	100
query92	69	51	51	51
query93	5875	511	513	511
query94	1354	216	218	216
query95	418	325	324	324
query96	626	272	273	272
query97	3178	3007	3054	3007
query98	223	198	193	193
query99	1559	1272	1280	1272
Total cold run time: 313523 ms
Total hot run time: 172786 ms

@doris-robot
Copy link

ClickBench: Total hot run time: 30.64 s
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit a98e5014df23c6c7477ea7ac21f3a0ee4b320cdf, data reload: false

query1	0.03	0.04	0.04
query2	0.08	0.04	0.04
query3	0.22	0.05	0.05
query4	1.66	0.07	0.08
query5	0.51	0.50	0.49
query6	1.15	0.73	0.72
query7	0.02	0.02	0.01
query8	0.04	0.04	0.04
query9	0.55	0.50	0.47
query10	0.53	0.56	0.53
query11	0.16	0.11	0.11
query12	0.15	0.13	0.13
query13	0.59	0.58	0.59
query14	0.75	0.80	0.77
query15	0.86	0.82	0.82
query16	0.36	0.36	0.37
query17	1.03	1.01	0.95
query18	0.23	0.22	0.22
query19	1.81	1.70	1.65
query20	0.01	0.01	0.01
query21	15.40	0.76	0.67
query22	4.34	6.55	2.04
query23	18.27	1.39	1.31
query24	2.07	0.26	0.21
query25	0.16	0.08	0.08
query26	0.30	0.21	0.21
query27	0.45	0.23	0.23
query28	13.30	1.02	1.00
query29	12.58	3.36	3.29
query30	0.25	0.06	0.05
query31	2.87	0.39	0.39
query32	3.26	0.47	0.47
query33	2.87	2.87	2.89
query34	17.08	4.32	4.38
query35	4.36	4.40	4.44
query36	0.65	0.47	0.51
query37	0.19	0.16	0.16
query38	0.16	0.14	0.16
query39	0.04	0.04	0.03
query40	0.15	0.12	0.12
query41	0.09	0.04	0.05
query42	0.05	0.04	0.04
query43	0.04	0.04	0.04
Total cold run time: 109.67 s
Total hot run time: 30.64 s

@yiguolei yiguolei added the p0_c label Jul 16, 2024
@amorynan
Copy link
Contributor Author

run buildall

Copy link
Contributor

clang-tidy review says "All clean, LGTM! 👍"

@doris-robot
Copy link

TPC-H: Total hot run time: 39932 ms
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit b801ce1e90400a3b81c89954f75567f8521b5d67, data reload: false

------ Round 1 ----------------------------------
q1	17610	4391	4366	4366
q2	2014	193	199	193
q3	10436	1160	1103	1103
q4	10193	870	763	763
q5	7543	2678	2657	2657
q6	219	137	139	137
q7	954	607	606	606
q8	9209	2028	2077	2028
q9	8832	6534	6499	6499
q10	8778	3788	3800	3788
q11	449	241	251	241
q12	400	231	239	231
q13	17781	3024	3016	3016
q14	277	241	246	241
q15	549	485	487	485
q16	491	389	383	383
q17	957	647	677	647
q18	7995	7478	7434	7434
q19	6573	1402	1338	1338
q20	645	334	325	325
q21	4898	3171	3292	3171
q22	339	283	280	280
Total cold run time: 117142 ms
Total hot run time: 39932 ms

----- Round 2, with runtime_filter_mode=off -----
q1	4409	4260	4239	4239
q2	372	272	268	268
q3	3013	2807	2869	2807
q4	2009	1709	1724	1709
q5	5687	5514	5483	5483
q6	226	140	137	137
q7	2213	1893	1881	1881
q8	3253	3394	3424	3394
q9	8730	8719	8933	8719
q10	4055	3931	3795	3795
q11	584	522	515	515
q12	858	674	626	626
q13	16381	3210	3136	3136
q14	318	305	291	291
q15	532	486	491	486
q16	507	446	427	427
q17	1834	1536	1505	1505
q18	8133	7932	7802	7802
q19	1754	1622	1610	1610
q20	2460	1891	1877	1877
q21	8307	4765	4562	4562
q22	600	516	502	502
Total cold run time: 76235 ms
Total hot run time: 55771 ms

@doris-robot
Copy link

TPC-DS: Total hot run time: 175012 ms
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit b801ce1e90400a3b81c89954f75567f8521b5d67, data reload: false

query1	915	391	368	368
query2	6453	1860	1847	1847
query3	6638	212	220	212
query4	25833	17105	17194	17105
query5	3690	500	493	493
query6	271	179	164	164
query7	4602	302	289	289
query8	249	197	206	197
query9	8560	2420	2393	2393
query10	436	293	288	288
query11	10615	10098	9965	9965
query12	119	97	85	85
query13	1641	377	370	370
query14	9872	6494	7922	6494
query15	210	166	163	163
query16	7726	322	309	309
query17	1792	565	524	524
query18	1941	278	274	274
query19	200	152	155	152
query20	93	84	82	82
query21	216	142	131	131
query22	4372	4172	3965	3965
query23	33863	33758	33560	33560
query24	10684	2957	2961	2957
query25	602	404	396	396
query26	703	159	152	152
query27	2177	279	284	279
query28	5987	2066	2060	2060
query29	885	653	617	617
query30	251	161	152	152
query31	967	763	730	730
query32	100	55	56	55
query33	653	300	307	300
query34	903	513	521	513
query35	674	586	589	586
query36	1114	973	975	973
query37	149	89	89	89
query38	3002	2971	2802	2802
query39	885	851	848	848
query40	212	128	127	127
query41	48	48	43	43
query42	118	102	105	102
query43	476	468	460	460
query44	1071	727	766	727
query45	196	161	159	159
query46	1098	755	754	754
query47	1847	1791	1752	1752
query48	360	290	289	289
query49	824	406	423	406
query50	789	396	420	396
query51	6884	6870	6754	6754
query52	102	90	95	90
query53	360	289	295	289
query54	864	448	447	447
query55	76	74	74	74
query56	285	259	277	259
query57	1129	1064	1051	1051
query58	265	245	253	245
query59	2798	2497	2456	2456
query60	296	277	284	277
query61	95	92	93	92
query62	802	647	650	647
query63	321	288	290	288
query64	9203	2220	1657	1657
query65	3146	3084	3092	3084
query66	753	328	329	328
query67	15341	15003	14788	14788
query68	4536	551	553	551
query69	665	448	352	352
query70	1177	1125	1154	1125
query71	392	287	295	287
query72	7675	6088	5932	5932
query73	748	333	330	330
query74	6072	5652	5656	5652
query75	3371	2672	2733	2672
query76	2681	949	889	889
query77	623	313	320	313
query78	9645	11941	11701	11701
query79	1268	545	528	528
query80	823	503	537	503
query81	591	217	222	217
query82	296	136	137	136
query83	259	167	168	167
query84	236	86	85	85
query85	679	310	303	303
query86	464	320	305	305
query87	3260	3094	3124	3094
query88	3411	2382	2389	2382
query89	461	387	386	386
query90	1700	194	199	194
query91	129	98	105	98
query92	59	50	52	50
query93	1003	516	506	506
query94	1036	215	218	215
query95	408	320	326	320
query96	595	275	280	275
query97	3206	3020	3051	3020
query98	226	207	209	207
query99	1509	1237	1252	1237
Total cold run time: 269006 ms
Total hot run time: 175012 ms

@doris-robot
Copy link

ClickBench: Total hot run time: 31.11 s
machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit b801ce1e90400a3b81c89954f75567f8521b5d67, data reload: false

query1	0.04	0.04	0.03
query2	0.08	0.04	0.04
query3	0.22	0.06	0.06
query4	1.68	0.09	0.08
query5	0.50	0.50	0.49
query6	1.14	0.73	0.73
query7	0.02	0.02	0.01
query8	0.05	0.04	0.05
query9	0.55	0.48	0.48
query10	0.53	0.53	0.53
query11	0.15	0.12	0.11
query12	0.14	0.12	0.12
query13	0.59	0.59	0.59
query14	0.75	0.82	0.76
query15	0.85	0.81	0.81
query16	0.35	0.36	0.36
query17	0.99	1.03	0.96
query18	0.24	0.23	0.23
query19	1.76	1.75	1.67
query20	0.01	0.00	0.00
query21	15.39	0.74	0.65
query22	4.18	7.04	2.35
query23	18.31	1.38	1.36
query24	2.09	0.25	0.22
query25	0.15	0.09	0.08
query26	0.31	0.21	0.22
query27	0.46	0.23	0.23
query28	13.25	1.01	1.00
query29	12.61	3.29	3.32
query30	0.25	0.07	0.05
query31	2.87	0.40	0.39
query32	3.25	0.47	0.48
query33	2.92	2.86	2.94
query34	17.00	4.35	4.38
query35	4.47	4.43	4.44
query36	0.66	0.47	0.48
query37	0.19	0.16	0.15
query38	0.16	0.15	0.15
query39	0.05	0.03	0.04
query40	0.15	0.13	0.12
query41	0.10	0.06	0.05
query42	0.06	0.06	0.06
query43	0.05	0.04	0.04
Total cold run time: 109.57 s
Total hot run time: 31.11 s

Copy link
Member

@eldenmoon eldenmoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@github-actions github-actions bot added the approved Indicates a PR has been approved by one committer. label Jul 17, 2024
Copy link
Contributor

PR approved by at least one committer and no changes requested.

Copy link
Contributor

PR approved by anyone and no changes requested.

Copy link
Contributor

@xiaokang xiaokang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yiguolei yiguolei merged commit da78c26 into apache:master Jul 18, 2024
27 of 31 checks passed
dataroaring pushed a commit that referenced this pull request Jul 19, 2024
…out range of _buf (#37936)

if we select nested type such as map/array/struct after large string ,
when string type in mysql_row_buf reserve make buffer size is not large
enough , which will lead nested type open_dynamic_mode make _pos pointer
out range of mysql_row_buf, then nested type call push_string, and
reserve() will make heap_buffer_overflow
```
==200769==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d0051c12ba at pc 0x55a77788692d bp 0x7fb52f474a30 sp 0x7fb52f4741f8
READ of size 36541 at 0x62d0051c12ba thread T2309 (Pipe_normal [wo)
    #0 0x55a77788692c in __asan_memcpy (/mnt/disk1/wangqiannan/amory/doris/output/be/lib/doris_be+0x60c1c92c) (BuildId: 4513940b6b9e22fa)
    #1 0x55a7a1f622fa in doris::MysqlRowBuffer<false>::reserve(long) /mnt/disk1/wangqiannan/amory/doris/be/src/util/mysql_row_buffer.cpp:140:5
    #2 0x55a7a1f638eb in doris::MysqlRowBuffer<false>::push_string(char const*, long) /mnt/disk1/wangqiannan/amory/doris/be/src/util/mysql_row_buffer.cpp:473:5
    #3 0x55a7a21f16eb in doris::Status doris::vectorized::DataTypeMapSerDe::_write_column_to_mysql<false>(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_map_serde.cpp:410:21
    #4 0x55a7a21e4c1e in doris::vectorized::DataTypeMapSerDe::write_column_to_mysql(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_map_serde.cpp:478:12
    #5 0x55a7a22070e6 in doris::Status doris::vectorized::DataTypeNullableSerDe::_write_column_to_mysql<false>(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_nullable_serde.cpp:300:9
    #6 0x55a7a21fbc5e in doris::vectorized::DataTypeNullableSerDe::write_column_to_mysql(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_nullable_serde.cpp:317:12
    #7 0x55a7c2e97e6c in doris::vectorized::VMysqlResultWriter<false>::write(doris::RuntimeState*, doris::vectorized::Block&) /mnt/disk1/wangqiannan/amory/doris/be/src/vec/sink/vmysql_result_writer.cpp:216:17
    #8 0x55a7c8031b83 in doris::pipeline::ResultSinkOperatorX::sink(doris::RuntimeState*, doris::vectorized::Block*, bool) /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/exec/result_sink_operator.cpp:142:5
    #9 0x55a7c99a81d6 in doris::pipeline::PipelineTask::execute(bool*)::$_1::operator()() const /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/pipeline_task.cpp:361:38
    #10 0x55a7c99a4b27 in doris::pipeline::PipelineTask::execute(bool*) /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/pipeline_task.cpp:364:22
    #11 0x55a7c9a23a2b in doris::pipeline::TaskScheduler::_do_work(unsigned long) /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/task_scheduler.cpp:138:9
    #12 0x55a7c9a269ca in doris::pipeline::TaskScheduler::start()::$_0::operator()() const /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/task_scheduler.cpp:64:9
    #13 0x55a7c9a2694e in void std::__invoke_impl<void, doris::pipeline::TaskScheduler::start()::$_0&>(std::__invoke_other, doris::pipeline::TaskScheduler::start()::$_0&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14
    #14 0x55a7c9a268ae in std::enable_if<is_invocable_r_v<void, doris::pipeline::TaskScheduler::start()::$_0&>, void>::type std::__invoke_r<void, doris::pipeline::TaskScheduler::start()::$_0&>(doris::pipeline::TaskScheduler::start()::$_0&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:111:2
    #15 0x55a7c9a26635 in std::_Function_handler<void (), doris::pipeline::TaskScheduler::start()::$_0>::_M_invoke(std::_Any_data const&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9
    #16 0x55a777b226da in std::function<void ()>::operator()() const /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9
    #17 0x55a77e95ec94 in doris::FunctionRunnable::run() /mnt/disk1/wangqiannan/amory/doris/be/src/util/threadpool.cpp:48:27
    #18 0x55a77e941015 in doris::ThreadPool::dispatch_thread() /mnt/disk1/wangqiannan/amory/doris/be/src/util/threadpool.cpp:543:24
    #19 0x55a77e97eb23 in void std::__invoke_impl<void, void (doris::ThreadPool::*&)(), doris::ThreadPool*&>(std::__invoke_memfun_deref, void (doris::ThreadPool::*&)(), doris::ThreadPool*&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:74:14
    #20 0x55a77e97e928 in std::__invoke_result<void (doris::ThreadPool::*&)(), doris::ThreadPool*&>::type std::__invoke<void (doris::ThreadPool::*&)(), doris::ThreadPool*&>(void (doris::ThreadPool::*&)(), doris::ThreadPool*&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:96:14
    #21 0x55a77e97e860 in void std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>::__call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:420:11
    #22 0x55a77e97e655 in void std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>::operator()<void>() /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/functional:503:17
    #23 0x55a77e97e54e in void std::__invoke_impl<void, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>(std::__invoke_other, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:61:14
    #24 0x55a77e97e48e in std::enable_if<is_invocable_r_v<void, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>, void>::type std::__invoke_r<void, std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&>(std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/invoke.h:111:2
    #25 0x55a77e97dd85 in std::_Function_handler<void (), std::_Bind<void (doris::ThreadPool::* (doris::ThreadPool*))()>>::_M_invoke(std::_Any_data const&) /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:291:9
    #26 0x55a777b226da in std::function<void ()>::operator()() const /mnt/disk1/wangqiannan/tool/ldb_toolchain_16/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/std_function.h:560:9
    #27 0x55a77e8fb841 in doris::Thread::supervise_thread(void*) /mnt/disk1/wangqiannan/amory/doris/be/src/util/thread.cpp:498:5
    #28 0x7fc1c3a111c9 in start_thread (/lib64/libpthread.so.0+0x81c9) (BuildId: 823fccea3475e5870a4167dfe47df20e53222db0)
    #29 0x7fc1c4400e72 in clone (/lib64/libc.so.6+0x39e72) (BuildId: ec3d7025354f1f1985831ff08ef0eb3b50aefbce)

0x62d0051c12ba is located 0 bytes after 36538-byte region [0x62d0051b8400,0x62d0051c12ba)
allocated by thread T2309 (Pipe_normal [wo) here:
    #0 0x55a7778c20bd in operator new[](unsigned long) (/mnt/disk1/wangqiannan/amory/doris/output/be/lib/doris_be+0x60c580bd) (BuildId: 4513940b6b9e22fa)
    #1 0x55a7a1f621c1 in doris::MysqlRowBuffer<false>::reserve(long) /mnt/disk1/wangqiannan/amory/doris/be/src/util/mysql_row_buffer.cpp:137:21
    #2 0x55a7a1f638eb in doris::MysqlRowBuffer<false>::push_string(char const*, long) /mnt/disk1/wangqiannan/amory/doris/be/src/util/mysql_row_buffer.cpp:473:5
    #3 0x55a7a1fd0d75 in doris::Status doris::vectorized::DataTypeStringSerDeBase<doris::vectorized::ColumnStr<unsigned int>>::_write_column_to_mysql<false>(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_string_serde.h:260:16
    #4 0x55a7a1fccc1e in doris::vectorized::DataTypeStringSerDeBase<doris::vectorized::ColumnStr<unsigned int>>::write_column_to_mysql(doris::vectorized::IColumn const&, doris::MysqlRowBuffer<false>&, int, bool, doris::vectorized::DataTypeSerDe::FormatOptions const&) const /mnt/disk1/wangqiannan/amory/doris/be/src/vec/data_types/serde/data_type_string_serde.h:215:16
    #5 0x55a7c2e97e6c in doris::vectorized::VMysqlResultWriter<false>::write(doris::RuntimeState*, doris::vectorized::Block&) /mnt/disk1/wangqiannan/amory/doris/be/src/vec/sink/vmysql_result_writer.cpp:216:17
    #6 0x55a7c8031b83 in doris::pipeline::ResultSinkOperatorX::sink(doris::RuntimeState*, doris::vectorized::Block*, bool) /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/exec/result_sink_operator.cpp:142:5
    #7 0x55a7c99a81d6 in doris::pipeline::PipelineTask::execute(bool*)::$_1::operator()() const /mnt/disk1/wangqiannan/amory/doris/be/src/pipeline/pipeline_task.cpp:361:38
```

## Proposed changes

Issue Number: close #xxx

<!--Describe your changes.-->
yiguolei pushed a commit that referenced this pull request Jul 19, 2024
## Proposed changes
backport: #37936
Issue Number: close #xxx

<!--Describe your changes.-->
@xiaokang xiaokang added the doing label Jul 24, 2024
xiaokang pushed a commit that referenced this pull request Jul 28, 2024
mongo360 pushed a commit to mongo360/doris that referenced this pull request Aug 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants