<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:06:21 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-44570] Create a non process-fatal variant of invariant()</title>
                <link>https://jira.mongodb.org/browse/SERVER-44570</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;There have been a number of times where an &lt;tt&gt;invariant()&lt;/tt&gt;&#160;in the query planner makes it easy for a client to crash a stable version of the server (see below). While detection of a bug in the query planner should definitely be operation-fatal, it does not need to be process-fatal. In fact, making the exposure of such bugs process-fatal creates security vulnerabilities, especially for systems like the atlas free tier, where any user can read and write data (which makes it quite easy to trigger these kinds of invariants).&lt;/p&gt;

&lt;p&gt;None of the assertion macros available in the server today fit into the right box for the query planner on the two dimensions of &quot;indicates a bug OR indicates user error/unexpected situation&quot; and &quot;is process fatal OR operation fatal.&quot; That is:&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;invariant()&lt;/tt&gt; indicates a bug, but is process fatal.&lt;br/&gt;
 &lt;tt&gt;fassert()&lt;/tt&gt; indicates a situation the server is not prepared for (not a bug) and is process fatal.&lt;br/&gt;
 &lt;tt&gt;uassert()&lt;/tt&gt; indicates a user error and is operation fatal.&lt;/p&gt;

&lt;p&gt;We should consider adding a &lt;tt&gt;nonFatalInvariant()&lt;/tt&gt; to the server which, when triggered, indicates that there is a bug, but is only operation-fatal. Instead of calling abort(), it could throw an exception with a special code (something like &lt;tt&gt;ErrorCodes::ThereIsABug&lt;/tt&gt;). This would require changing our various fuzzers to be aware of this new error code, and to fail when they encounter it.&lt;/p&gt;

&lt;p&gt;It&apos;s worth mentioning that we&apos;re not suggesting all &lt;tt&gt;invariants()&lt;/tt&gt; in the query system should be non-fatal. We&apos;re only arguing that a &lt;tt&gt;nonFatalInvariant()&lt;/tt&gt; should be &lt;em&gt;available&lt;/em&gt; to the query system and used for logic checks (e.g. were these index bounds built correctly?) and not for checks about the state of the system (e.g. is this lock held?).&lt;/p&gt;

&lt;p&gt;Examples of invariants in the query system which are fairly trivial to reproduce:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-21251&quot; title=&quot;jstestfuzz causing invariant failure in index_bounds_builder.cpp&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-21251&quot;&gt;&lt;del&gt;SERVER-21251&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-44377&quot; title=&quot;Invariant failure on indexed inequality to null&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-44377&quot;&gt;&lt;del&gt;SERVER-44377&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-38349&quot; title=&quot;Aggregate with exchange can trip invariant&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-38349&quot;&gt;&lt;del&gt;SERVER-38349&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-37838&quot; title=&quot;stepDown during a getMore followed by an OP_KILL_CURSORS can crash the server&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-37838&quot;&gt;&lt;del&gt;SERVER-37838&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-42491&quot; title=&quot;Crash with searchScore and searchHighlights metadata&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-42491&quot;&gt;&lt;del&gt;SERVER-42491&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-38164&quot; title=&quot;$or pushdown optimization does not correctly handle $not within an $elemMatch&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-38164&quot;&gt;&lt;del&gt;SERVER-38164&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-37686&quot; title=&quot;Wildcard index should not assume non-descending bounds when checking overlap with object type bracket&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-37686&quot;&gt;&lt;del&gt;SERVER-37686&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-33005&quot; title=&quot;Contained $or access planning is incorrect for $elemMatch object, results in invariant failure&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-33005&quot;&gt;&lt;del&gt;SERVER-33005&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-47773&quot; title=&quot;geoNear invariant on mongos&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-47773&quot;&gt;&lt;del&gt;SERVER-47773&lt;/del&gt;&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="997318">SERVER-44570</key>
            <summary>Create a non process-fatal variant of invariant()</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.pulo@mongodb.com">Kevin Pulo</assignee>
                                    <reporter username="ian.boros@mongodb.com">Ian Boros</reporter>
                        <labels>
                    </labels>
                <created>Mon, 11 Nov 2019 23:29:07 +0000</created>
                <updated>Sun, 29 Oct 2023 22:15:03 +0000</updated>
                            <resolved>Mon, 2 Nov 2020 12:58:05 +0000</resolved>
                                                    <fixVersion>4.9.0</fixVersion>
                                    <component>Internal Code</component>
                                        <votes>2</votes>
                                    <watches>18</watches>
                                                                                                                <comments>
                            <comment id="3509210" author="ben.caimano" created="Mon, 30 Nov 2020 20:44:18 +0000"  >&lt;p&gt;Alright, I&apos;ve filed &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-53135&quot; title=&quot;Tassert should only exit with error in testing&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-53135&quot;&gt;&lt;del&gt;SERVER-53135&lt;/del&gt;&lt;/a&gt; to make the unclean exit test only. With that piece in place, we should be able to backport this to v4.4&lt;/p&gt;</comment>
                            <comment id="3471234" author="xgen-internal-githook" created="Mon, 2 Nov 2020 09:58:59 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Pulo&apos;, &apos;email&apos;: &apos;kevin.pulo@mongodb.com&apos;, &apos;username&apos;: &apos;devkev&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-44570&quot; title=&quot;Create a non process-fatal variant of invariant()&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-44570&quot;&gt;&lt;del&gt;SERVER-44570&lt;/del&gt;&lt;/a&gt; Add tripwire assertions (tassert)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/7d8e64df2d2d56a821f638ef88aa619403d03d31&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/7d8e64df2d2d56a821f638ef88aa619403d03d31&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2536427" author="jason.carey" created="Tue, 12 Nov 2019 15:19:46 +0000"  >&lt;p&gt;I&apos;d considered making something like this that was fatal under enableTestCommands, exception throwing elsewhere.&lt;/p&gt;

&lt;p&gt;That catches all of our testing, but presumably no production deployements&lt;/p&gt;</comment>
                            <comment id="2536350" author="james.wahlin@10gen.com" created="Tue, 12 Nov 2019 15:03:11 +0000"  >&lt;p&gt;Maybe we could consider making this process fatal for certain test environments, maybe via setParameter? I think it would be useful to maintain for the fuzzer and maybe the concurrency test suites.&lt;/p&gt;</comment>
                            <comment id="2530675" author="ian.boros" created="Mon, 11 Nov 2019 23:29:31 +0000"  >&lt;p&gt;CC &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=charlie.swanson&quot; class=&quot;user-hover&quot; rel=&quot;charlie.swanson&quot;&gt;charlie.swanson&lt;/a&gt; &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=david.storch&quot; class=&quot;user-hover&quot; rel=&quot;david.storch&quot;&gt;david.storch&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="999705">SERVER-44588</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1338896">SERVER-47926</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1548596">SERVER-53002</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1555138">SERVER-53135</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1667775">SERVER-55699</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1531091">SERVER-52532</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>11.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="18953"><![CDATA[v4.4]]></customfieldvalue>
    <customfieldvalue key="16775"><![CDATA[v4.2]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10011"><![CDATA[Minor Change]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 12 Nov 2019 15:03:11 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        3 years, 10 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>The &amp;quot;tripwire assertions&amp;quot; (tassert) feature has been added to the server.  These are similar to &amp;quot;user assertions&amp;quot;, except that they also ensure the server process will not shutdown successfully.  (If the server finds itself shutting down with no errors, and tripwire assertion failures have occurred, then it will abort instead of exiting with no errors.)  This is mostly for our internal testing purposes, but can be useful for detecting when non-fatal unexpected situations have occurred in production (whether caused by a bug, or by problematic input/configuration/etc).  Such failures will usually primarily be of interest to MongoDB, not users/customers.&lt;br/&gt;
&lt;br/&gt;
The main downstream-relevant change is the addition of a &amp;quot;{{tripwire}}&amp;quot; counter to the [&amp;quot;{{asserts}}&amp;quot; section of {{serverStatus}} command output|&lt;a href=&quot;https://docs.mongodb.com/manual/reference/command/serverStatus/#asserts&quot;&gt;https://docs.mongodb.com/manual/reference/command/serverStatus/#asserts&lt;/a&gt;].  It starts at 0 when the server process is started up, and increments each time a tassert failure occurs.  If serverStatus reports a non-zero value for {{asserts.tripwire}}, then the server will not exit with exit code 0, and will instead exit with EXIT_ABRUPT (14) (in fact in this case it will issue a &amp;quot;Fatal assertion&amp;quot; (fassert) during clean shutdown), unless it otherwise first encounters some other fatal error or situation causing an unclean shutdown (in which case, the server will use the exit code of the other failure).&lt;br/&gt;
&lt;br/&gt;
When a tassert assertion failure occurs, a log entry with id 4457000 will be logged, containing the details of the tassert failure.  These log id entries will be present in the logs if {{asserts.tripwire &amp;gt; 0}}.  Additionally, if tripwire assertion failures have occurred, the number of occurrences will be recorded during clean or unclean shutdown in a log message with id 4457001 or 4457002 respectively.</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16942"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 years, 10 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>ben.caimano@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>ian.boros@mongodb.com</customfieldvalue>
            <customfieldvalue>james.wahlin@mongodb.com</customfieldvalue>
            <customfieldvalue>kevin.pulo@mongodb.com</customfieldvalue>
            <customfieldvalue>mira.carey@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hw1u6v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hvq52n:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="3380">Service Arch 2019-11-18</customfieldvalue>
    <customfieldvalue id="3381">Service Arch 2019-12-02</customfieldvalue>
    <customfieldvalue id="3382">Service Arch 2019-12-16</customfieldvalue>
    <customfieldvalue id="3383">Service Arch 2019-12-30</customfieldvalue>
    <customfieldvalue id="3563">Service Arch 2020-01-13</customfieldvalue>
    <customfieldvalue id="3668">Service Arch 2020-02-24</customfieldvalue>
    <customfieldvalue id="3669">Service Arch 2020-03-09</customfieldvalue>
    <customfieldvalue id="3743">Service Arch 2020-03-23</customfieldvalue>
    <customfieldvalue id="3746">Service Arch 2020-04-06</customfieldvalue>
    <customfieldvalue id="3838">Service arch 2020-04-20</customfieldvalue>
    <customfieldvalue id="3839">Service arch 2020-05-04</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_17051" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Teams Impacted</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16943"><![CDATA[Cloud]]></customfieldvalue>
    <customfieldvalue key="16944"><![CDATA[Docs]]></customfieldvalue>
    <customfieldvalue key="16946"><![CDATA[Triage and Release]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hw1gg7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>