| blob | 2dfde466a0b34b4dcc84e9e2c31c0a6277c8314b |
1 # 2005 November 30
2 #
3 # The author disclaims copyright to this source code. In place of
4 # a legal notice, here is a blessing:
5 #
6 # May you do good and not evil.
7 # May you find forgiveness for yourself and forgive others.
8 # May you share freely, never taking more than you give.
9 #
10 #***********************************************************************
11 #
12 # This file contains tests to ensure that the library handles malloc() failures
13 # correctly. The emphasis of these tests are the _prepare(), _step() and
14 # _finalize() calls.
15 #
16 # $Id: malloc3.test,v 1.24 2008/10/14 15:54:08 drh Exp $
18 set testdir [file dirname $argv0]
19 source $testdir/tester.tcl
20 source $testdir/malloc_common.tcl
22 # Only run these tests if memory debugging is turned on.
23 #
24 if {!$MEMDEBUG} {
25 puts "Skipping malloc3 tests: not compiled with -DSQLITE_MEMDEBUG..."
26 finish_test
27 return
28 }
30 #--------------------------------------------------------------------------
31 # NOTES ON RECOVERING FROM A MALLOC FAILURE
32 #
33 # The tests in this file test the behaviours described in the following
34 # paragraphs. These tests test the behaviour of the system when malloc() fails
35 # inside of a call to _prepare(), _step(), _finalize() or _reset(). The
36 # handling of malloc() failures within ancillary procedures is tested
37 # elsewhere.
38 #
39 # Overview:
40 #
41 # Executing a statement is done in three stages (prepare, step and finalize). A
42 # malloc() failure may occur within any stage. If a memory allocation fails
43 # during statement preparation, no statement handle is returned. From the users
44 # point of view the system state is as if _prepare() had never been called.
45 #
46 # If the memory allocation fails during the _step() or _finalize() calls, then
47 # the database may be left in one of two states (after finalize() has been
48 # called):
49 #
50 # * As if the neither _step() nor _finalize() had ever been called on
51 # the statement handle (i.e. any changes made by the statement are
52 # rolled back).
53 # * The current transaction may be rolled back. In this case a hot-journal
54 # may or may not actually be present in the filesystem.
55 #
56 # The caller can tell the difference between these two scenarios by invoking
57 # _get_autocommit().
58 #
59 #
60 # Handling of sqlite3_reset():
61 #
62 # If a malloc() fails while executing an sqlite3_reset() call, this is handled
63 # in the same way as a failure within _finalize(). The statement handle
64 # is not deleted and must be passed to _finalize() for resource deallocation.
65 # Attempting to _step() or _reset() the statement after a failed _reset() will
66 # always return SQLITE_NOMEM.
67 #
68 #
69 # Other active SQL statements:
70 #
71 # The effect of a malloc failure on concurrently executing SQL statements,
72 # particularly when the statement is executing with READ_UNCOMMITTED set and
73 # the malloc() failure mandates statement rollback only. Currently, if
74 # transaction rollback is required, all other vdbe's are aborted.
75 #
76 # Non-transient mallocs in btree.c:
77 # * The Btree structure itself
78 # * Each BtCursor structure
79 #
80 # Mallocs in pager.c:
81 # readMasterJournal() - Space to read the master journal name
82 # pager_delmaster() - Space for the entire master journal file
83 #
84 # sqlite3pager_open() - The pager structure itself
85 # sqlite3_pagerget() - Space for a new page
86 # pager_open_journal() - Pager.aInJournal[] bitmap
87 # sqlite3pager_write() - For in-memory databases only: history page and
88 # statement history page.
89 # pager_stmt_begin() - Pager.aInStmt[] bitmap
90 #
91 # None of the above are a huge problem. The most troublesome failures are the
92 # transient malloc() calls in btree.c, which can occur during the tree-balance
93 # operation. This means the tree being balanced will be internally inconsistent
94 # after the malloc() fails. To avoid the corrupt tree being read by a
95 # READ_UNCOMMITTED query, we have to make sure the transaction or statement
96 # rollback occurs before sqlite3_step() returns, not during a subsequent
97 # sqlite3_finalize().
98 #--------------------------------------------------------------------------
100 #--------------------------------------------------------------------------
101 # NOTES ON TEST IMPLEMENTATION
102 #
103 # The tests in this file are implemented differently from those in other
104 # files. Instead, tests are specified using three primitives: SQL, PREP and
105 # TEST. Each primitive has a single argument. Primitives are processed in
106 # the order they are specified in the file.
107 #
108 # A TEST primitive specifies a TCL script as its argument. When a TEST
109 # directive is encountered the Tcl script is evaluated. Usually, this Tcl
110 # script contains one or more calls to [do_test].
111 #
112 # A PREP primitive specifies an SQL script as its argument. When a PREP
113 # directive is encountered the SQL is evaluated using database connection
114 # [db].
115 #
116 # The SQL primitives are where the action happens. An SQL primitive must
117 # contain a single, valid SQL statement as its argument. When an SQL
118 # primitive is encountered, it is evaluated one or more times to test the
119 # behaviour of the system when malloc() fails during preparation or
120 # execution of said statement. The Nth time the statement is executed,
121 # the Nth malloc is said to fail. The statement is executed until it
122 # succeeds, i.e. (M+1) times, where M is the number of mallocs() required
123 # to prepare and execute the statement.
124 #
125 # Each time an SQL statement fails, the driver program (see proc [run_test]
126 # below) figures out if a transaction has been automatically rolled back.
127 # If not, it executes any TEST block immediately proceeding the SQL
128 # statement, then reexecutes the SQL statement with the next value of N.
129 #
130 # If a transaction has been automatically rolled back, then the driver
131 # program executes all the SQL specified as part of SQL or PREP primitives
132 # between the current SQL statement and the most recent "BEGIN". Any
133 # TEST block immediately proceeding the SQL statement is evaluated, and
134 # then the SQL statement reexecuted with the incremented N value.
135 #
136 # That make any sense? If not, read the code in [run_test] and it might.
137 #
138 # Extra restriction imposed by the implementation:
139 #
140 # * If a PREP block starts a transaction, it must finish it.
141 # * A PREP block may not close a transaction it did not start.
142 #
143 #--------------------------------------------------------------------------
146 # These procs are used to build up a "program" in global variable
147 # ::run_test_script. At the end of this file, the proc [run_test] is used
148 # to execute the program (and all test cases contained therein).
149 #
150 set ::run_test_script [list]
151 proc TEST {id t} {lappend ::run_test_script -test [list $id $t]}
152 proc PREP {p} {lappend ::run_test_script -prep [string trim $p]}
153 proc DEBUG {s} {lappend ::run_test_script -debug $s}
155 # SQL --
156 #
157 # SQL ?-norollback? <sql-text>
158 #
159 # Add an 'SQL' primitive to the program (see notes above). If the -norollback
160 # switch is present, then the statement is not allowed to automatically roll
161 # back any active transaction if malloc() fails. It must rollback the statement
162 # transaction only.
163 #
164 proc SQL {a1 {a2 ""}} {
165 # An SQL primitive parameter is a list of two elements, a boolean value
166 # indicating if the statement may cause transaction rollback when malloc()
167 # fails, and the sql statement itself.
168 if {$a2 == ""} {
169 lappend ::run_test_script -sql [list true [string trim $a1]]
170 } else {
171 lappend ::run_test_script -sql [list false [string trim $a2]]
172 }
173 }
175 # TEST_AUTOCOMMIT --
176 #
177 # A shorthand test to see if a transaction is active or not. The first
178 # argument - $id - is the integer number of the test case. The second
179 # argument is either 1 or 0, the expected value of the auto-commit flag.
180 #
181 proc TEST_AUTOCOMMIT {id a} {
182 TEST $id "do_test \$testid { sqlite3_get_autocommit \$::DB } {$a}"
183 }
185 #--------------------------------------------------------------------------
186 # Start of test program declaration
187 #
190 # Warm body test. A malloc() fails in the middle of a CREATE TABLE statement
191 # in a single-statement transaction on an empty database. Not too much can go
192 # wrong here.
193 #
194 TEST 1 {
195 do_test $testid {
196 execsql {SELECT tbl_name FROM sqlite_master;}
197 } {}
198 }
199 SQL {
200 CREATE TABLE IF NOT EXISTS abc(a, b, c);
201 }
202 TEST 2 {
203 do_test $testid.1 {
204 execsql {SELECT tbl_name FROM sqlite_master;}
205 } {abc}
206 }
208 # Insert a couple of rows into the table. each insert is in its own
209 # transaction. test that the table is unpopulated before running the inserts
210 # (and hence after each failure of the first insert), and that it has been
211 # populated correctly after the final insert succeeds.
212 #
213 TEST 3 {
214 do_test $testid.2 {
215 execsql {SELECT * FROM abc}
216 } {}
217 }
218 SQL {INSERT INTO abc VALUES(1, 2, 3);}
219 SQL {INSERT INTO abc VALUES(4, 5, 6);}
220 SQL {INSERT INTO abc VALUES(7, 8, 9);}
221 TEST 4 {
222 do_test $testid {
223 execsql {SELECT * FROM abc}
224 } {1 2 3 4 5 6 7 8 9}
225 }
227 # Test a CREATE INDEX statement. Because the table 'abc' is so small, the index
228 # will all fit on a single page, so this doesn't test too much that the CREATE
229 # TABLE statement didn't test. A few of the transient malloc()s in btree.c
230 # perhaps.
231 #
232 SQL {CREATE INDEX abc_i ON abc(a, b, c);}
233 TEST 4 {
234 do_test $testid {
235 execsql {
236 SELECT * FROM abc ORDER BY a DESC;
237 }
238 } {7 8 9 4 5 6 1 2 3}
239 }
241 # Test a DELETE statement. Also create a trigger and a view, just to make sure
242 # these statements don't have any obvious malloc() related bugs in them. Note
243 # that the test above will be executed each time the DELETE fails, so we're
244 # also testing rollback of a DELETE from a table with an index on it.
245 #
246 SQL {DELETE FROM abc WHERE a > 2;}
247 SQL {CREATE TRIGGER abc_t AFTER INSERT ON abc BEGIN SELECT 'trigger!'; END;}
248 SQL {CREATE VIEW abc_v AS SELECT * FROM abc;}
249 TEST 5 {
250 do_test $testid {
251 execsql {
252 SELECT name, tbl_name FROM sqlite_master ORDER BY name;
253 SELECT * FROM abc;
254 }
255 } {abc abc abc_i abc abc_t abc abc_v abc_v 1 2 3}
256 }
258 set sql {
259 BEGIN;DELETE FROM abc;
260 }
261 for {set i 1} {$i < 15} {incr i} {
262 set a $i
263 set b "String value $i"
264 set c [string repeat X $i]
265 append sql "INSERT INTO abc VALUES ($a, '$b', '$c');"
266 }
267 append sql {COMMIT;}
268 PREP $sql
270 SQL {
271 DELETE FROM abc WHERE oid IN (SELECT oid FROM abc ORDER BY random() LIMIT 5);
272 }
273 TEST 6 {
274 do_test $testid.1 {
275 execsql {SELECT count(*) FROM abc}
276 } {94}
277 do_test $testid.2 {
278 execsql {
279 SELECT min(
280 (oid == a) AND 'String value ' || a == b AND a == length(c)
281 ) FROM abc;
282 }
283 } {1}
284 }
285 SQL {
286 DELETE FROM abc WHERE oid IN (SELECT oid FROM abc ORDER BY random() LIMIT 5);
287 }
288 TEST 7 {
289 do_test $testid {
290 execsql {SELECT count(*) FROM abc}
291 } {89}
292 do_test $testid {
293 execsql {
294 SELECT min(
295 (oid == a) AND 'String value ' || a == b AND a == length(c)
296 ) FROM abc;
297 }
298 } {1}
299 }
300 SQL {
301 DELETE FROM abc WHERE oid IN (SELECT oid FROM abc ORDER BY random() LIMIT 5);
302 }
303 TEST 9 {
304 do_test $testid {
305 execsql {SELECT count(*) FROM abc}
306 } {84}
307 do_test $testid {
308 execsql {
309 SELECT min(
310 (oid == a) AND 'String value ' || a == b AND a == length(c)
311 ) FROM abc;
312 }
313 } {1}
314 }
316 set padding [string repeat X 500]
317 PREP [subst {
318 DROP TABLE abc;
319 CREATE TABLE abc(a PRIMARY KEY, padding, b, c);
320 INSERT INTO abc VALUES(0, '$padding', 2, 2);
321 INSERT INTO abc VALUES(3, '$padding', 5, 5);
322 INSERT INTO abc VALUES(6, '$padding', 8, 8);
323 }]
325 TEST 10 {
326 do_test $testid {
327 execsql {SELECT a, b, c FROM abc}
328 } {0 2 2 3 5 5 6 8 8}
329 }
331 SQL {BEGIN;}
332 SQL {INSERT INTO abc VALUES(9, 'XXXXX', 11, 12);}
333 TEST_AUTOCOMMIT 11 0
334 SQL -norollback {UPDATE abc SET a = a + 1, c = c + 1;}
335 TEST_AUTOCOMMIT 12 0
336 SQL {DELETE FROM abc WHERE a = 10;}
337 TEST_AUTOCOMMIT 13 0
338 SQL {COMMIT;}
340 TEST 14 {
341 do_test $testid.1 {
342 sqlite3_get_autocommit $::DB
343 } {1}
344 do_test $testid.2 {
345 execsql {SELECT a, b, c FROM abc}
346 } {1 2 3 4 5 6 7 8 9}
347 }
349 PREP [subst {
350 DROP TABLE abc;
351 CREATE TABLE abc(a, padding, b, c);
352 INSERT INTO abc VALUES(1, '$padding', 2, 3);
353 INSERT INTO abc VALUES(4, '$padding', 5, 6);
354 INSERT INTO abc VALUES(7, '$padding', 8, 9);
355 CREATE INDEX abc_i ON abc(a, padding, b, c);
356 }]
358 TEST 15 {
359 db eval {PRAGMA cache_size = 10}
360 }
362 SQL {BEGIN;}
363 SQL -norllbck {INSERT INTO abc (oid, a, padding, b, c) SELECT NULL, * FROM abc}
364 TEST 16 {
365 do_test $testid {
366 execsql {SELECT a, count(*) FROM abc GROUP BY a;}
367 } {1 2 4 2 7 2}
368 }
369 SQL -norllbck {INSERT INTO abc (oid, a, padding, b, c) SELECT NULL, * FROM abc}
370 TEST 17 {
371 do_test $testid {
372 execsql {SELECT a, count(*) FROM abc GROUP BY a;}
373 } {1 4 4 4 7 4}
374 }
375 SQL -norllbck {INSERT INTO abc (oid, a, padding, b, c) SELECT NULL, * FROM abc}
376 TEST 18 {
377 do_test $testid {
378 execsql {SELECT a, count(*) FROM abc GROUP BY a;}
379 } {1 8 4 8 7 8}
380 }
381 SQL -norllbck {INSERT INTO abc (oid, a, padding, b, c) SELECT NULL, * FROM abc}
382 TEST 19 {
383 do_test $testid {
384 execsql {SELECT a, count(*) FROM abc GROUP BY a;}
385 } {1 16 4 16 7 16}
386 }
387 SQL {COMMIT;}
388 TEST 21 {
389 do_test $testid {
390 execsql {SELECT a, count(*) FROM abc GROUP BY a;}
391 } {1 16 4 16 7 16}
392 }
394 SQL {BEGIN;}
395 SQL {DELETE FROM abc WHERE oid %2}
396 TEST 22 {
397 do_test $testid {
398 execsql {SELECT a, count(*) FROM abc GROUP BY a;}
399 } {1 8 4 8 7 8}
400 }
401 SQL {DELETE FROM abc}
402 TEST 23 {
403 do_test $testid {
404 execsql {SELECT * FROM abc}
405 } {}
406 }
407 SQL {ROLLBACK;}
408 TEST 24 {
409 do_test $testid {
410 execsql {SELECT a, count(*) FROM abc GROUP BY a;}
411 } {1 16 4 16 7 16}
412 }
414 # Test some schema modifications inside of a transaction. These should all
415 # cause transaction rollback if they fail. Also query a view, to cover a bit
416 # more code.
417 #
418 PREP {DROP VIEW abc_v;}
419 TEST 25 {
420 do_test $testid {
421 execsql {
422 SELECT name, tbl_name FROM sqlite_master;
423 }
424 } {abc abc abc_i abc}
425 }
426 SQL {BEGIN;}
427 SQL {CREATE TABLE def(d, e, f);}
428 SQL {CREATE TABLE ghi(g, h, i);}
429 TEST 26 {
430 do_test $testid {
431 execsql {
432 SELECT name, tbl_name FROM sqlite_master;
433 }
434 } {abc abc abc_i abc def def ghi ghi}
435 }
436 SQL {CREATE VIEW v1 AS SELECT * FROM def, ghi}
437 SQL {CREATE UNIQUE INDEX ghi_i1 ON ghi(g);}
438 TEST 27 {
439 do_test $testid {
440 execsql {
441 SELECT name, tbl_name FROM sqlite_master;
442 }
443 } {abc abc abc_i abc def def ghi ghi v1 v1 ghi_i1 ghi}
444 }
445 SQL {INSERT INTO def VALUES('a', 'b', 'c')}
446 SQL {INSERT INTO def VALUES(1, 2, 3)}
447 SQL -norollback {INSERT INTO ghi SELECT * FROM def}
448 TEST 28 {
449 do_test $testid {
450 execsql {
451 SELECT * FROM def, ghi WHERE d = g;
452 }
453 } {a b c a b c 1 2 3 1 2 3}
454 }
455 SQL {COMMIT}
456 TEST 29 {
457 do_test $testid {
458 execsql {
459 SELECT * FROM v1 WHERE d = g;
460 }
461 } {a b c a b c 1 2 3 1 2 3}
462 }
464 # Test a simple multi-file transaction
465 #
466 forcedelete test2.db
467 ifcapable attach {
468 SQL {ATTACH 'test2.db' AS aux;}
469 SQL {BEGIN}
470 SQL {CREATE TABLE aux.tbl2(x, y, z)}
471 SQL {INSERT INTO tbl2 VALUES(1, 2, 3)}
472 SQL {INSERT INTO def VALUES(4, 5, 6)}
473 TEST 30 {
474 do_test $testid {
475 execsql {
476 SELECT * FROM tbl2, def WHERE d = x;
477 }
478 } {1 2 3 1 2 3}
479 }
480 SQL {COMMIT}
481 TEST 31 {
482 do_test $testid {
483 execsql {
484 SELECT * FROM tbl2, def WHERE d = x;
485 }
486 } {1 2 3 1 2 3}
487 }
488 }
490 # Test what happens when a malloc() fails while there are other active
491 # statements. This changes the way sqlite3VdbeHalt() works.
492 TEST 32 {
493 if {![info exists ::STMT32]} {
494 set sql "SELECT name FROM sqlite_master"
495 set ::STMT32 [sqlite3_prepare $::DB $sql -1 DUMMY]
496 do_test $testid {
497 sqlite3_step $::STMT32
498 } {SQLITE_ROW}
499 }
500 }
501 SQL BEGIN
502 TEST 33 {
503 do_test $testid {
504 execsql {SELECT * FROM ghi}
505 } {a b c 1 2 3}
506 }
507 SQL -norollback {
508 -- There is a unique index on ghi(g), so this statement may not cause
509 -- an automatic ROLLBACK. Hence the "-norollback" switch.
510 INSERT INTO ghi SELECT '2'||g, h, i FROM ghi;
511 }
512 TEST 34 {
513 if {[info exists ::STMT32]} {
514 do_test $testid {
515 sqlite3_finalize $::STMT32
516 } {SQLITE_OK}
517 unset ::STMT32
518 }
519 }
520 SQL COMMIT
522 #
523 # End of test program declaration
524 #--------------------------------------------------------------------------
526 proc run_test {arglist iRepeat {pcstart 0} {iFailStart 1}} {
527 if {[llength $arglist] %2} {
528 error "Uneven number of arguments to TEST"
529 }
531 for {set i 0} {$i < $pcstart} {incr i} {
532 set k2 [lindex $arglist [expr 2 * $i]]
533 set v2 [lindex $arglist [expr 2 * $i + 1]]
534 set ac [sqlite3_get_autocommit $::DB] ;# Auto-Commit
535 switch -- $k2 {
536 -sql {db eval [lindex $v2 1]}
537 -prep {db eval $v2}
538 }
539 set nac [sqlite3_get_autocommit $::DB] ;# New Auto-Commit
540 if {$ac && !$nac} {set begin_pc $i}
541 }
543 db rollback_hook [list incr ::rollback_hook_count]
545 set iFail $iFailStart
546 set pc $pcstart
547 while {$pc*2 < [llength $arglist]} {
549 # Id of this iteration:
550 set k [lindex $arglist [expr 2 * $pc]]
551 set iterid "pc=$pc.iFail=$iFail$k"
552 set v [lindex $arglist [expr 2 * $pc + 1]]
554 switch -- $k {
556 -test {
557 foreach {id script} $v {}
558 incr pc
559 }
561 -sql {
562 set ::rollback_hook_count 0
564 set ac [sqlite3_get_autocommit $::DB] ;# Auto-Commit
565 sqlite3_memdebug_fail $iFail -repeat 0
566 set rc [catch {db eval [lindex $v 1]} msg] ;# True error occurs
567 set nac [sqlite3_get_autocommit $::DB] ;# New Auto-Commit
569 if {$rc != 0 && $nac && !$ac} {
570 # Before [db eval] the auto-commit flag was clear. Now it
571 # is set. Since an error occured we assume this was not a
572 # commit - therefore a rollback occured. Check that the
573 # rollback-hook was invoked.
574 do_test malloc3-rollback_hook.$iterid {
575 set ::rollback_hook_count
576 } {1}
577 }
579 set nFail [sqlite3_memdebug_fail -1 -benigncnt nBenign]
580 if {$rc == 0} {
581 # Successful execution of sql. The number of failed malloc()
582 # calls should be equal to the number of benign failures.
583 # Otherwise a malloc() failed and the error was not reported.
584 #
585 if {$nFail!=$nBenign} {
586 error "Unreported malloc() failure"
587 }
589 if {$ac && !$nac} {
590 # Before the [db eval] the auto-commit flag was set, now it
591 # is clear. We can deduce that a "BEGIN" statement has just
592 # been successfully executed.
593 set begin_pc $pc
594 }
596 incr pc
597 set iFail 1
598 integrity_check "malloc3-(integrity).$iterid"
599 } elseif {[regexp {.*out of memory} $msg] || [db errorcode] == 3082} {
600 # Out of memory error, as expected.
601 #
602 integrity_check "malloc3-(integrity).$iterid"
603 incr iFail
604 if {$nac && !$ac} {
606 if {![lindex $v 0] && [db errorcode] != 3082} {
607 # error "Statement \"[lindex $v 1]\" caused a rollback"
608 }
610 for {set i $begin_pc} {$i < $pc} {incr i} {
611 set k2 [lindex $arglist [expr 2 * $i]]
612 set v2 [lindex $arglist [expr 2 * $i + 1]]
613 set catchupsql ""
614 switch -- $k2 {
615 -sql {set catchupsql [lindex $v2 1]}
616 -prep {set catchupsql $v2}
617 }
618 db eval $catchupsql
619 }
620 }
621 } else {
622 error $msg
623 }
625 while {[lindex $arglist [expr 2 * ($pc -1)]] == "-test"} {
626 incr pc -1
627 }
628 }
630 -prep {
631 db eval $v
632 incr pc
633 }
635 -debug {
636 eval $v
637 incr pc
638 }
640 default { error "Unknown switch: $k" }
641 }
642 }
643 }
645 # Turn of the Tcl interface's prepared statement caching facility. Then
646 # run the tests with "persistent" malloc failures.
647 sqlite3_extended_result_codes db 1
648 db cache size 0
649 run_test $::run_test_script 1
651 # Close and reopen the db.
652 db close
653 forcedelete test.db test.db-journal test2.db test2.db-journal
654 sqlite3 db test.db
655 sqlite3_extended_result_codes db 1
656 set ::DB [sqlite3_connection_pointer db]
658 # Turn off the Tcl interface's prepared statement caching facility in
659 # the new connnection. Then run the tests with "transient" malloc failures.
660 db cache size 0
661 run_test $::run_test_script 0
663 sqlite3_memdebug_fail -1
664 finish_test