Page MenuHomePhabricator
Create Task
Maniphest T253199

SQLite's flexible typing causing incompatibility issues
Open, Needs TriagePublic
Actions

Description

So, first of all, I'm by no means an expert of SQLite, and I just learned about SQLite's flexible typing.

A few days ago I noticed that this AbuseFilter test was failing on SQLite (see e.g. this console output), whereas it used to pass on MySQL.

It took me a decent amount of time (and tests using the CI) to find out the cause. The abuse_filter_log table definition for SQLite has:

CREATE TABLE /*$wgDBprefix*/abuse_filter_log (
	...
	afl_filter varbinary(64) NOT NULL DEFAULT '',

the test does

INSERT INTO abuse_filter_log ( ... afl_filter ... ) values ( ... 1 ...

i.e. it's inserting a numeric 1. Then we do something like

SELECT  1  FROM unittest_abuse_filter_log WHERE afl_filter = '1'

and this cannot find the row inserted above! Instead, it works as expected if you remove the quotes from '1'.

The docs above don't explicitly mention what happens if you try to insert an integer in a varbinary column, but apparently, no cast is taking place (unlike when inserting strings in an integer field). Moreover, SELECT queries are not flexibly typed, which explains why the test was failing. Needles to say, this is a big drift from MySQL and a potential source of sneaky issues.

I don't know whether this has already caused problems in the past, and/or it's already being mitigated somehow, but I think it's very important that we do something about that, even just putting a warning on mw.org.

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT253199 SQLite's flexible typing causing incompatibility issues
 DuplicateNoneT258478 Add runtime type-check when inserting data
 StalledFeatureNoneT289521 Support SQLite's upcoming strict mode

Event Timeline

Daimona created this task.May 20 2020, 9:40 AM
Restricted Application added a project: Platform Engineering. · View Herald TranscriptMay 20 2020, 9:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Daimona mentioned this in T253235: CheckUser test failing on SQLite.May 20 2020, 3:27 PM
CCicalese_WMF moved this task from Inbox to Triage Meeting Inbox on the Platform Engineering board.May 20 2020, 5:53 PM
eprodromou removed a project: Platform Engineering.May 26 2020, 8:39 PM
eprodromou subscribed.

Putting a warning on Mediawiki.org seems like the right thing to do here. I'm untagging CPT, but tag us if you think there's more work to be done on our side.

Krinkle moved this task from Untriaged to Rdbms: Non-MySQL support on the MediaWiki-libs-Rdbms board.Jun 9 2020, 8:54 PM
Daimona mentioned this in T255390: Edit filter log returns no results, despite results being available.Jun 15 2020, 8:54 AM
Daimona added a comment.EditedJun 20 2020, 3:42 PM

See T255390 for a couple actual examples; there might be more, any row using the BLOB data type (at least, but lots of columns use that) is potentially affected. This feature can actually cause data corruption (sort of), per T255390#6223722:

And this is why the issue with flexible typing is (IMHO) worrying: a single, bad INSERT will require all future SELECTs to account for both possibilities.

You can use the wrong type in INSERTs, but SELECTs must match the exact type stored in the row. So, for instance:

CREATE TABLE foo(
  id integer primary key autoincrement,
  bar BLOB
  );
  
INSERT INTO foo VALUES (null,42);
INSERT INTO foo VALUES (null,'42');
SELECT * FROM foo
--> row 1 and 2
SELECT * FROM foo WHERE bar = 42;
--> Only row 1 is returned
SELECT * FROM foo WHERE bar = '42';
--> Only row 2 is returned
Daimona mentioned this in T258366: content.content_id is not "NOT NULL" while being primary key.Jul 20 2020, 1:37 PM
Daimona mentioned this in T258478: Add runtime type-check when inserting data.Jul 21 2020, 9:45 AM
Daimona added a subtask: T258478: Add runtime type-check when inserting data.Jul 21 2020, 9:51 AM
Daimona added a subtask: T289521: Support SQLite's upcoming strict mode.Aug 30 2021, 3:57 PM
Restricted Application added a project: Performance-Team. · View Herald TranscriptAug 30 2021, 3:57 PM
Krinkle removed a project: Performance-Team.Aug 30 2021, 6:39 PM
Daimona mentioned this in T308607: Pagination for Event Registration List.Jul 4 2022, 5:33 PM
Daimona renamed this task from SQLite's flexible typing causing incompatibility issues (at least in WMF CI) to SQLite's flexible typing causing incompatibility issues.Aug 17 2022, 5:24 PM
Daimona mentioned this in T289521: Support SQLite's upcoming strict mode.
Bawolff moved this task from Backlog to DB library on the SQLite board.Nov 11 2022, 5:24 PM
Novem_Linguae subscribed.Jan 12 2024, 1:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL