"We’ve fixed a number of bugs detected by UBsan and Asan."This is indeed true, I already noted many related bugs fixed in recent MySQL 8.0.4. But I think that a couple of details are missing in the blog post. First of all, there still a notable number of bugs detected by ASan or noted in builds with ASan that remain "Verified". Second, who actually found and reported these bugs?
I decided to do a quick search and present my summary to clarify these details. Let me start with the list of "Verified" or "Open" bugs in public MySQL bugs database, starting from the oldest one:
- Bug #69715 - "UBSAN: Item_func_mul::int_op() mishandles 9223372036854775809*-1". The oldest related "Verified" bug I found was reported back in 2013 by Arthur O'Dwyer. Shane Bester from Oracle kindly keeps checking it with recent and upcoming releases, so we know that even '9.0.0-dmr-ubsan' (built on 20 October 2017) was still affected.
- Bug #80309 - "some innodb tests fail with address sanitizer (WITH_ASAN)". It was reported by Richard Prohaska and remains "Verified" for more than two years already.
- Bug #80581 - "rpl_semi_sync_[non_]group_commit_deadlock crash on ASan, debug". This bug reported by Laurynas Biveinis from Percona two years ago is still "Verified".
- Bug #81674 - "LeakSanitizer-enabled build fails to bootstrap server for MTR". This bug reported by Laurynas Biveinis affects only MySQL 5.6, but still, why not to backport the fix from 5.7?
- Bug #82026 - "Stack buffer overflow with --ssl-cipher=<more than 4K characters>". Bug detected by ASan was noted by Yura Sorokin from Percona and reported by Laurynas Biveinis.
- Bug #82915 - "SIGKILL myself when using innodb_limit_optimistic_insert_debug=2 and drop table". ASan debug builds are affected. This bug was reported by Roel Van de Paar from Percona.
- Bug #85995 - "Server error exit due to empty datadir causes LeakSanitizer errors". This bug in MySQL 8.0.1 (that had to affect anyone who runs tests on ASan debug builds on a regular basis) was reported by Laurynas Biveinis and stay "Verified" for almost a year.
- Bug #87129 - "Unstable test main.basedir". This test problem reported by Laurynas Biveinis affects ASan builds, among others. See also his Bug #87190 - "Test main.group_by is unstable".
- Bug #87201 - "XCode 8.3.3+ -DWITH_UBSAN=ON bundled protobuf build error". Yet another (this time macOS-specific) bug found by Laurynas Biveinis.
- Bug #87295 - "Test group_replication.gr_single_primary_majority_loss_1 produces warnings". Potential bug in group replication noted by Laurynas Biveinis in ASan builds.
- Bug #87923 - "ASan reporting a memory leak on merge_large_tests-t". This bug by Laurynas Biveinis is still "Verified", while Tor Didriksen's comment states that it it resolved with the fix for Bug #87922 (that is closed as fixed in MySQL 8.0.4). Why not to close this one also?
- Bug #89438 - "LeakSanitizer errors on xplugin unit tests". As Laurynas Biveinis found, X Plugin unit tests report errors with LeakSanitizer.
- Bug #89439 - "LeakSanitizer errors on GCS unit tests". yet another bug report for MySQL 8.0.4 by Laurynas Biveinis.
- Bug #89961 - "add support for clang ubsan". This request was made by Tor Didriksen from Oracle. It is marked as "fixed in 8.0.12". It means we may get MySQL 8.0.11 released soon. That's why I decided to mention the bug here.
Personally I do not run builds or tests with ASan on a regular basis. I appreciate Oracle's efforts to make code warning-free, UBSan- and ASan-clean, and fix bugs found with ASan. But I'd also want them to process all/most of related bugs in public database properly before making announcements of new related achievement, and clearly admit and appreciate a lot of help and contribution from specific community members (mostly Laurynas Biveinis in this case).
Percona engineers seem to test ASan builds of MySQL 5.7 and 8.0 (or Percona's closely related versions) regularly, for years, and contribute back public bug reports. I suspect they found way more related bugs than internal Oracle's QA. I think we should explicitly thank them for this contribution that made MySQL better!
The modern compile-time instrumentation of GCC and clang should really belong to every C and C++ programmer’s toolchest: https://www.youtube.com/watch?v=lkgszkPnV8g
ReplyDeleteThere has been some related work in MariaDB as well. Memory poisoning was added to MariaDB 5.5 some time ago, and did already catch some minor bugs or implementation-defined behaviour. The code is present in the 10.0.34, 10.1.31, 10.2.13, and 10.3.5 releases. MariaDB also includes many contributed fixes for race conditions reported by ThreadSanitizer.
In MariaDB 10.2, I fixed many bugs in InnoDB startup and shutdown. I am aware of only one InnoDB memory leak in MariaDB 10.2: https://jira.mariadb.org/browse/MDEV-13818 (affecting MySQL 5.7 as well).
In MySQL 8.0, many InnoDB tests continue to leak memory; these leaks are only being ignored: https://github.com/mysql/mysql-server/commit/431607d1360cebe6c337ff7357f8e797ae23deb8
I think that every developer should compile code with the AddressSanitizer enabled and run tests while the environment variable ASAN_OPTIONS=abort_on_error=1 is set. It would also be useful to disable safemalloc and fix all leaks that are currently hidden by safemalloc.
Also UBSAN is very useful. Last year I fixed some InnoDB bugs with it. Some work would be needed in MariaDB to avoid false warnings. For example, uint4korr and friends are generating warnings for unaligned access even though it is fine on x86 and AMD64; maybe with UBSAN we should use the generic macros.