Skip to content

Segfault in ByteGroupValueBuilder #15968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 7, 2025
Merged

Segfault in ByteGroupValueBuilder #15968

merged 3 commits into from
May 7, 2025

Conversation

thinkharderdev
Copy link
Contributor

Which issue does this PR close?

Rationale for this change

See issue description

What changes are included in this PR?

When appending values in ByteGroupValueBuilder we check for overflows of the underlying OffsetSizeTrait type

Are these changes tested?

There is a test which reproduces the segfault without this fix

Are there any user-facing changes?

No

@thinkharderdev thinkharderdev changed the title Segfaul in ByteGroupValueBuilder Segfault in ByteGroupValueBuilder May 6, 2025
@alamb
Copy link
Contributor

alamb commented May 6, 2025

🤖 ./gh_compare_branch.sh Benchmark Script Running
Linux aal-dev 6.11.0-1013-gcp #13~24.04.1-Ubuntu SMP Wed Apr 2 16:34:16 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Comparing offset-overflow (e3fcaf2) to 09a7a2a diff
Benchmarks: tpch_mem clickbench_partitioned clickbench_extended
Results will be posted here when complete

alamb
alamb approved these changes May 6, 2025
View reviewed changes
Copy link
Contributor

@alamb alamb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @thinkharderdev

I started the performance tests just to check, but realistically we need to fix this issue

datafusion/physical-plan/src/aggregates/group_values/multi_group_by/bytes.rs
@@ -62,6 +64,11 @@ where
buffer: BufferBuilder::new(INITIAL_BUFFER_CAPACITY),
offsets: vec![O::default()],
nulls: MaybeNullBufferBuilder::new(),
max_buffer_size: if O::IS_LARGE {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I couldn't find any other way to get the max value of the offset size, which is weird. Maybe it would be a nice addition to arrow-rs

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed: apache/arrow-rs#7474

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@alamb
Copy link
Contributor

alamb commented May 6, 2025

🤖: Benchmark completed

Details 

Comparing HEAD and offset-overflow
--------------------
Benchmark clickbench_extended.json
--------------------
┏━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┓
┃ Query        ┃       HEAD ┃ offset-overflow ┃        Change ┃
┡━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━┩
│ QQuery 0     │  1986.43ms │       1868.86ms │ +1.06x faster │
│ QQuery 1     │   704.83ms │        720.83ms │     no change │
│ QQuery 2     │  1476.92ms │       1460.99ms │     no change │
│ QQuery 3     │   709.70ms │        707.18ms │     no change │
│ QQuery 4     │  1453.93ms │       1462.20ms │     no change │
│ QQuery 5     │ 15346.57ms │      15058.53ms │     no change │
│ QQuery 6     │  2085.02ms │       2094.70ms │     no change │
│ QQuery 7     │  2061.65ms │       2032.67ms │     no change │
└──────────────┴────────────┴─────────────────┴───────────────┘
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Benchmark Summary              ┃            ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ Total Time (HEAD)              │ 25825.05ms │
│ Total Time (offset-overflow)   │ 25405.95ms │
│ Average Time (HEAD)            │  3228.13ms │
│ Average Time (offset-overflow) │  3175.74ms │
│ Queries Faster                 │          1 │
│ Queries Slower                 │          0 │
│ Queries with No Change         │          7 │
└────────────────────────────────┴────────────┘
--------------------
Benchmark clickbench_partitioned.json
--------------------
┏━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓
┃ Query        ┃       HEAD ┃ offset-overflow ┃       Change ┃
┡━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━┩
│ QQuery 0     │     2.22ms │          2.18ms │    no change │
│ QQuery 1     │    39.68ms │         38.19ms │    no change │
│ QQuery 2     │    94.14ms │         91.56ms │    no change │
│ QQuery 3     │    95.85ms │         99.12ms │    no change │
│ QQuery 4     │   620.41ms │        629.68ms │    no change │
│ QQuery 5     │   864.93ms │        889.61ms │    no change │
│ QQuery 6     │     2.16ms │          2.41ms │ 1.12x slower │
│ QQuery 7     │    44.57ms │         45.35ms │    no change │
│ QQuery 8     │   889.87ms │        916.62ms │    no change │
│ QQuery 9     │  1228.70ms │       1214.68ms │    no change │
│ QQuery 10    │   265.13ms │        268.80ms │    no change │
│ QQuery 11    │   307.84ms │        312.65ms │    no change │
│ QQuery 12    │   927.03ms │        928.29ms │    no change │
│ QQuery 13    │  1390.15ms │       1374.36ms │    no change │
│ QQuery 14    │   850.50ms │        869.04ms │    no change │
│ QQuery 15    │   822.92ms │        827.88ms │    no change │
│ QQuery 16    │  1735.93ms │       1755.19ms │    no change │
│ QQuery 17    │  1602.91ms │       1630.27ms │    no change │
│ QQuery 18    │  3032.28ms │       3107.68ms │    no change │
│ QQuery 19    │    85.76ms │         85.26ms │    no change │
│ QQuery 20    │  1163.47ms │       1159.24ms │    no change │
│ QQuery 21    │  1353.11ms │       1348.19ms │    no change │
│ QQuery 22    │  2222.53ms │       2219.31ms │    no change │
│ QQuery 23    │  8392.20ms │       8530.03ms │    no change │
│ QQuery 24    │   472.88ms │        476.06ms │    no change │
│ QQuery 25    │   400.35ms │        409.19ms │    no change │
│ QQuery 26    │   546.73ms │        536.40ms │    no change │
│ QQuery 27    │  1603.72ms │       1612.58ms │    no change │
│ QQuery 28    │ 12823.03ms │      12680.22ms │    no change │
│ QQuery 29    │   547.10ms │        540.02ms │    no change │
│ QQuery 30    │   830.46ms │        837.03ms │    no change │
│ QQuery 31    │   869.77ms │        868.16ms │    no change │
│ QQuery 32    │  2610.03ms │       2658.05ms │    no change │
│ QQuery 33    │  3370.83ms │       3400.91ms │    no change │
│ QQuery 34    │  3375.37ms │       3379.85ms │    no change │
│ QQuery 35    │  1273.19ms │       1281.03ms │    no change │
│ QQuery 36    │   127.43ms │        130.76ms │    no change │
│ QQuery 37    │    57.69ms │         58.30ms │    no change │
│ QQuery 38    │   127.51ms │        128.13ms │    no change │
│ QQuery 39    │   208.11ms │        199.74ms │    no change │
│ QQuery 40    │    48.72ms │         52.45ms │ 1.08x slower │
│ QQuery 41    │    48.51ms │         49.08ms │    no change │
│ QQuery 42    │    40.57ms │         39.30ms │    no change │
└──────────────┴────────────┴─────────────────┴──────────────┘
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┓
┃ Benchmark Summary              ┃            ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━┩
│ Total Time (HEAD)              │ 57416.25ms │
│ Total Time (offset-overflow)   │ 57682.88ms │
│ Average Time (HEAD)            │  1335.26ms │
│ Average Time (offset-overflow) │  1341.46ms │
│ Queries Faster                 │          0 │
│ Queries Slower                 │          2 │
│ Queries with No Change         │         41 │
└────────────────────────────────┴────────────┘
--------------------
Benchmark tpch_mem_sf1.json
--------------------
┏━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓
┃ Query        ┃     HEAD ┃ offset-overflow ┃       Change ┃
┡━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━┩
│ QQuery 1     │ 124.93ms │        120.60ms │    no change │
│ QQuery 2     │  23.44ms │         24.16ms │    no change │
│ QQuery 3     │  34.53ms │         35.05ms │    no change │
│ QQuery 4     │  19.97ms │         21.06ms │ 1.05x slower │
│ QQuery 5     │  55.80ms │         55.33ms │    no change │
│ QQuery 6     │  12.15ms │         11.93ms │    no change │
│ QQuery 7     │ 102.40ms │        104.75ms │    no change │
│ QQuery 8     │  25.48ms │         26.70ms │    no change │
│ QQuery 9     │  61.36ms │         65.87ms │ 1.07x slower │
│ QQuery 10    │  57.25ms │         58.77ms │    no change │
│ QQuery 11    │  12.70ms │         13.03ms │    no change │
│ QQuery 12    │  44.67ms │         45.08ms │    no change │
│ QQuery 13    │  29.08ms │         30.26ms │    no change │
│ QQuery 14    │   9.97ms │         10.20ms │    no change │
│ QQuery 15    │  24.46ms │         25.04ms │    no change │
│ QQuery 16    │  22.54ms │         23.57ms │    no change │
│ QQuery 17    │  99.37ms │        101.65ms │    no change │
│ QQuery 18    │ 242.76ms │        241.30ms │    no change │
│ QQuery 19    │  26.53ms │         27.01ms │    no change │
│ QQuery 20    │  38.79ms │         41.15ms │ 1.06x slower │
│ QQuery 21    │ 167.04ms │        170.63ms │    no change │
│ QQuery 22    │  16.74ms │         17.56ms │    no change │
└──────────────┴──────────┴─────────────────┴──────────────┘
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━┓
┃ Benchmark Summary              ┃           ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━┩
│ Total Time (HEAD)              │ 1251.98ms │
│ Total Time (offset-overflow)   │ 1270.69ms │
│ Average Time (HEAD)            │   56.91ms │
│ Average Time (offset-overflow) │   57.76ms │
│ Queries Faster                 │         0 │
│ Queries Slower                 │         3 │
│ Queries with No Change         │        19 │
└────────────────────────────────┴───────────┘

@thinkharderdev thinkharderdev mentioned this pull request May 6, 2025
Closed
@Dandandan Dandandan mentioned this pull request May 7, 2025
Closed
@Dandandan
Copy link
Contributor

Thanks all!

@Dandandan Dandandan merged commit 5bdaeaf into apache:main May 7, 2025
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Dandandan Dandandan Dandandan approved these changes

@alamb alamb alamb approved these changes

@jayzhan211 jayzhan211 jayzhan211 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Memory safety issue in ByteGroupValueBuilder
4 participants
@thinkharderdev @alamb @Dandandan @jayzhan211