Replace assert with chassert in AggregateFunctionArray constructor by groeneai · Pull Request #102856 · ClickHouse/ClickHouse · GitHub
Skip to content

Replace assert with chassert in AggregateFunctionArray constructor#102856

Merged
nihalzp merged 1 commit into
ClickHouse:masterfrom
groeneai:fix-assert-aggregate-array
Apr 16, 2026
Merged

Replace assert with chassert in AggregateFunctionArray constructor#102856
nihalzp merged 1 commit into
ClickHouse:masterfrom
groeneai:fix-assert-aggregate-array

Conversation

@groeneai

@groeneai groeneai commented Apr 15, 2026

Copy link
Copy Markdown
Contributor

Changelog category (leave one):

  • CI Fix or Improvement (changelog entry is not required)

Changelog entry (a]sentence-length human-readable entry for the changelog, not a copy of the PR title. Skip for non-user-facing changes):

  • (not required)

Documentation checkbox (leave empty if not applicable):

  • Documentation is written (if applicable)

Summary

The AggregateFunctionArray constructor has an assert() (C standard library) that verifies parameter consistency between the outer Array wrapper and its nested function. The AST fuzzer occasionally generates queries with rare combinator + Nullable interaction paths that violate this invariant (STID 4870-4f21, persisting after PR #100679 which fixed the primary Nothing-function case).

The C assert() calls abort() which kills the entire server process (SIGABRT). This is disproportionate for a metadata inconsistency — the parameter mismatch does not cause data corruption or incorrect results.

Fix

Replace assert() with chassert():

  • Debug/sanitizer builds: throws LOGICAL_ERROR exception (caught by query error handling, server survives)
  • Release builds: no-op (same behavior as before — the assert was never active in release)

This is the standard ClickHouse pattern for query-path invariant checks (~2000+ chassert instances in the codebase).

CIDB Evidence

STID 4870-4f21 occurrences in the last 30 days:

Version info

  • Merged into: 26.4.1.982

The C `assert()` in AggregateFunctionArray's constructor calls `abort()`
when the parameter consistency invariant is violated, killing the entire
server process. The AST fuzzer occasionally generates queries with rare
combinator+Nullable interaction paths that trigger this assertion (STID
4870-4f21, ~4 occurrences in 30 days).

Replace with `chassert()` which throws a LOGICAL_ERROR exception in
debug/sanitizer builds instead of crashing. This allows the server to
continue serving other queries while still detecting and logging the
invariant violation. In release builds, both macros are no-ops.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@groeneai

Copy link
Copy Markdown
Contributor Author

@groeneai

Copy link
Copy Markdown
Contributor Author

cc @Avogar — could you review this? It replaces a C assert() with chassert() in the AggregateFunctionArray constructor to prevent server crash (SIGABRT) when the AST fuzzer triggers a rare parameter consistency violation through combinator+Nullable interaction paths (STID 4870-4f21).

@nikitamikhaylov nikitamikhaylov added the can be tested Allows running workflows for external contributors label Apr 15, 2026
@clickhouse-gh

clickhouse-gh Bot commented Apr 15, 2026

Copy link
Copy Markdown
Contributor

Workflow [PR], commit [48e6971]

Summary:


AI Review

Summary

This PR changes one line in AggregateFunctionArray constructor, replacing assert(parameters == nested_func->getParameters()) with chassert(...). This is a safe correctness/robustness improvement for debug/sanitizer builds: chassert integrates with ClickHouse assertion handling and diagnostics, while release behavior remains effectively unchanged (both compile to non-throwing checks/no-op). I found no blocker or major issues in the diff.

ClickHouse Rules
Item Status Notes
Deletion logging
Serialization versioning
Core-area scrutiny
No test removal
Experimental gate
No magic constants
Backward compatibility
SettingsChangesHistory.cpp
PR metadata quality
Safe rollout
Compilation time
No large/binary files
Final Verdict
  • Status: ✅ Approve

@clickhouse-gh clickhouse-gh Bot added the pr-ci label Apr 15, 2026
@clickhouse-gh

clickhouse-gh Bot commented Apr 15, 2026

Copy link
Copy Markdown
Contributor

LLVM Coverage Report

Metric Baseline Current Δ
Lines 84.00% 84.00% +0.00%
Functions 90.90% 90.90% +0.00%
Branches 76.50% 76.50% +0.00%

Changed lines: 83.33% (5/6) · Uncovered code

Full report · Diff report

@nihalzp nihalzp self-assigned this Apr 16, 2026
@nihalzp nihalzp added this pull request to the merge queue Apr 16, 2026
Merged via the queue into ClickHouse:master with commit d678fe4 Apr 16, 2026
161 checks passed
@robot-clickhouse-ci-2 robot-clickhouse-ci-2 added the pr-synced-to-cloud The PR is synced to the cloud repo label Apr 16, 2026
groeneai added a commit to groeneai/ClickHouse that referenced this pull request Apr 16, 2026
The assertion `parameters == nested_func->getParameters()` in
AggregateFunctionArray has been firing ~4 times per month in CI
(AST fuzzer and serverfuzz stress tests), triggered by specific
combinator+Array+Nullable mutations that are extremely hard to
reproduce locally.

The previous chassert (converted from assert() in PR ClickHouse#102856) only
provides the expression text with no information about WHAT the
parameters actually are. This makes root cause investigation nearly
impossible.

Replace with an explicit LOGICAL_ERROR exception that logs:
- The Array wrapper function name
- The nested function name
- Both parameter sets with their values and sizes

This preserves the invariant check while providing actionable
diagnostic information. The next CI occurrence will immediately
reveal which code path produces the parameter mismatch.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
groeneai added a commit to groeneai/ClickHouse that referenced this pull request Apr 16, 2026
The assertion `parameters == nested_func->getParameters()` in
AggregateFunctionArray has been firing ~4 times per month in CI
(AST fuzzer and serverfuzz stress tests), triggered by specific
combinator+Array+Nullable mutations that are extremely hard to
reproduce locally.

The previous chassert (converted from assert() in PR ClickHouse#102856) only
provides the expression text with no information about WHAT the
parameters actually are. This makes root cause investigation nearly
impossible.

Replace with an explicit LOGICAL_ERROR exception that logs:
- The Array wrapper function name
- The nested function name
- Both parameter sets with their values and sizes

This preserves the invariant check while providing actionable
diagnostic information. The next CI occurrence will immediately
reveal which code path produces the parameter mismatch.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

can be tested Allows running workflows for external contributors pr-ci pr-synced-to-cloud The PR is synced to the cloud repo

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants