WL#3726: DDL locking for all metadata objects

Affects: Server-5.5   —   Status: Complete

NOTE: This task is needed for implementation of foreign
keys. Progress reports for this work can be found in

Implement DDL locking for all metadata objects.
This is necessary to solve BUG#25144 "replication / binlog with view breaks".
Resolution of the architecture meeting in Stockholm on BUG#25144 and BUG#989:
Extend open_cache to be:

1) transaction-wide
2) supports all objects types:
  * base tables
  * views
  * stored procedures and functions
  * time zone tables
  * databases
3) designed to contain only relevant data

Version: 5.1 (changed to version 6.0 after discussion; this change is considered
too risky for 5.1 at this late stage).

This worklog only implements item 2) and 3).
Please see WL#4284 for support of metadata locks across multiple statements in a
Table of contents


Part I -- The new MDL API.
 A. The new API
   A-1 Main data structures
   A-2 Initialization and destruction
   A-3 Acquirer's primitives to work with lock objects
   A-4 Acquisition of locks
   A-5 Releasing locks
   A-6 Utility functions
 B. Deployment of the API.
 C. Metadata lock on a view.

Part II -- Transactional locks.

Appendix A. Future work.


This worklog task consists of two parts.

Part I introduces a new API for metadata locking.
Its goal is to encapsulate locking functionality in a standalone
and extensible module. This part also aligns implementation of
auto-repair with the locking protocol supported by the system
(for details see Deployment of the API).
It generalizes the concept of a metadata lock and
allows to lock any object type, including views and stored
programs. Finally, it fixes BUG#25144, which root cause is in
absence of metadata locking for views.

Part II introduces transactional metadata locks, i.e. extends life
span of a metadata lock from one statement to one transaction.
It's primary goal is to fix BUG#989, which occurred because
currently MySQL keeps no metadata locks for tables used in
a transaction.  Note: Part II is not yet ready and is not
submitted for a review.

Please refer to MySQL internals manual for the description of the
current system and terminology:

Part I Metadata locking API.

A. The new API.

Implementation of metadata locks is moved from a table cache into
a standalone module that has no dependencies on other parts of the
The interface of the module is clearly defined: functions are
provided to acquire shared and exclusive locks and release locks.
The current locking protocol and algorithms, however, are kept
mostly unchanged: improvement of locking algorithms is not 
the goal of this task.

Since MySQL metadata locking relies on a number of external
invariants to resolve deadlocks, the module communicates with the
rest of the server by means of 2 identified external functions,
used at particular moments of lock acquisition.

Correct acquisition of metadata locks ensures consistency of the
data dictionary, statement and row based replication. (See
chapter "What metadata locks protect" in metadata locking
The metadata locks are acquired for every operation on the
database state. They are intended to be acquired first order
during statement execution and thus the API requires nothing but
object names to operate (compare with the current API which
requires a TABLE_LIST instance to represent a lock request).

A-1 Main data structures

  Context of the owner of metadata locks. I.e. each server connection
  has such a context.

  A pending lock request or a granted metadata lock.
  A lock is requested or granted based on a fully
  qualified name and type. E.g. for a table the key
  consists of <0 (=table)>++.
  Later in this document this triple will be referred to
  simply as "key" or "name".
struct MDL_EL;

  The lock context. Created internally for an acquired lock.
  For a given name, there exists only one
  MDL_LOCK instance, and it exists only when the lock has been
  granted. Can be seen as an MDL subsystem's version of
struct MDL_LOCK;

A-2 Initialiaztion and destruction

  Initialize the metadata locking subsystem.

  This function is called at server startup.

  In particular, initializes the new global mutex and
  the associated condition variable: LOCK_mdl and COND_mdl.
  These locking primitives are implementation details of the MDL
  subsystem and are private to it.

  Note, that even though the new implementation adds acquisition
  of a new global mutex to the execution flow of almost every SQL
  statement, the design capitalizes on that to later save on 
  look ups in the table definition cache. This leads to reduced
  contention overall and on LOCK_open in particular.
  Please see the description of mdl_acquire_shared_lock() for details.
void mdl_init();

  Release resources of metadata locking subsystem.

  Destroys the global mutex and the condition variable.
  Called at server shutdown.
void mdl_destroy();
  Initialize a metadata locking context.
  This is to be called when a new server connection is created.
  This is a no-cost operation to just reset to NULL the list
  of lock requests that this originator currently has.
void mdl_context_init(MDL_CONTEXT *context);

  Destroy metadata locking context.

  Assumes and asserts that there are no active or pending locks
  associated with this context at the time of the destruction.

  Currently does nothing. Asserts that there are no pending
  or satisfied lock requests. The pending locks must be released
  prior to destruction. This is a new way to express
  the assertion that all tables are closed before
  a connection is destroyed.
void mdl_context_destroy(MDL_CONTEXT *context);

A-3 Acquirer's primitives to work with lock objects

  Initialize a lock request.

  This is to be used for every lock request.

  Note that initialization and allocation are split
  into two calls. This is to allow flexible memory management
  of lock requests. Normally a lock request is stored
  in statement memory (e.g. is a member of struct TABLE_LIST),
  but we would also like to allow allocation of lock
  requests in other memory roots, for example in the grant
  subsystem, to lock privilege tables.

  The MDL subsystem does not own or manage memory of lock
  requests. Instead it assumes that the life time of every lock
  request encloses calls to mdl_acquire_shared_lock() and

  @param  mdl        Pointer to an MDL_EL object to initialize
  @param  key_buff   Pointer to the buffer for key for the lock request
                     (should be at least strlen(db) + strlen(name)
                     + 2 bytes, or, if the lengths are not known,
  @param  type       Id of type of object to be locked
  @param  db         Name of database to which the object belongs
  @param  name       Name of of the object

  Stores the database name, object name and the type in the key
  buffer. Initializes mdl_el to point to the key.
  We can't simply initialize mdl_el with type, db and name
  by-pointer because of the underlying HASH implementation
  requires the key to be a contiguous buffer.

  Suggested lock types: TABLE - 0 PROCEDURE - 1 FUNCTION - 2
  Note that tables and views have the same lock type, since
  they share the same name space in the SQL standard.

void mdl_init_lock(MDL_EL *mdl_el, char *key_buff, int type, const
                   char *db, const char *name);

  Allocate and initialize one lock request.
  Same as mdl_init_lock(), but allocates the lock and the key buffer
  on a memory root. Necessary to lock ad-hoc tables, e.g.
  mysql.* tables of grant and data dictionary subsystems.

  @param  type       Id of type of object to be locked
  @param  db         Name of database to which object belongs
  @param  name       Name of of object
  @param  root       MEM_ROOT on which object should be allocated

  @retval 0      Error
  @retval non-0  Pointer to an object representing a lock request

MDL_EL *mdl_alloc_lock(int type, const char *db, const char *name,
                       MEM_ROOT *root);
  Add a lock request to the list of lock requests of
  the context.

  The procedure to acquire metadata locks is:
  - allocate and initialize lock requests
  - associate them with a context
  - call mdl_acquire_shared_lock()/mdl_release_lock()
  (maybe repeatedly).

  Associates a lock request with the given context. Note, that
  since we continue using pre-locking and try-and-back-off
  techniques, this function asserts that there are no granted
  locks when a new lock request is added to the context.

  @param  context    The MDL context to associate the lock with.
                     There should be no more than one context per
                     connection, to avoid deadlocks.
  @param  lock       The lock request to be added.
  @param  exclusive  Type of the lock requested
void mdl_add_lock(MDL_CONTEXT *context, MDL_EL *lock, bool exclusive);

   Clear all lock requests in the context (clear the context).

   Disassociates lock requests from the context.
   All granted locks must be released prior to calling this

   In other words, the expected procedure to release locks is:
   - mdl_release_locks();
   - mdl_remove_all_locks();

   We could possibly merge mdl_remove_all_locks() and
   mdl_release_locks(), but this function comes in handy
   when we need to back off: in that case we release all
   the locks acquired so-far but do not free them, since
   we know that the respective lock requests will be used

   @param context Context to be cleared.
void mdl_remove_all_locks(MDL_CONTEXT *context);

A-4 Acquisition of locks

   Try to acquire one shared lock.

   Unlike exclusive locks, shared locks are acquired one by
   one. This is interface is chosen to simplify introduction of
   the new locking API to the system. mdl_acquire_shared_lock()
   is currently used from open_table(), and there we have only one
   table to work with.

   In future we may consider allocating multiple shared locks
   at once.

   This function must be called after the lock is added to
   a context. There must be no prior acquired exclusive lock in
   the context.

   @param lock  Lock request object for lock to be acquired

   @retval  FALSE   success
   @retval  TRUE    a conflicting lock exists. Another attempt
                    should be made after releasing all current
                    locks and waiting for conflicting lock go
                    away (using mdl_wait_for_locks()).

bool mdl_acquire_shared_lock(MDL_CONTEXT *context, MDL_EL *lock);


  let mdl_lock = look up an MDL_LOCK in the HASH
                 using object name
  if (mdl_lock is found)
    if (there is an exclusive lock, granted or pending)
        We have other locks granted on this name
        and must back off.
      return TRUE;
    insert a new MDL_LOCK into the HASH;
  Append the lock to the list of granted locks in MDL_LOCK
  return FALSE;

  A callback to the server internals that is used to address
  special cases of the locking protocol.
  Invoked when acquiring an exclusive lock, for each thread that
  has a conflicting shared metadata lock.

  This function:

  - aborts waiting of the thread on a data lock, to make it notice
    the pending exclusive lock and back off.
  - if the thread has an open HANDLER to the table in question,
    closes the cursor of the HANDLER
  - if the thread is an INSERT DELAYED thread, sends it a KILL
    signal to terminate it.

  @note This function does not wait for the thread 
  to give away its locks. Waiting is done outside for all threads
  at once.

  @param in_use The thread to wake up

  @retval  TRUE  if the thread was woken up
  @retval  FALSE otherwise (e.g. it was not waiting for a table-level lock).

  @note It is one of two places where border between MDL and the rest of
        the server is broken.

extern bool notify_thread_having_shared_lock(THD *in_use)

  Acquire exclusive locks. The context must contain the list of
  locks to be acquired. There must be no granted locks in the

  This is a replacement of lock_table_names(). It is used in
  RENAME, DROP and other DDL SQL statements.

  @param context  A context containing requests for exclusive locks
                  The context may not have other lock requests.
void mdl_acquire_exclusive_locks(MDL_CONTEXT *context);


  foreach (mdl_el: request for an exclusive lock from the context)
    Assert: the request is for an exclusive lock.

    let mdl_lock = look up an MDL_LOCK in the HASH using object name

    if (mdl_lock is NULL)
      add a new mdl_lock instance to the cache
    append the lock request to the list of pending exclusive locks

  while (there is some competing shared or exclusive lock)
    foreach (mdl_el: request for an exclusive lock from the context)
      let mdl_lock = mdl_el->lock;
      if (there are active readers in mdl_lock)
        foreach (mdl_el_dep: reader in mdl_lock)
      else if (there is a pending exclusive lock request ahead of
               us in the lsit or a granted exclusive lock)
        need_wait= TRUE;
    if (need_wait)
      wait_on(LOCK_mdl, COND_mdl);
  foreach (mdl_el: request for an exclusive lock)
    move the lock from "pending list" to "granted list";

  Upgrade a shared metadata lock to exclusive.

  Used in ALTER TABLE, when a copy of the table with the
  new definition has been constructed.

  @pre To avoid deadlocks, this must be the only lock in the

  @param context Context to which shared long belongs
  @param type    Id of object type
  @param db      Name of the database
  @param name    Name of the object
void mdl_upgrade_shared_lock_to_exclusive(MDL_CONTEXT *context, int type,
                                          const char *db, const char *name);


  let mdl_lock = look up the lock object by name

  add lock type to the list of pending exclusive locks
  remove lock type from the list of granted shared locks

  while (there is some competing shared or exclusive lock)
    if (there are active readers in mdl_lock)
      foreach (mdl_el_dep: reader in mdl_lock)
    else if (there is a pending exclusive lock request ahead of us or
             a granted exclusive lock)
      need_wait= TRUE;
    if (need_wait)
      wait_on(LOCK_mdl, COND_mdl);
  move the lock from "pending list" to "granted list";

  Try to acquire an exclusive lock on the object if there are
  no conflicting locks.

  Similar to the previous function, but returns
  immediately without any side effect if encounters a lock
  conflict. Otherwise takes the lock.

  This function is used in CREATE TABLE ... LIKE
  to acquire a lock on the table to be created.
  In this statement we don't want to block and wait for the lock if
  the table already exists.

  @param context The context containing the lock request
  @param lock    The lock request

  @retval FALSE the lock was granted
  @retval TRUE  there were conflicting locks.
bool mdl_try_acquire_exclusive_lock(MDL_CONTEXT *context, MDL_EL *lock);

  Wait until there are no old versions of tables in the
  table definition cache for the locks that we try to

  This is the second point of interaction of the meta-data
  locking with the rest of the server.

  It is used by mdl_wait_for_locks(), which is called
  by the acquirer after a backs off.

  In other words, if mdl_acquire_shared_lock() returns
  TRUE the acquire must call:
  - mdl_release_locks()
  - mdl_wait_for_locks()
  and then try again.

  @param names Names of tables to be waited for
extern void tdc_wait_for_old_versions(List *names);

  Wait until there will be no locks that conflict with lock
  requests in the context.

  This is a part of the locking protocol and must be
  used by the acquirer of shared locks after a back-off.

  Does not acquire the locks!

  @param context Context with which lock requests are associated.
void mdl_wait_for_locks(MDL_CONTEXT *context);

A-5 Releasing locks

   Release all locks associated with the context,
   but leave them in the context as lock requests.

   This function is used to back off in case of a lock
   conflict. It is also used to release shared locks
   in the end of an SQL statement.

   @param context The context with which the locks to be
                  released are associated.
void mdl_release_locks(MDL_CONTEXT *context);

  foreach (mdl_el: lock in the context)
    if (the lock is granted)
      move the lock from "granted list" to "pending list";

   Release all exclusive locks associated with context.
   Removes the locks from the context.

   @param context Context with exclusive locks.

   @note Shared locks are left intact.
void mdl_release_exclusive_locks(MDL_CONTEXT *context);

  Release a lock.
  Removes the lock from the context.

  @param context Context containing lock in question
  @param lock    Lock to be released
void mdl_release_lock(MDL_CONTEXT *context, MDL_EL *lock);
  Downgrade all exclusive locks in the context to

  @param context A context with exclusive locks.
void mdl_downgrade_exclusive_locks(MDL_CONTEXT *context);

A-6 Utility functions

  Associate pointer to an opaque object with a lock.

  @param l             Lock request for the lock with which the
                       object should be associated.
  @param cached_object Pointer to the object
  @param release_hook  Cleanup function to be called when MDL subsystem
                       decides to remove lock or associate another object.

 This is used to cache a pointer to TABLE_SHARE in the lock
 structure. Such caching can save one acquisition of LOCK_open
 and one table definition cache lookup for every table.

 Since the pointer may be stored only inside an acquired lock,
 the caching is only effective when there is more than one lock
 granted on a given table.

 This function has the following usage pattern:
 - try to acquire an MDL lock
 - when done, call for mdl_get_cached_object(). If it
 returns NULL, our thread has the only lock on this table.
     -  look up TABLE_SHARE in the table definition cache
     -  call mdl_set_cache_object() to assign the share
     to the opaque pointer.

 The release hook is invoked when the last shared metadata
 lock on this name is released.

void mdl_set_cached_object(MDL_EL *l, void *cached_object,
                           mdl_cached_object_release_hook release_hook);

  Get a pointer to an opaque object that associated with the lock.

  @param  l Lock request for the lock with which the object is

  @return Pointer to an opaque object associated with the lock.
void *mdl_get_cached_object(MDL_EL *l);

Part I. B. Deployment of the API

The new API obsoletes the following functions:

- lock_table_name(), lock_table_names(), unlock_table_names(),
  lock_table_names_exclusively(), lock_table_name_if_not_cached(),
  mysql_wait_completed_table(), get_name_lock(),

- since the locking role of the table cache was moved
  to the MDL subsystem, it became possible to merge the table
  cache and the table definition cache. All open tables
  for a given name are attached to the respective TABLE_SHARE.
  A list of unused TABLE instances is still maintained
  in unused_list and is purged on FIFO basis.

  Used and unused TABLE elements are now attached to their
  respective TABLE_SHAREs, i.e. elements of the table definition
  cache.  The following structures and functions were removed:
  open_cache, table_cache_key(), table_cache_init(),
  table_cache_destroy(), table_cache_free(),
  remove_db_from_cache() TABLE_SHARE elements do not have to be
  looked up in the table definition cache in all  cases: they are
  attached to the metadata lock if there is one by means of
  mdl_{get,set}_cached_object() API.

  This addresses the performance bottleneck identified
  in BUG#33948.

- auto-repair implementation is rewritten to not acquire
  an exclusive metadata lock from within open_table().
  Since acquisition of an exclusive lock must wait for
  other threads to give away their locks, theoretically
  this could lead to deadlocks. Even though it's practically
  impossible to trigger this situation with auto-repair, the
  change was done to fullfill the assertions of the implemented
  locking protocol. 
  Instead of starting auto-repair, open_table() now returns
  a special return code, that causes the thread close
  all currently open tables, repair the table in question and
  try to reopen the tables after that.

Part I. C. A metadata lock on a view

Since views and base tables share the same name space according
to the SQL standard, a metadata lock on a view has the same
type (0) as one on a table. Acqusition and release primitives
are identical as well.

Part II. Transactional locks

Appendix A: Future work

Most todo from this list items will be addressed in separate
tasks.  They are collected here to provide a roadmap
for metadata locking.

1. INFORMATION_SCHEMA and NDB cluster binlog invokes NDB auto-discovery
frivolously: ndbcluster_find_files() is called while keeping other
metadata locks. This may lead to deadlocks.

Auto-discovery should be re-written to not be invoked while keeping
other metaddata locks.

Requires architecture work and prototyping.

2. Auto-discovery code invoked inside open_unireg_entry() (Data Dictionary,
addition of a table to the table definition cache).

The same disease as in item 1.


3. TRUNCATE implementation. The current code first accesses the
data dictionary to detect the storage engine of the subject table
on hand, and only then acquires an exclusive metadata lock. This
is an opportunity for a race condition and must be eliminated.

A minor code change that can be done in a separate patch.

4. ALTER VIEW implementation. A similar gap is present
between an access to the data dictionary to establish the table type
(a view or a base table) and an exclusive metadata lock.

A minor code change that can be done in a separate patch.

5. INFORMATION_SCHEMA should use MDL subsystem to acquire
special metadata locks on used tables. A new lock type will be
introduced for this purpose.

A fairly substantial change but has been approved by the
architecture board in Orlando. Requires specification and


6. LOCK TABLE t1 WRITE should acquire an shared-for-upgrade
lock type on the table.

When this is done, FLUSH TABLE or DROP TABLE under LOCK TABLES
can upgrade the lock type to EXCLUSIVE without having to
abort transactions, simply by waiting for all shared locks to go

A minor change that can be addressed in a separate patch.

7. It should be possible to lock a table with LOCK TABLE statement
that does not yet exist.

At the same time, it should be impossible to use tables outside the
set locked with LOCK TABLES, even for DDL.


-- should be allowed (currently fails during ALTER)

-- should be prohibited

A minor change that can be addressed in a separate patch.
Since is an incompatible change, must be done in an alpha.
Should be done together with item 6.

8. Support for metadata locks for a database (schema), tablespace,

In order to support RENAME DATABASE and proper operation
with tablespaces, MySQL will need to implement metadata
locks on schemas, tablespaces, and other compound

Two alternative solutions have been identified:
 * do not support hierarchies inside MDL subsystem. If a database
 is used in a statement, lock it in shared mode just as if it
 was any other object type (table, procedure, view).

 * represent the list of locks requested or granted as a hierarchy
 or a tree. Allow to lock parts of this tree.

Requires prototyping and an approval of architects.
Will be addressed in a separate worklog task.