Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-86887

Remove cross-stage use of SlotAccessor::copyOrMoveValue

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 8.0.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Query Execution
    • Fully Compatible

      Remove cross-stage use of SlotAccessor::copyOrMoveValue.

      copyOrMoveValue is unsafe when combined with loopy or unwindy stages and can lead to segfaults:

       

      slot_moving_stage // if this stage discard the value moved from scan stage, it will leave invalid view that will result in segfault
      nlj
        outer: 
          scan
        inner: 
          coscan
          limit 2

      buffering and keep the value in scope until EOF or child EOF is insufficient, and will segfault when combined with correlated variables:

       

      nlj
        outer:
          scan
        inner:
          slot_moving_stage // if this stage moves value from scan stage, and is closed, it will leave invalid view that will result in segfault
          coscan
          limit 2 

      Similar problem exists in PlanExecutor use of copyOrMoveValue. This optimization targets the mkObj + PlanExecutor combination, where we want to avoid making extra copy when converting result bsonObject into Document.

       

      Instead introduce a new SlotAccessor that is capable of interop with Document, like so:

      DocumentSlotAccessor : SlotAccessor {
        // get view 
        // etc.  Document getDocument() {
          if (!_document) {
            // move from slot to document. keep the view in slot.
          }
          return _document; // the slot is now also holding the refcount, so that the value does not go away prematurely.
        }
      }
      
      PlanExecutorSBE {
        getNext(Document* out) {
           if (_documentSlotAccessor) {
              *out = _documentSlotAccessor.getDocument();
           } else {
              do the copy
           }
        }
      } 

       

      This issue also causes segfault when combined with yielding that performs save/restore, as save may attempt to make a copy of a previously owned bsonObject that got moved and discarded.

       

            Assignee:
            anna.wawrzyniak@mongodb.com Anna Wawrzyniak
            Reporter:
            anna.wawrzyniak@mongodb.com Anna Wawrzyniak
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: