Closed Bug 442668 Opened 16 years ago Closed 16 years ago

gcc optimization trigger data corruption in sqlite3

Categories

(Toolkit :: Storage, defect)

Product:
Toolkit
Component:
Storage
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.1b1

People

(Reporter: ynvich, Unassigned)

References

(
URL
)

Details

Attachments

(3 files)

test case database
33.00 KB, application/octet-stream
Details
test case program
2.60 KB, text/plain
Details
proposed fix
1.01 KB, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061513 Firefox/3.0
Build Identifier: 3.0 branch after sqlite 3.5.9

Mozilla's version of libsqlite3.so is failing the attached test case.

Reproducible: Always

Steps to Reproduce:
1. Place attached tkt3194.c & tkt3194.sqlite into db/sqlite3/src
2.  gcc -L $OBJDIR/dist/bin -lsqlite3 -Wl,-rpath,$OBJDIR/dist/bin -o tkt3194 tkt3194.c
3. ./tkt3194 tkt3194.sqlite

Actual Results:  
tkt3194.sqlite
param count: 3
column count: 7
is expired: 0
result: 0.000000


Expected Results:  
tkt3194.sqlite
param count: 3
column count: 7
is expired: 0
result: 48000.000000


This only happens with Mozilla's version. Both system (Debian/unstable) and sqlite3 default builds are working normally.
Attached file test case database 

    
    

    
  

      
      
      
      

        Attached file
          
        test case program
      

    


  

    
    

    
  
We'll wait for sqlite to fix this bug.  Our configuration is in fact supported by the sqlite folks.
Status: UNCONFIRMED → NEW
Ever confirmed: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        proposed fixSplinter Review
      

    


  
The bug appears when libsqlite3.so is compiled by late gcc-4.2 or gcc-4.3 compilers. The original code is using an unreliable isnan() check, which fails when its argument is preserved in FPU after a previous operation.

This patch ensures data round-trip to RAM, so that any extra bits are truncated.

This patch is made against 3.5.9 and valid for 1.9.0.x branch. Trunk may or may not need a similar correction.

        Attachment #329840 -
        Flags: review?(sdwilsh)

    
    

    
  
Our normal approach here is to get a new build from the sqlite folks.  Did this fix make 3.6.0?

    
    

    
  
Yes.  The suggested patch from Sergey is in SQLite 3.6.0.
Depends on: 445402
Depends on: 445042
No longer depends on: 445402

    
    

    
  
It is landed in sqlite check-in 5396. The bug can result in severe data corruption (see sqlite ticket 3202 for more details), so an exception may make sense for this bug.
Summary: sqlite3 aggregate functions are broken in Mozilla → gcc optimization trigger data corruption in sqlite3

    
    

    
  
Comment on attachment 329840 [details] [diff] [review]
proposed fix

we'll get this fixed when we upgrade then

        Attachment #329840 -
        Flags: review?(sdwilsh)

    
    

    
  
(In reply to comment #7)
> It is landed in sqlite check-in 5396. The bug can result in severe data
> corruption (see sqlite ticket 3202 for more details), so an exception may make
> sense for this bug.
Drivers have been pretty clear about only taking versions of sqlite from the sqlite folks.  We may need to get a custom build for 1.9.0, but I suspect we may backport 3.6.0 if it looks good.

    
    

    
  
Either way it is going to be fixed (by taking attachment 329840 [details] [diff] [review] or by upgrading to 3.6.0), this is probably worth to be shipped in 1.9.0.2, so nominating as blocker.

As a side note, 3.6.0 is going to prohibit gcc floating point optimization (-ffast-math), so it has a chance to be declined on performance reasons as 3.5.9 was.
Flags: blocking1.9.0.2?
No longer depends on: 445042
Depends on: 449443

    
    

    
  
Not blocking unless I hear a good reason why from sdwilsh.
Flags: blocking1.9.0.2? → blocking1.9.0.2-

    
    

    
  
(In reply to comment #11)
> Not blocking unless I hear a good reason why from sdwilsh.

As things stand now, if any floating point operation inside sqlite should produce a result that is not a whole number, it produces NULL instead.

Isn't this a *perfect* reason?!

    
    

    
  
(In reply to comment #12)
> As things stand now, if any floating point operation inside sqlite should
> produce a result that is not a whole number, it produces NULL instead.
> 
> Isn't this a *perfect* reason?!
Demonstrate real situations that come up frequently for this, and maybe.  Until then, that argument alone is not going to convince drivers to take this on a stability branch.

    
    

    
  
(In reply to comment #13)
> Demonstrate real situations that come up frequently for this, and maybe.

I am not sure how sqlite is used behind the Mozilla hood. Of what I've heard, awesomebar fresency could be such a situation, if it is calculated inside sqlite and can be a non-whole number.

And any extension using mozIStorage* family is also affected.

    
    

    
  
Fixed by the sqlite upgrade on mozilla-central.  I've nominated that for branch as well.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.1b1

    
    

    
  
nevermind - sqlite got backed out
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  
sqlite upgrade stuck this time.  Resolving as FIXED.
Status: REOPENED → RESOLVED
Closed: 16 years ago16 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: