PingCAP wink@pingcap.com Agenda ● How to build a stable database ○ Schrodinger-test platform ○ Failpoint injection ○ Goroutine-leak detection ● Optimization ○ Chunk vs interface{} ○ Vectorized execution TiDB the Cat is dead, and the Schrodinger will give us a report What is Schrodinger(2/2) Failpoint injection ● Failpoints are used to add code points where errors may be injected ● Why we need failpoints cases func someFunc() string { // gofail: var SomeFuncString string // // this is called when the failpoint is triggered // return SomeFuncString return "default" } About gofail ● An implementation of FreeBSD

Alpha - 408 - 本文档使用 书栈(BookStack.CN) 构建 优化 Coprocessor count (*) 和点查 unique index 的性能 增加更多的 Failpoint 以及稳定性测试 case 解决 PD 和 TiKV 之间重连的问题 增强数据恢复工具 tikv-ctl 的功能 Region 支持按 table 进行分裂 支持 Delete Range

TiDB to cache a large number of Prepared Statements, and executing SQL operations this way has injection security risks. 694 Dynamic SQL Batch Dynamic SQL - foreach To support the automatic rewriting allow multiple queries to be executed in the same COM_QUERY call. • To reduce the impact of SQL injection attacks, TiDB now prevents multiple queries from being executed in the same COM_QUERY call by default error might occur after upgrading from an earlier version of TiDB. To reduce the impact of SQL injection attacks, TiDB now prevents multiple queries from being executed in the same COM_QUERY call by default

TiDB to cache a large number of Prepared Statements, and executing SQL operations this way has injection security risks. Dynamic SQL Batch Dynamic SQL - foreach To support the automatic rewriting of allow multiple queries to be executed in the same COM_QUERY call. • To reduce the impact of SQL injection attacks, TiDB now prevents multiple queries from being executed in the same COM_QUERY call by default error might occur after upgrading from an earlier version of TiDB. To reduce the impact of SQL injection attacks, TiDB now prevents multiple queries from being executed in the same COM_QUERY call by default

TiDB to cache a large number of Prepared Statements, and executing SQL operations this way has injection security risks. Dynamic SQL Batch Dynamic SQL - foreach To support the automatic rewriting of allow multiple queries to be executed in the same COM_QUERY call. • To reduce the impact of SQL injection attacks, TiDB now prevents multiple queries from being executed in the same COM_QUERY call by default error might occur after upgrading from an earlier version of TiDB. To reduce the impact of SQL injection attacks, TiDB now prevents multiple queries from being executed in the same COM_QUERY call by default

annotation resides. You can also use @Param to specify a name different from the parameter for injection. In getPlayerAndLock, an annotation @Lock is used to declare that pessimistic locking is applied of SQL statements: • Security: Because parameters and statements are separated, the risk of SQL injection attacks is avoided. • Performance: Because the statement is parsed in advance on the TiDB server done by concatenating parameters into a SQL statement. However, this method poses a potential SQL Injection risk to the security of the application. To deal with such queries, use a Prepared statement instead

extends JpaRepository { } Then, you can use @Autowired for automatic dependency injection in any class that requires the PlayerRepository. This enables you to directly use CRUD functions performance overhead caused by frequently establishing and destroying connections. • To avoid SQL injection, it is recommended to use prepared statements. • In scenarios where there are not many complex SQL performance overhead caused by frequently establishing and destroying connections. • To avoid SQL injection attacks, it is recommended to use Escaping query values before executing SQL. Note The mysqljs/mysql

extends JpaRepository { } Then, you can use @Autowired for automatic dependency injection in any class that requires the PlayerRepository. This enables you to directly use CRUD functions performance overhead caused by frequently establishing and destroying connections. • To avoid SQL injection, it is recommended to use prepared statements. • In scenarios where there are not many complex SQL performance overhead caused by frequently establishing and destroying connections. • To avoid SQL injection attacks, it is recommended to use Escaping query values before executing SQL. Note The mysqljs/mysql

extends JpaRepository { } Then, you can use @Autowired for automatic dependency injection in any class that requires the PlayerRepository. This enables you to directly use CRUD functions performance overhead caused by frequently establishing and destroying connections. • To avoid SQL injection, it is recommended to use prepared statements. • In scenarios where there are not many complex SQL performance overhead caused by frequently establishing and destroying connections. 214 • To avoid SQL injection attacks, it is recommended to use Escaping query values before executing SQL. Note The mysqljs/mysql

extends JpaRepository { } Then, you can use @Autowired for automatic dependency injection in any class that requires the PlayerRepository. This enables you to directly use CRUD functions performance overhead caused by frequently establishing and destroying connections. • To avoid SQL injection, it is recommended to use prepared statements. • In scenarios where there are not many complex SQL performance overhead caused by frequently establishing and destroying connections. • To avoid SQL injection attacks, it is recommended to use Escaping query values before executing SQL. Note The mysqljs/mysql