mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
debug_formatting
scylladb/cql3/statements/delete_statement.cc
Nadav Har'El c87d6407ed cql3: Replace SCYLLA_ASSERT by throwing_assert 
In this patch we replace every single use of SCYLLA_ASSERT() in the cql3/
directory by throwing_assert().

The problem with SCYLLA_ASSERT() is that when it fails, it crashes Scylla.
This is almost always a bad idea (see #7871 discussing why), but it's even
riskier in front-end code like cql3/: In front-end code, there is a risk
that due to a bug in our code, a specific user request can cause Scylla
to crash. A malicious user can send this query to all nodes and crash
the entire cluster. When the user is not malicious, it causes a small
problem (a failing request) to become a much worse crash - and worse,
the user has no idea which request is causing this crash and the crash
will repeat if the same request is tried again.

All of this is solved by using the new throwing_assert(), which is the
same as SCYLLA_ASSERT() but throws an exception (using on_internal_error())
instead of crashing. The exception will prevent the code path with the
invalid assumption from continuing, but will result in only the current
user request being aborted, with a clear error message reporting the
internal server error due to an assertion failure.

I reviewed all the changes that I did in this patch to check that (to the
best of my understanding) none of the assertions in cql3/ involve the
sort of serious corruption that might require crashing the Scylla node
entirely.

throwing_assert() also improves logging of assertion failures compared
to the original SCYLLA_ASSERT() - SCYLLA_ASSERT() printed a message to
stderr which in many installations is lost, whereas throwing_assert()
uses Scylla's standard logger, and also includes a backtrace in the
log message.

Fixes #13970 (Exorcise assertions from CQL code paths)
Refs #7871 (Exorcise assertions from Scylla)

Signed-off-by: Nadav Har'El <nyh@scylladb.com>
2026-03-11 09:41:20 +02:00

114 lines
4.3 KiB
C++
Raw Permalink Blame History

/*
* Copyright (C) 2015-present ScyllaDB
*
* Modified by ScyllaDB
*/
/*
* SPDX-License-Identifier: (LicenseRef-ScyllaDB-Source-Available-1.0 and Apache-2.0)
*/
#include "utils/assert.hh"
#include "data_dictionary/data_dictionary.hh"
#include "delete_statement.hh"
#include "raw/delete_statement.hh"
#include "mutation/mutation.hh"
#include "cql3/expr/expression.hh"
#include "cql3/expr/expr-utils.hh"
namespace cql3 {
namespace statements {
delete_statement::delete_statement(audit::audit_info_ptr&& audit_info, statement_type type, uint32_t bound_terms, schema_ptr s, std::unique_ptr<attributes> attrs, cql_stats& stats)
: modification_statement{type, bound_terms, std::move(s), std::move(attrs), stats}
{
set_audit_info(std::move(audit_info));
}
bool delete_statement::require_full_clustering_key() const {
return false;
}
bool delete_statement::allow_clustering_key_slices() const {
return true;
}
void delete_statement::add_update_for_key(mutation& m, const query::clustering_range& range, const update_parameters& params, const json_cache_opt& json_cache) const {
if (_column_operations.empty()) {
if (s->clustering_key_size() == 0 || range.is_full()) {
m.partition().apply(params.make_tombstone());
} else if (range.is_singular()) {
m.partition().apply_delete(*s, range.start()->value(), params.make_tombstone());
} else {
auto bvs = bound_view::from_range(range);
m.partition().apply_delete(*s, range_tombstone(bvs.first, bvs.second, params.make_tombstone()));
}
return;
}
for (auto&& op : _column_operations) {
if (op->should_skip_operation(params._options)) {
continue;
}
op->execute(m, range.start() ? std::move(range.start()->value()) : clustering_key_prefix::make_empty(), params);
}
}
namespace raw {
::shared_ptr<cql3::statements::modification_statement>
delete_statement::prepare_internal(data_dictionary::database db, schema_ptr schema, prepare_context& ctx,
std::unique_ptr<attributes> attrs, cql_stats& stats) const {
auto stmt = ::make_shared<cql3::statements::delete_statement>(audit_info(), statement_type::DELETE, ctx.bound_variables_size(), schema, std::move(attrs), stats);
for (auto&& deletion : _deletions) {
auto&& id = deletion->affected_column().prepare_column_identifier(*schema);
auto def = get_column_definition(*schema, *id);
if (!def) {
throw exceptions::invalid_request_exception(format("Unknown identifier {}", *id));
}
// For compact, we only have one value except the key, so the only form of DELETE that make sense is without a column
// list. However, we support having the value name for coherence with the static/sparse case
if (def->is_primary_key()) {
throw exceptions::invalid_request_exception(format("Invalid identifier {} for deletion (should not be a PRIMARY KEY part)", def->name_as_text()));
}
auto&& op = deletion->prepare(db, schema->ks_name(), *def);
op->fill_prepare_context(ctx);
stmt->add_operation(op);
}
prepare_conditions(db, *schema, ctx, *stmt);
stmt->process_where_clause(db, _where_clause, ctx);
if (has_slice(stmt->restrictions().get_clustering_columns_restrictions())) {
if (!schema->is_compound()) {
throw exceptions::invalid_request_exception("Range deletions on \"compact storage\" schemas are not supported");
}
if (!_deletions.empty()) {
throw exceptions::invalid_request_exception("Range deletions are not supported for specific columns");
}
}
return stmt;
}
delete_statement::delete_statement(cf_name name,
std::unique_ptr<attributes::raw> attrs,
std::vector<std::unique_ptr<operation::raw_deletion>> deletions,
expr::expression where_clause,
std::optional<expr::expression> conditions,
bool if_exists)
: raw::modification_statement(std::move(name), std::move(attrs), std::move(conditions), false, if_exists)
, _deletions(std::move(deletions))
, _where_clause(std::move(where_clause))
{
throwing_assert(!_attrs->time_to_live.has_value());
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink