[Bug 21868] New: SMW Parser is missing grammar validation

Wed, 16 Dec 2009 08:11:47 -0800 

https://bugzilla.wikimedia.org/show_bug.cgi?id=21868

           Summary: SMW Parser is missing grammar validation
           Product: MediaWiki extensions
           Version: any
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: Normal
         Component: Semantic MediaWiki
        AssignedTo: mar...@semantic-mediawiki.org
        ReportedBy: avino...@gmail.com


The SMW Parser seems to ignore grammar/syntax errors altogether. Instead of
issuing an error message, it's generating an impossibly-heavy DB query:

SELECT /* SMW::getQueryResult Avinoamr */  DISTINCT t0.smw_id AS
id,t0.smw_title AS t,t0.smw_namespace AS ns,t0.smw_iw AS iw,t0.smw_sortkey 
FROM `smw_ids` AS t0 INNER JOIN `smw_ids` AS t2 ON t0.smw_id=t2.smw_id  WHERE
t2.smw_iw!=':smw' AND t2.smw_iw!=':smw-redi' AND t2.smw_iw!=':smw-border' AND
t2.smw_iw!=':smw-intprop'  ORDER BY t0.smw_sortkey ASC  LIMIT 21

This query is obviously malformed, it doesn't try to match anything useful,
just filters out certain rows. On our current MediaWiki installation this query
takes more than 1 hour to complete. 

I've noticed it's being generated by (1) using a bad syntax (try
[Field::->Value]]), or (2) by using the {#ask} parser function with an empty
query string (try {#ask:}). 

Obviously, the user should be aware of what he's doing - but a couple of these
queries can really slow down the DBs for no reason. 

I think it's a critical performance/stability bug. If I'm not mistaken, a
single user can pretty much crash several of the DB servers simply by running
these queries repeatedly. 

I'm not certain what kind of parsing algorithm is being used (LL(1) ?), but I'm
sure grammar validation is part of it. If you wish, I volunteer to help with
developing this support - but I'd like to have a comprehensive understanding
and guidance before I begin.

By the way - another approach would be to check the Query object before
executing it. And if we realize that this meaningless SQL error will be
executed, we can just throw a non-informative Parsing exception. That's a more
quick & dirty solution, in my opinion.


-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to