Bug#35221658 Prepared statement error

Daniel Blanchard · Daniel Blanchard · commit 920f373bcc15 · 2024-06-13T10:15:19.000+01:00
When an expression is used in the index clause of a CREATE TABLE
statement in a prepared statement the first execution of the prepared
statement will succeed, but a subsequent execution will encounter
an error. Similar errors also occur with expressions used in CREATE
INDEX and ALTER TABLE ADD INDEX statements.

A similar error is encountered when using expressions in the PARTITION
clauses of a CREATE TABLE statement in a prepared statement.

Likewise, these forms of CREATE TABLE, CREATE INDEX and ALTER TABLE
ADD INDEX statements cause errors when used in stored procedures.

The root cause of the issue is a mismatch of lifetimes of parse tree
objects used for the offending statements. When an offending statement
is initially parsed during the creation of a prepared statement the
parse tree objects are allocated in a MEM_ROOT whose lifetime is
associated with the lifetime of the prepared statement. When the
prepared statement is executed, the parse tree objects corresponding to
the index or partition expressions are allocated in a MEM_ROOT whose
lifetime is limited to the execution of the prepared statement.
Unfortunately, pointers to these expression parse tree objects are held
in the memory belonging to the first MEM_ROOT, so subsequent executions
of the prepared statement are attempted with parse tree structures that
hold pointers to invalid memory (i.e. pointers into the second MEM_ROOT
that was freed/invalidated at the end of the first execution).

A similar pattern of parse tree memory usage is present in stored
procedures that use the offending CREATE TABLE, CREATE INDEX and ALTER
TABLE CREATE INDEX statements.

To fix this issue, prepared statements and stored procedures using the
offending statements are now reprepared/reparsed prior to second and
subsequent executions so that memory access via pointers to
invalidated/freed memory is avoided. This is a short term fix: a longer
term fix will involve refactoring the initial preparation of the parse
trees for the offending statements so that they can be used in multiple
executions without having to reparse each time.

Change-Id: Ic1601a8b9bddc754f17d3df8e86bc1be3c01cd30
diff --git a/mysql-test/r/ps_ddl.result b/mysql-test/r/ps_ddl.result
@@ -1332,7 +1332,7 @@ alter table t1 drop column b;
 execute stmt;
 alter table t1 drop column b;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(3);
 SUCCESS
 
 drop table t1;
@@ -1818,7 +1818,7 @@ drop table t2;
 execute stmt;
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(2);
 SUCCESS
 
 execute stmt;
@@ -1828,13 +1828,13 @@ SUCCESS
 
 execute stmt;
 ERROR 42S01: Table 't2' already exists
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t2;
 create temporary table t2 (a int);
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 execute stmt;
@@ -1845,12 +1845,12 @@ SUCCESS
 drop temporary table t2;
 execute stmt;
 ERROR 42S01: Table 't2' already exists
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t2;
@@ -1862,7 +1862,7 @@ SUCCESS
 
 execute stmt;
 Got one of the listed errors
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop view t2;
@@ -1876,7 +1876,7 @@ select * from t2;
 x
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t2;
@@ -1889,7 +1889,7 @@ select * from t2;
 x	y
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t1;
@@ -1900,7 +1900,7 @@ prepare stmt from "create temporary table if not exists t2 as select * from t1";
 execute stmt;
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 execute stmt;
@@ -1915,7 +1915,7 @@ a
 execute stmt;
 Warnings:
 Note	1050	Table 't2' already exists
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 select * from t2;
@@ -1942,7 +1942,7 @@ SUCCESS
 execute stmt;
 Warnings:
 Note	1050	Table 't2' already exists
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t1;
@@ -1957,19 +1957,19 @@ SUCCESS
 
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t2;
 drop table t1;
 execute stmt;
 ERROR 42S02: Table 'test.t1' doesn't exist
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 execute stmt;
 ERROR 42S02: Table 'test.t1' doesn't exist
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 create table t1 (x char(17));
@@ -1979,7 +1979,7 @@ SUCCESS
 
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t2;
@@ -1992,7 +1992,7 @@ select * from t2;
 x	y
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 SUCCESS
 
 drop table t1;
@@ -2362,9 +2362,9 @@ drop table t1;
 deallocate prepare stmt;
 # Intermediate result: number of reprepares matches the number
 # of tests
-call p_verify_reprepare_count(17);
-ERROR
-Expected: 17, actual: 18
+call p_verify_reprepare_count(18);
+SUCCESS
+
 #
 # SQLCOM_ALTER_VIEW
 #
diff --git a/mysql-test/t/ps_ddl.test b/mysql-test/t/ps_ddl.test
@@ -1084,7 +1084,7 @@ execute stmt;
 
 alter table t1 drop column b;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(3);
 
 drop table t1;
 
@@ -1526,30 +1526,30 @@ drop table t2;
 execute stmt;
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(2);
 # Base table with name of table to be created exists
 --error ER_TABLE_EXISTS_ERROR
 execute stmt;
 call p_verify_reprepare_count(1);
 --error ER_TABLE_EXISTS_ERROR
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t2;
 # Temporary table with name of table to be created exists
 create temporary table t2 (a int);
 # Temporary table and base table are not in the same name space.
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 --error ER_TABLE_EXISTS_ERROR
 execute stmt;
 call p_verify_reprepare_count(1);
 drop temporary table t2;
 --error ER_TABLE_EXISTS_ERROR
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t2;
 # View with name of table to be created exists
 # Attention:
@@ -1564,7 +1564,7 @@ execute stmt;
 call p_verify_reprepare_count(1);
 --error ER_TABLE_EXISTS_ERROR,9999
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop view t2;
 drop table t1;
 # Table to be used recreated (drop,create) with different layout
@@ -1574,7 +1574,7 @@ call p_verify_reprepare_count(1);
 select * from t2;
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t2;
 # Table to be used has a modified (alter table) layout
 alter table t1 add column y decimal(10,3);
@@ -1583,7 +1583,7 @@ call p_verify_reprepare_count(1);
 select * from t2;
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t1;
 deallocate prepare stmt;
 create table t1 (a int);
@@ -1592,12 +1592,12 @@ prepare stmt from "create temporary table if not exists t2 as select * from t1";
 execute stmt;
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 execute stmt;
 call p_verify_reprepare_count(1);
 select * from t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 select * from t2;
 drop table t2;
 create temporary table t2 (a varchar(10));
@@ -1609,7 +1609,7 @@ create table t1 (x int);
 execute stmt;
 call p_verify_reprepare_count(1);
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t1;
 drop temporary table t2;
 drop table t2;
@@ -1621,23 +1621,23 @@ execute stmt;
 call p_verify_reprepare_count(0);
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t2;
 # Table to be used does not exist
 drop table t1;
 --error ER_NO_SUCH_TABLE
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 --error ER_NO_SUCH_TABLE
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 # Table to be used recreated (drop,create) with different layout
 create table t1 (x char(17));
 execute stmt;
 call p_verify_reprepare_count(1);
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t2;
 # Table to be used has a modified (alter table) layout
 alter table t1 add column y time;
@@ -1646,7 +1646,7 @@ call p_verify_reprepare_count(1);
 select * from t2;
 drop table t2;
 execute stmt;
-call p_verify_reprepare_count(0);
+call p_verify_reprepare_count(1);
 drop table t1;
 drop table t2;
 deallocate prepare stmt;
@@ -2057,7 +2057,7 @@ drop table t1;
 deallocate prepare stmt;
 --echo # Intermediate result: number of reprepares matches the number
 --echo # of tests
-call p_verify_reprepare_count(17);
+call p_verify_reprepare_count(18);
 
 --echo #
 --echo # SQLCOM_ALTER_VIEW
diff --git a/sql/sp_instr.cc b/sql/sp_instr.cc
@@ -704,7 +704,11 @@ bool sp_lex_instr::validate_lex_and_execute_core(THD *thd, uint *nextp,
 
   while (true) {
     DBUG_EXECUTE_IF("simulate_bug18831513", { invalidate(); });
-    if (is_invalid() || (m_lex->has_udf() && !m_first_execution)) {
+    if (is_invalid() ||
+        (!m_first_execution &&
+         (m_lex->has_udf() ||
+          (m_lex->m_sql_cmd != nullptr &&
+           m_lex->m_sql_cmd->reprepare_on_execute_required())))) {
       free_lex();
       LEX *lex = parse_expr(thd, thd->sp_runtime_ctx->sp);
 
diff --git a/sql/sql_alter.cc b/sql/sql_alter.cc
@@ -356,6 +356,18 @@ bool Sql_cmd_alter_table::execute(THD *thd) {
   return result;
 }
 
+bool Sql_cmd_alter_table::reprepare_on_execute_required() const {
+  // Expressions in key and partition clauses end up with being allocated on
+  // differing (incompatible) MEM_ROOTs and thus need to be reprepared. The
+  // incompatibility arises in the case of prepared statements as a parse tree
+  // MEM_ROOT whose lifetime is associated with the lifetime of the prepared
+  // statement ends up containing pointers to parse tree objects that have been
+  // allocated from a MEM_ROOT with a lifetime of the prepared statement's
+  // execution. It's benign (though wasteful) to reprepare other alter table
+  // statements as well.
+  return true;
+}
+
 bool Sql_cmd_discard_import_tablespace::execute(THD *thd) {
   /* Verify that exactly one of the DISCARD and IMPORT flags are set. */
   assert((m_alter_info->flags & Alter_info::ALTER_DISCARD_TABLESPACE) ^
diff --git a/sql/sql_alter.h b/sql/sql_alter.h
@@ -618,6 +618,7 @@ class Sql_cmd_alter_table : public Sql_cmd_common_alter_table {
   using Sql_cmd_common_alter_table::Sql_cmd_common_alter_table;
 
   bool execute(THD *thd) override;
+  bool reprepare_on_execute_required() const override;
 };
 
 /**
diff --git a/sql/sql_cmd.h b/sql/sql_cmd.h
@@ -115,6 +115,14 @@ class Sql_cmd {
   */
   virtual bool execute(THD *thd) = 0;
 
+  /**
+    Some SQL commands currently require re-preparation on re-execution of a
+    prepared statement or stored procedure. For example, a CREATE TABLE command
+    containing an index expression.
+    @return true if re-preparation is required, false otherwise.
+  */
+  virtual bool reprepare_on_execute_required() const { return false; }
+
   /**
     Command-specific reinitialization before execution of prepared statement
 
diff --git a/sql/sql_cmd_ddl_table.cc b/sql/sql_cmd_ddl_table.cc
@@ -462,6 +462,18 @@ bool Sql_cmd_create_table::execute(THD *thd) {
   return res;
 }
 
+bool Sql_cmd_create_table::reprepare_on_execute_required() const {
+  // Expressions in key and partition clauses end up with being allocated on
+  // differing (incompatible) MEM_ROOTs and thus need to be reprepared. The
+  // incompatibility arises in the case of prepared statements as a parse tree
+  // MEM_ROOT whose lifetime is associated with the lifetime of the prepared
+  // statement ends up containing pointers to parse tree objects that have been
+  // allocated from a MEM_ROOT with a lifetime of the prepared statement's
+  // execution. It's benign (though wasteful) to reprepare other create table
+  // statements as well.
+  return true;
+}
+
 const MYSQL_LEX_CSTRING *
 Sql_cmd_create_table::eligible_secondary_storage_engine() const {
   // Now check if the opened tables are available in a secondary
@@ -547,6 +559,18 @@ bool Sql_cmd_create_or_drop_index_base::execute(THD *thd) {
   return res;
 }
 
+bool Sql_cmd_create_index::reprepare_on_execute_required() const {
+  // Expressions in index/key clauses end up with being allocated on
+  // differing (incompatible) MEM_ROOTs and thus need to be reprepared.
+  // The incompatibility arises in the case of prepared statements as a parse
+  // tree MEM_ROOT whose lifetime is associated with the lifetime of the
+  // prepared statement ends up containing pointers to parse tree objects that
+  // have been allocated from a MEM_ROOT with a lifetime of the prepared
+  // statement's execution. It's benign (though wasteful) to reprepare other
+  // create index statements as well.
+  return true;
+}
+
 bool Sql_cmd_cache_index::execute(THD *thd) {
   Table_ref *const first_table = thd->lex->query_block->get_table_list();
   if (check_table_access(thd, INDEX_ACL, first_table, true, UINT_MAX, false))
diff --git a/sql/sql_cmd_ddl_table.h b/sql/sql_cmd_ddl_table.h
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
diff --git a/sql/sql_prepare.h b/sql/sql_prepare.h
