Bug#22810883: ASSERTION FAILED: !(USED_TABS & (~READ_TABLES & ~FILTER_FOR_TABLE))

If the generation expression of an indexed generated column contains
an AND or OR expression, the optimizer may choose that index too often
and create execution plans that give wrong results.

The problem is that Item_cond::eq() does not inspect the arguments of
the AND or OR expression. It inspects the "args" member, but it is
always empty for Item_cond objects. They instead keep their arguments
in the member "list".

The result is that it always considers two AND expressions as equal.
Similarly, it always considers two OR expressions as equal. Because of
this, the optimizer may choose to replace an AND or OR expression, for
example in a WHERE clause, with a generated column that is not
equivalent to the replaced expression.

The fix is to change Item_cond::eq() to inspect the "list" member
instead of the "args" member.

Author: kahatlen

mysql-test/suite/gcol/inc/gcol_keys.inc

@@ -732,6 +732,13 @@ SELECT a FROM t WHERE (NOT a) = 1;
 EXPLAIN SELECT a FROM t WHERE (CASE WHEN (a AND b) THEN a ELSE b END) = 1;
 --sorted_result
 SELECT a FROM t WHERE (CASE WHEN (a AND b) THEN a ELSE b END) = 1;
+# The expression must be exactly the same as the generated expression.
+# (b AND a) is not recognized as equivalent to (a AND b).
+EXPLAIN SELECT a, b FROM t WHERE 1 = (b AND a);
+SELECT a, b FROM t WHERE 1 = (b AND a);
+--sorted_result
+EXPLAIN SELECT a, b FROM t WHERE 1 = (b OR a);
+SELECT a, b FROM t WHERE 1 = (b OR a);
 DROP TABLE t;
 
 --echo #
@@ -808,4 +815,25 @@ ALTER TABLE c1 drop vc2;
 ALTER TABLE c1 ADD vc4 INT(11);
 DROP TABLE c1;
 } 
+
+--echo #
+--echo # Bug#22810883: ASSERTION FAILED:
+--echo #               !(USED_TABS & (~READ_TABLES & ~FILTER_FOR_TABLE))
+--echo #
+CREATE TABLE t1 (a1 INTEGER GENERATED ALWAYS AS (1 AND 0) STORED,
+                 a2 INTEGER, KEY (a1));
+INSERT INTO t1 VALUES ();
+CREATE TABLE t2 (b INTEGER);
+INSERT INTO t2 VALUES (1);
+ANALYZE TABLE t1, t2;
+--echo # Used to choose the index on a1 and get wrong results.
+--let $query= SELECT * FROM t1 WHERE (a2 AND a2) = 0
+--eval EXPLAIN $query
+--eval $query
+--echo # Used to get assertion or wrong results.
+--let $query= SELECT * FROM t1 STRAIGHT_JOIN t2 ON b WHERE (b AND b) = 1
+--eval EXPLAIN $query
+--eval $query
+DROP TABLE t1, t2;
+
 --echo #

mysql-test/suite/gcol/r/gcol_keys_innodb.result

@@ -1317,6 +1317,24 @@ SELECT a FROM t WHERE (CASE WHEN (a AND b) THEN a ELSE b END) = 1;
 a
 0
 1
+EXPLAIN SELECT a, b FROM t WHERE 1 = (b AND a);
+id	select_type	table	partitions	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	SIMPLE	t	NULL	ALL	NULL	NULL	NULL	NULL	4	100.00	Using where
+Warnings:
+Note	1003	/* select#1 */ select `test`.`t`.`a` AS `a`,`test`.`t`.`b` AS `b` from `test`.`t` where (1 = (`test`.`t`.`b` and `test`.`t`.`a`))
+SELECT a, b FROM t WHERE 1 = (b AND a);
+a	b
+1	1
+EXPLAIN SELECT a, b FROM t WHERE 1 = (b OR a);
+id	select_type	table	partitions	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	SIMPLE	t	NULL	ALL	NULL	NULL	NULL	NULL	4	100.00	Using where
+Note	1003	/* select#1 */ select `test`.`t`.`a` AS `a`,`test`.`t`.`b` AS `b` from `test`.`t` where (1 = (`test`.`t`.`b` or `test`.`t`.`a`))
+Warnings:
+SELECT a, b FROM t WHERE 1 = (b OR a);
+a	b
+0	1
+1	0
+1	1
 DROP TABLE t;
 #
 # Bug#21854241: QUERY USING JSON_EXTRACT() RETURNS WRONG RESULT
@@ -1459,6 +1477,38 @@ ALTER TABLE c1 drop vc2;
 ALTER TABLE c1 ADD vc4 INT(11);
 DROP TABLE c1;
 #
+# Bug#22810883: ASSERTION FAILED:
+#               !(USED_TABS & (~READ_TABLES & ~FILTER_FOR_TABLE))
+#
+CREATE TABLE t1 (a1 INTEGER GENERATED ALWAYS AS (1 AND 0) STORED,
+a2 INTEGER, KEY (a1));
+INSERT INTO t1 VALUES ();
+CREATE TABLE t2 (b INTEGER);
+INSERT INTO t2 VALUES (1);
+ANALYZE TABLE t1, t2;
+Table	Op	Msg_type	Msg_text
+test.t1	analyze	status	OK
+test.t2	analyze	status	OK
+# Used to choose the index on a1 and get wrong results.
+EXPLAIN SELECT * FROM t1 WHERE (a2 AND a2) = 0;
+id	select_type	table	partitions	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	SIMPLE	t1	NULL	ALL	NULL	NULL	NULL	NULL	1	100.00	Using where
+Warnings:
+Note	1003	/* select#1 */ select `test`.`t1`.`a1` AS `a1`,`test`.`t1`.`a2` AS `a2` from `test`.`t1` where ((`test`.`t1`.`a2` and `test`.`t1`.`a2`) = 0)
+SELECT * FROM t1 WHERE (a2 AND a2) = 0;
+a1	a2
+# Used to get assertion or wrong results.
+EXPLAIN SELECT * FROM t1 STRAIGHT_JOIN t2 ON b WHERE (b AND b) = 1;
+id	select_type	table	partitions	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	SIMPLE	t1	NULL	ALL	NULL	NULL	NULL	NULL	1	100.00	NULL
+1	SIMPLE	t2	NULL	ALL	NULL	NULL	NULL	NULL	1	100.00	Using where; Using join buffer (Block Nested Loop)
+Warnings:
+Note	1003	/* select#1 */ select `test`.`t1`.`a1` AS `a1`,`test`.`t1`.`a2` AS `a2`,`test`.`t2`.`b` AS `b` from `test`.`t1` straight_join `test`.`t2` where (((`test`.`t2`.`b` and `test`.`t2`.`b`) = 1) and `test`.`t2`.`b`)
+SELECT * FROM t1 STRAIGHT_JOIN t2 ON b WHERE (b AND b) = 1;
+a1	a2	b
+0	NULL	1
+DROP TABLE t1, t2;
+#
 #
 # BUG#21365158 WL8149:ASSERTION `!TABLE || (!TABLE->WRITE_SET 
 #

mysql-test/suite/gcol/r/gcol_keys_myisam.result

@@ -887,6 +887,24 @@ SELECT a FROM t WHERE (CASE WHEN (a AND b) THEN a ELSE b END) = 1;
 a
 0
 1
+EXPLAIN SELECT a, b FROM t WHERE 1 = (b AND a);
+id	select_type	table	partitions	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	SIMPLE	t	NULL	ALL	NULL	NULL	NULL	NULL	4	100.00	Using where
+Warnings:
+Note	1003	/* select#1 */ select `test`.`t`.`a` AS `a`,`test`.`t`.`b` AS `b` from `test`.`t` where (1 = (`test`.`t`.`b` and `test`.`t`.`a`))
+SELECT a, b FROM t WHERE 1 = (b AND a);
+a	b
+1	1
+EXPLAIN SELECT a, b FROM t WHERE 1 = (b OR a);
+id	select_type	table	partitions	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	SIMPLE	t	NULL	ALL	NULL	NULL	NULL	NULL	4	100.00	Using where
+Note	1003	/* select#1 */ select `test`.`t`.`a` AS `a`,`test`.`t`.`b` AS `b` from `test`.`t` where (1 = (`test`.`t`.`b` or `test`.`t`.`a`))
+Warnings:
+SELECT a, b FROM t WHERE 1 = (b OR a);
+a	b
+0	1
+1	0
+1	1
 DROP TABLE t;
 #
 # Bug#21854241: QUERY USING JSON_EXTRACT() RETURNS WRONG RESULT
@@ -1014,6 +1032,38 @@ a	b	gc
 5	NULL	6
 DROP TABLE t;
 #
+# Bug#22810883: ASSERTION FAILED:
+#               !(USED_TABS & (~READ_TABLES & ~FILTER_FOR_TABLE))
+#
+CREATE TABLE t1 (a1 INTEGER GENERATED ALWAYS AS (1 AND 0) STORED,
+a2 INTEGER, KEY (a1));
+INSERT INTO t1 VALUES ();
+CREATE TABLE t2 (b INTEGER);
+INSERT INTO t2 VALUES (1);
+ANALYZE TABLE t1, t2;
+Table	Op	Msg_type	Msg_text
+test.t1	analyze	status	OK
+test.t2	analyze	status	OK
+# Used to choose the index on a1 and get wrong results.
+EXPLAIN SELECT * FROM t1 WHERE (a2 AND a2) = 0;
+id	select_type	table	partitions	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	SIMPLE	NULL	NULL	NULL	NULL	NULL	NULL	NULL	NULL	NULL	Impossible WHERE noticed after reading const tables
+Warnings:
+Note	1003	/* select#1 */ select '0' AS `a1`,NULL AS `a2` from dual where ((NULL and NULL) = 0)
+SELECT * FROM t1 WHERE (a2 AND a2) = 0;
+a1	a2
+# Used to get assertion or wrong results.
+EXPLAIN SELECT * FROM t1 STRAIGHT_JOIN t2 ON b WHERE (b AND b) = 1;
+id	select_type	table	partitions	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	SIMPLE	t1	NULL	system	NULL	NULL	NULL	NULL	1	100.00	NULL
+1	SIMPLE	t2	NULL	system	NULL	NULL	NULL	NULL	1	100.00	NULL
+Warnings:
+Note	1003	/* select#1 */ select '0' AS `a1`,NULL AS `a2`,'1' AS `b` from `test`.`t2` where ((('1' and '1') = 1) and '1')
+SELECT * FROM t1 STRAIGHT_JOIN t2 ON b WHERE (b AND b) = 1;
+a1	a2	b
+0	NULL	1
+DROP TABLE t1, t2;
+#
 DROP VIEW  IF EXISTS v1,v2;
 DROP TABLE IF EXISTS t1,t2,t3;
 DROP PROCEDURE IF EXISTS p1;

sql/item_cmpfunc.cc

@@ -5871,11 +5871,16 @@ bool Item_cond::eq(const Item *item, bool binary_cmp) const
     return false;
   const Item_cond *item_cond= down_cast<const Item_cond *>(item);
   if (functype() != item_cond->functype() ||
-      arg_count != item_cond->arg_count ||
+      list.elements != item_cond->list.elements ||
       func_name() != item_cond->func_name())
     return false;
-  for (size_t i= 0; i < arg_count; ++i)
-    if (!args[i]->eq(item_cond->args[i], binary_cmp))
+  // Item_cond never uses "args". Inspect "list" instead.
+  DBUG_ASSERT(arg_count == 0 && item_cond->arg_count == 0);
+  List_iterator_fast<Item> it1(const_cast<Item_cond *>(this)->list);
+  List_iterator_fast<Item> it2(const_cast<Item_cond *>(item_cond)->list);
+  Item *i;
+  while ((i= it1++))
+    if (!i->eq(it2++, binary_cmp))
       return false;
   return true;
 }