Google Git
Sign in
chromium / chromium / src / 6cb15f0f9fcdd1e34dba5cc914975f873d10a7dd / . / sql / recovery_unittest.cc
blob: eb34482f38cfb0ef610a7892d14dfc30b4df31c0 [file] [log] [blame]
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif
#include "sql/recovery.h"
#include <stddef.h>
#include <algorithm>
#include <cstdint>
#include <string>
#include <tuple>
#include <utility>
#include <vector>
#include "base/dcheck_is_on.h"
#include "base/files/file.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/files/scoped_temp_dir.h"
#include "base/functional/callback_forward.h"
#include "base/functional/callback_helpers.h"
#include "base/path_service.h"
#include "base/strings/strcat.h"
#include "base/strings/string_number_conversions.h"
#include "base/test/bind.h"
#include "base/test/gtest_util.h"
#include "base/test/metrics/histogram_tester.h"
#include "build/buildflag.h"
#include "sql/database.h"
#include "sql/meta_table.h"
#include "sql/sqlite_result_code.h"
#include "sql/sqlite_result_code_values.h"
#include "sql/statement.h"
#include "sql/test/scoped_error_expecter.h"
#include "sql/test/test_helpers.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/sqlite/sqlite3.h"
namespace sql {
namespace {
using test::ExecuteWithResult;
using test::ExecuteWithResults;
constexpr char kRecoveryResultHistogramName[] = "Sql.Recovery.Result";
constexpr char kRecoveryResultCodeHistogramName[] = "Sql.Recovery.ResultCode";
// Dump consistent human-readable representation of the database
// schema. For tables or indices, this will contain the sql command
// to create the table or index. For certain automatic SQLite
// structures with no sql, the name is used.
std::string GetSchema(Database* db) {
static const char kSql[] =
"SELECT COALESCE(sql, name) FROM sqlite_schema ORDER BY 1";
return ExecuteWithResults(db, kSql, "|", "\n");
}
// Parameterized to test with and without WAL mode enabled.
class SqlRecoveryTest : public testing::Test,
public testing::WithParamInterface<bool> {
public:
SqlRecoveryTest()
: db_(DatabaseOptions().set_wal_mode(ShouldEnableWal()), test::kTestTag) {
}
bool ShouldEnableWal() { return GetParam(); }
void SetUp() override {
ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
db_path_ = temp_dir_.GetPath().AppendASCII("recovery_test.sqlite");
ASSERT_TRUE(db_.Open(db_path_));
}
void TearDown() override {
if (db_.is_open()) {
db_.Close();
}
// Ensure the database, along with any recovery files, are cleaned up.
ASSERT_TRUE(base::DeleteFile(db_path_));
ASSERT_TRUE(base::DeleteFile(db_path_.AddExtensionASCII(".backup")));
ASSERT_TRUE(temp_dir_.Delete());
}
bool Reopen() {
db_.Close();
return db_.Open(db_path_);
}
bool OverwriteDatabaseHeader() {
base::File file(db_path_,
base::File::FLAG_CREATE_ALWAYS | base::File::FLAG_WRITE);
static constexpr char kText[] = "Now is the winter of our discontent.";
constexpr int kTextBytes = sizeof(kText) - 1;
return file.Write(0, kText, kTextBytes) == kTextBytes;
}
protected:
base::ScopedTempDir temp_dir_;
base::FilePath db_path_;
Database db_;
base::HistogramTester histogram_tester_;
};
#if BUILDFLAG(IS_FUCHSIA)
// WAL + recovery is not supported on Fuchsia, so only test without WAL mode.
INSTANTIATE_TEST_SUITE_P(All, SqlRecoveryTest, testing::Values(false));
#else
INSTANTIATE_TEST_SUITE_P(All, SqlRecoveryTest, testing::Bool());
#endif
TEST_P(SqlRecoveryTest, ShouldAttemptRecovery) {
// Attempt to recover from corruption.
ASSERT_TRUE(Recovery::ShouldAttemptRecovery(&db_, SQLITE_CORRUPT));
// Do not attempt to recover from transient errors.
EXPECT_FALSE(Recovery::ShouldAttemptRecovery(&db_, SQLITE_BUSY));
// Do not attempt to recover null databases.
EXPECT_FALSE(Recovery::ShouldAttemptRecovery(nullptr, SQLITE_CORRUPT));
// Do not attempt to recover closed databases.
Database invalid_db(test::kTestTag);
EXPECT_FALSE(Recovery::ShouldAttemptRecovery(&invalid_db, SQLITE_CORRUPT));
// Do not attempt to recover in-memory databases.
ASSERT_TRUE(invalid_db.OpenInMemory());
EXPECT_FALSE(Recovery::ShouldAttemptRecovery(&invalid_db, SQLITE_CORRUPT));
// Return true for databases which have an error callback set, even though
// the error callback should be reset before recovery is attempted.
db_.set_error_callback(base::DoNothing());
EXPECT_TRUE(Recovery::ShouldAttemptRecovery(&db_, SQLITE_CORRUPT));
}
TEST_P(SqlRecoveryTest, RecoverCorruptIndex) {
static const char kCreateTable[] =
"CREATE TABLE rows(indexed INTEGER NOT NULL, unindexed INTEGER NOT NULL)";
ASSERT_TRUE(db_.Execute(kCreateTable));
static const char kCreateIndex[] =
"CREATE UNIQUE INDEX rows_index ON rows(indexed)";
ASSERT_TRUE(db_.Execute(kCreateIndex));
// Populate the table with powers of two. These numbers make it easy to see if
// SUM() missed a row.
ASSERT_TRUE(db_.Execute("INSERT INTO rows(indexed, unindexed) VALUES(1, 1)"));
ASSERT_TRUE(db_.Execute("INSERT INTO rows(indexed, unindexed) VALUES(2, 2)"));
ASSERT_TRUE(db_.Execute("INSERT INTO rows(indexed, unindexed) VALUES(4, 4)"));
ASSERT_TRUE(db_.Execute("INSERT INTO rows(indexed, unindexed) VALUES(8, 8)"));
db_.Close();
ASSERT_TRUE(test::CorruptIndexRootPage(db_path_, "rows_index"));
ASSERT_TRUE(Reopen());
int error = SQLITE_OK;
db_.set_error_callback(
base::BindLambdaForTesting([&](int sqlite_error, Statement* statement) {
error = sqlite_error;
// Recovery::Begin() does not support a pre-existing error callback.
db_.reset_error_callback();
EXPECT_EQ(
Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
histogram_tester_.ExpectUniqueSample(kRecoveryResultHistogramName,
Recovery::Result::kSuccess,
/*expected_bucket_count=*/1);
histogram_tester_.ExpectUniqueSample(kRecoveryResultCodeHistogramName,
SqliteLoggedResultCode::kNoError,
/*expected_bucket_count=*/1);
}));
// SUM(unindexed) heavily nudges SQLite to use the table instead of the index.
static const char kUnindexedCountSql[] = "SELECT SUM(unindexed) FROM rows";
EXPECT_EQ("15", ExecuteWithResult(&db_, kUnindexedCountSql))
<< "Table scan should not fail due to corrupt index";
EXPECT_EQ(SQLITE_OK, error)
<< "Successful statement execution should not invoke the error callback";
static const char kIndexedCountSql[] =
"SELECT SUM(indexed) FROM rows INDEXED BY rows_index";
EXPECT_EQ("", ExecuteWithResult(&db_, kIndexedCountSql))
<< "Index scan on corrupt index should fail";
EXPECT_EQ(SQLITE_CORRUPT, error)
<< "Error callback should be called during scan on corrupt index";
EXPECT_EQ("", ExecuteWithResult(&db_, kUnindexedCountSql))
<< "Table scan should not succeed anymore on a poisoned database";
ASSERT_TRUE(Reopen());
// The recovered table has consistency between the index and the table.
EXPECT_EQ("15", ExecuteWithResult(&db_, kUnindexedCountSql))
<< "Table should survive database recovery";
EXPECT_EQ("15", ExecuteWithResult(&db_, kIndexedCountSql))
<< "Index should be reconstructed during database recovery";
}
TEST_P(SqlRecoveryTest, RecoverCorruptTable) {
// The `filler` column is used to cause a record to overflow multiple pages.
static const char kCreateTable[] =
// clang-format off
"CREATE TABLE rows(indexed INTEGER NOT NULL, unindexed INTEGER NOT NULL,"
"filler BLOB NOT NULL)";
// clang-format on
ASSERT_TRUE(db_.Execute(kCreateTable));
static const char kCreateIndex[] =
"CREATE UNIQUE INDEX rows_index ON rows(indexed)";
ASSERT_TRUE(db_.Execute(kCreateIndex));
// Populate the table with powers of two. These numbers make it easy to see if
// SUM() missed a row.
ASSERT_TRUE(db_.Execute(
"INSERT INTO rows(indexed, unindexed, filler) VALUES(1, 1, x'31')"));
ASSERT_TRUE(db_.Execute(
"INSERT INTO rows(indexed, unindexed, filler) VALUES(2, 2, x'32')"));
ASSERT_TRUE(db_.Execute(
"INSERT INTO rows(indexed, unindexed, filler) VALUES(4, 4, x'34')"));
constexpr int kDbPageSize = 4096;
{
// Insert a record that will overflow the page.
std::vector<uint8_t> large_buffer;
ASSERT_EQ(db_.page_size(), kDbPageSize)
<< "Page overflow relies on specific size";
large_buffer.resize(kDbPageSize * 2);
std::ranges::fill(large_buffer, '8');
Statement insert(db_.GetUniqueStatement(
"INSERT INTO rows(indexed,unindexed,filler) VALUES(8,8,?)"));
insert.BindBlob(0, large_buffer);
ASSERT_TRUE(insert.Run());
}
db_.Close();
{
// Zero out the last page of the database. This should be the overflow page
// allocated for the last inserted row. So, deleting it should corrupt the
// rows table.
base::File db_file(db_path_, base::File::FLAG_OPEN | base::File::FLAG_READ |
base::File::FLAG_WRITE);
ASSERT_TRUE(db_file.IsValid());
int64_t db_size = db_file.GetLength();
ASSERT_GT(db_size, kDbPageSize)
<< "The database should have multiple pages";
ASSERT_TRUE(db_file.SetLength(db_size - kDbPageSize));
}
{
test::ScopedErrorExpecter expecter;
expecter.ExpectError(SQLITE_CORRUPT);
ASSERT_FALSE(Reopen());
EXPECT_TRUE(expecter.SawExpectedErrors());
// PRAGMAs executed inside Database::Open() will error out.
}
int error = SQLITE_OK;
db_.set_error_callback(
base::BindLambdaForTesting([&](int sqlite_error, Statement* statement) {
error = sqlite_error;
// Recovery::Begin() does not support a pre-existing error callback.
db_.reset_error_callback();
EXPECT_EQ(
Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
}));
// SUM(unindexed) heavily nudges SQLite to use the table instead of the index.
static const char kUnindexedCountSql[] = "SELECT SUM(unindexed) FROM rows";
EXPECT_FALSE(db_.Execute(kUnindexedCountSql))
<< "Table scan on corrupt table should fail";
EXPECT_EQ(SQLITE_CORRUPT, error)
<< "Error callback should be called during scan on corrupt index";
ASSERT_TRUE(Reopen());
// All rows should be recovered. Only the BLOB in the last row was damaged.
EXPECT_EQ("15", ExecuteWithResult(&db_, kUnindexedCountSql))
<< "Table should survive database recovery";
static const char kIndexedCountSql[] =
"SELECT SUM(indexed) FROM rows INDEXED BY rows_index";
EXPECT_EQ("15", ExecuteWithResult(&db_, kIndexedCountSql))
<< "Index should be reconstructed during database recovery";
}
TEST_P(SqlRecoveryTest, Meta) {
const int kVersion = 3;
const int kCompatibleVersion = 2;
{
MetaTable meta;
EXPECT_TRUE(meta.Init(&db_, kVersion, kCompatibleVersion));
EXPECT_EQ(kVersion, meta.GetVersionNumber());
}
// Test expected case where everything works.
EXPECT_EQ(Recovery::RecoverDatabase(
&db_, Recovery::Strategy::kRecoverWithMetaVersionOrRaze),
SqliteResultCode::kOk);
histogram_tester_.ExpectUniqueSample(kRecoveryResultHistogramName,
Recovery::Result::kSuccess,
/*expected_bucket_count=*/1);
histogram_tester_.ExpectUniqueSample(kRecoveryResultCodeHistogramName,
SqliteLoggedResultCode::kNoError,
/*expected_bucket_count=*/1);
ASSERT_TRUE(Reopen()); // Handle was poisoned.
ASSERT_TRUE(db_.DoesTableExist("meta"));
// Test version row missing.
EXPECT_TRUE(db_.Execute("DELETE FROM meta WHERE key = 'version'"));
EXPECT_EQ(Recovery::RecoverDatabase(
&db_, Recovery::Strategy::kRecoverWithMetaVersionOrRaze),
SqliteResultCode::kError);
histogram_tester_.ExpectBucketCount(
kRecoveryResultHistogramName,
Recovery::Result::kFailedMetaTableVersionWasInvalid,
/*expected_count=*/1);
histogram_tester_.ExpectUniqueSample(kRecoveryResultCodeHistogramName,
SqliteLoggedResultCode::kNoError,
/*expected_bucket_count=*/2);
ASSERT_TRUE(Reopen()); // Handle was poisoned.
// Test meta table missing.
ASSERT_FALSE(db_.DoesTableExist("meta"));
EXPECT_EQ(Recovery::RecoverDatabase(
&db_, Recovery::Strategy::kRecoverWithMetaVersionOrRaze),
SqliteResultCode::kError);
histogram_tester_.ExpectBucketCount(
kRecoveryResultHistogramName,
Recovery::Result::kFailedMetaTableDoesNotExist,
/*expected_count=*/1);
histogram_tester_.ExpectUniqueSample(kRecoveryResultCodeHistogramName,
SqliteLoggedResultCode::kNoError,
/*expected_bucket_count=*/3);
}
// Baseline AutoRecoverTable() test.
TEST_P(SqlRecoveryTest, AutoRecoverTable) {
// BIGINT and VARCHAR to test type affinity.
static const char kCreateSql[] =
"CREATE TABLE x (id BIGINT, t TEXT, v VARCHAR)";
ASSERT_TRUE(db_.Execute(kCreateSql));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES (11, 'This is', 'a test')"));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES (5, 'That was', 'a test')"));
// Save aside a copy of the original schema and data.
const std::string orig_schema(GetSchema(&db_));
static const char kXSql[] = "SELECT * FROM x ORDER BY 1";
const std::string orig_data(ExecuteWithResults(&db_, kXSql, "|", "\n"));
EXPECT_EQ(Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
// Since the database was not corrupt, the entire schema and all
// data should be recovered.
ASSERT_TRUE(Reopen());
ASSERT_EQ(orig_schema, GetSchema(&db_));
ASSERT_EQ(orig_data, ExecuteWithResults(&db_, kXSql, "|", "\n"));
// Recovery succeeds silently, since there's nothing to do.
EXPECT_EQ(Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
}
// Test that default values correctly replace nulls. The recovery
// virtual table reads directly from the database, so DEFAULT is not
// interpreted at that level.
TEST_P(SqlRecoveryTest, AutoRecoverTableWithDefault) {
ASSERT_TRUE(db_.Execute("CREATE TABLE x (id INTEGER)"));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES (5)"));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES (15)"));
// ALTER effectively leaves the new columns NULL in the first two
// rows. The row with 17 will get the default injected at insert
// time, while the row with 42 will get the actual value provided.
// Embedded "'" to make sure default-handling continues to be quoted
// correctly.
ASSERT_TRUE(db_.Execute("ALTER TABLE x ADD COLUMN t TEXT DEFAULT 'a''a'"));
ASSERT_TRUE(db_.Execute("ALTER TABLE x ADD COLUMN b BLOB DEFAULT x'AA55'"));
ASSERT_TRUE(db_.Execute("ALTER TABLE x ADD COLUMN i INT DEFAULT 93"));
ASSERT_TRUE(db_.Execute("INSERT INTO x (id) VALUES (17)"));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES (42, 'b', x'1234', 12)"));
// Save aside a copy of the original schema and data.
const std::string orig_schema(GetSchema(&db_));
static const char kXSql[] = "SELECT * FROM x ORDER BY 1";
const std::string orig_data(ExecuteWithResults(&db_, kXSql, "|", "\n"));
std::string final_schema(orig_schema);
std::string final_data(orig_data);
EXPECT_EQ(Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
// Since the database was not corrupt, the entire schema and all
// data should be recovered.
ASSERT_TRUE(Reopen());
ASSERT_EQ(final_schema, GetSchema(&db_));
ASSERT_EQ(final_data, ExecuteWithResults(&db_, kXSql, "|", "\n"));
}
// Test AutoRecoverTable with a ROWID alias.
TEST_P(SqlRecoveryTest, AutoRecoverTableWithRowid) {
// The rowid alias is almost always the first column, intentionally
// put it later.
static const char kCreateSql[] =
"CREATE TABLE x (t TEXT, id INTEGER PRIMARY KEY NOT NULL)";
ASSERT_TRUE(db_.Execute(kCreateSql));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES ('This is a test', NULL)"));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES ('That was a test', NULL)"));
// Save aside a copy of the original schema and data.
const std::string orig_schema(GetSchema(&db_));
static const char kXSql[] = "SELECT * FROM x ORDER BY 1";
const std::string orig_data(ExecuteWithResults(&db_, kXSql, "|", "\n"));
EXPECT_EQ(Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
// Since the database was not corrupt, the entire schema and all
// data should be recovered.
ASSERT_TRUE(Reopen());
ASSERT_EQ(orig_schema, GetSchema(&db_));
ASSERT_EQ(orig_data, ExecuteWithResults(&db_, kXSql, "|", "\n"));
}
void TestRecoverDatabase(Database& db,
const base::FilePath& db_path,
bool with_meta,
base::OnceClosure run_recovery) {
const int kVersion = 3;
const int kCompatibleVersion = 2;
if (with_meta) {
MetaTable meta;
EXPECT_TRUE(meta.Init(&db, kVersion, kCompatibleVersion));
EXPECT_EQ(kVersion, meta.GetVersionNumber());
EXPECT_EQ(kCompatibleVersion, meta.GetCompatibleVersionNumber());
}
// As a side effect, AUTOINCREMENT creates the sqlite_sequence table for
// RecoverDatabase() to handle.
ASSERT_TRUE(db.Execute(
"CREATE TABLE table1(id INTEGER PRIMARY KEY AUTOINCREMENT, value TEXT)"));
EXPECT_TRUE(db.Execute("INSERT INTO table1(value) VALUES('turtle')"));
EXPECT_TRUE(db.Execute("INSERT INTO table1(value) VALUES('truck')"));
EXPECT_TRUE(db.Execute("INSERT INTO table1(value) VALUES('trailer')"));
// This table needs index and a unique index to work.
ASSERT_TRUE(db.Execute("CREATE TABLE table2(name TEXT, value TEXT)"));
ASSERT_TRUE(db.Execute("CREATE UNIQUE INDEX table2_name ON table2(name)"));
ASSERT_TRUE(db.Execute("CREATE INDEX table2_value ON table2(value)"));
EXPECT_TRUE(
db.Execute("INSERT INTO table2(name, value) VALUES('jim', 'telephone')"));
EXPECT_TRUE(
db.Execute("INSERT INTO table2(name, value) VALUES('bob', 'truck')"));
EXPECT_TRUE(
db.Execute("INSERT INTO table2(name, value) VALUES('dean', 'trailer')"));
// Save aside a copy of the original schema, verifying that it has the created
// items plus the sqlite_sequence table.
const std::string original_schema = GetSchema(&db);
ASSERT_EQ(with_meta ? 6 : 4, std::ranges::count(original_schema, '\n'))
<< original_schema;
static constexpr char kTable1Sql[] = "SELECT * FROM table1 ORDER BY 1";
static constexpr char kTable2Sql[] = "SELECT * FROM table2 ORDER BY 1";
EXPECT_EQ("1|turtle\n2|truck\n3|trailer",
ExecuteWithResults(&db, kTable1Sql, "|", "\n"));
EXPECT_EQ("bob|truck\ndean|trailer\njim|telephone",
ExecuteWithResults(&db, kTable2Sql, "|", "\n"));
// Database handle is valid before recovery, poisoned after.
static constexpr char kTrivialSql[] = "SELECT COUNT(*) FROM sqlite_schema";
EXPECT_TRUE(db.IsSQLValid(kTrivialSql));
std::move(run_recovery).Run();
EXPECT_FALSE(db.is_open());
// Since the database was not corrupt, the entire schema and all data should
// be recovered. Re-open the database.
db.Close();
ASSERT_TRUE(db.Open(db_path));
ASSERT_EQ(original_schema, GetSchema(&db));
EXPECT_EQ("1|turtle\n2|truck\n3|trailer",
ExecuteWithResults(&db, kTable1Sql, "|", "\n"));
EXPECT_EQ("bob|truck\ndean|trailer\njim|telephone",
ExecuteWithResults(&db, kTable2Sql, "|", "\n"));
if (with_meta) {
MetaTable meta;
EXPECT_TRUE(meta.Init(&db, kVersion, kCompatibleVersion));
EXPECT_EQ(kVersion, meta.GetVersionNumber());
EXPECT_EQ(kCompatibleVersion, meta.GetCompatibleVersionNumber());
}
}
TEST_P(SqlRecoveryTest, RecoverDatabase) {
auto run_recovery = base::BindLambdaForTesting([&]() {
EXPECT_EQ(
Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
});
TestRecoverDatabase(db_, db_path_, /*with_meta=*/false,
std::move(run_recovery));
}
TEST_P(SqlRecoveryTest, RecoverDatabaseMeta) {
auto run_recovery = base::BindLambdaForTesting([&]() {
EXPECT_EQ(Recovery::RecoverDatabase(
&db_, Recovery::Strategy::kRecoverWithMetaVersionOrRaze),
SqliteResultCode::kOk);
});
TestRecoverDatabase(db_, db_path_, /*with_meta=*/true,
std::move(run_recovery));
}
TEST_P(SqlRecoveryTest, RecoverIfPossible) {
auto run_recovery = base::BindLambdaForTesting([&]() {
EXPECT_TRUE(Recovery::RecoverIfPossible(
&db_, SQLITE_CORRUPT, Recovery::Strategy::kRecoverOrRaze));
});
TestRecoverDatabase(db_, db_path_, /*with_meta=*/false,
std::move(run_recovery));
}
TEST_P(SqlRecoveryTest, RecoverIfPossibleMeta) {
auto run_recovery = base::BindLambdaForTesting([&]() {
EXPECT_TRUE(Recovery::RecoverIfPossible(
&db_, SQLITE_CORRUPT,
Recovery::Strategy::kRecoverWithMetaVersionOrRaze));
});
TestRecoverDatabase(db_, db_path_, /*with_meta=*/true,
std::move(run_recovery));
}
TEST_P(SqlRecoveryTest, RecoverIfPossibleWithoutErrorCallback) {
auto run_recovery = base::BindLambdaForTesting([&]() {
// `RecoverIfPossible()` should not set an error callback.
EXPECT_FALSE(db_.has_error_callback());
bool recovery_was_attempted = Recovery::RecoverIfPossible(
&db_, SQLITE_CORRUPT,
Recovery::Strategy::kRecoverWithMetaVersionOrRaze);
EXPECT_TRUE(recovery_was_attempted);
EXPECT_FALSE(db_.has_error_callback());
});
TestRecoverDatabase(db_, db_path_, /*with_meta=*/true,
std::move(run_recovery));
}
TEST_P(SqlRecoveryTest, RecoverIfPossibleWithErrorCallback) {
auto run_recovery = base::BindLambdaForTesting([&]() {
db_.set_error_callback(base::DoNothing());
// The error callback should be reset during `RecoverIfPossible()` if
// recovery was attempted.
bool recovery_was_attempted = Recovery::RecoverIfPossible(
&db_, SQLITE_CORRUPT,
Recovery::Strategy::kRecoverWithMetaVersionOrRaze);
EXPECT_TRUE(recovery_was_attempted);
EXPECT_NE(db_.has_error_callback(), recovery_was_attempted);
});
TestRecoverDatabase(db_, db_path_, /*with_meta=*/true,
std::move(run_recovery));
}
TEST_P(SqlRecoveryTest, RecoverIfPossibleWithClosedDatabase) {
auto run_recovery = base::BindLambdaForTesting([&]() {
// Recovery should not be attempted on a closed database.
db_.Close();
EXPECT_FALSE(Recovery::RecoverIfPossible(
&db_, SQLITE_CORRUPT, Recovery::Strategy::kRecoverOrRaze));
});
TestRecoverDatabase(db_, db_path_, /*with_meta=*/false,
std::move(run_recovery));
}
TEST_P(SqlRecoveryTest, RecoverIfPossibleWithPerDatabaseUma) {
auto run_recovery = base::BindLambdaForTesting([&]() {
EXPECT_TRUE(Recovery::RecoverIfPossible(
&db_, SQLITE_CORRUPT, Recovery::Strategy::kRecoverOrRaze));
});
TestRecoverDatabase(db_, db_path_, /*with_meta=*/false,
std::move(run_recovery));
// Log to the overall histograms.
histogram_tester_.ExpectUniqueSample(kRecoveryResultHistogramName,
Recovery::Result::kSuccess,
/*expected_bucket_count=*/1);
histogram_tester_.ExpectUniqueSample(kRecoveryResultCodeHistogramName,
SqliteLoggedResultCode::kNoError,
/*expected_bucket_count=*/1);
// And the histograms for this specific feature.
histogram_tester_.ExpectUniqueSample(
base::StrCat({kRecoveryResultHistogramName, ".", test::kTestTag.value}),
Recovery::Result::kSuccess,
/*expected_bucket_count=*/1);
histogram_tester_.ExpectUniqueSample(
base::StrCat(
{kRecoveryResultCodeHistogramName, ".", test::kTestTag.value}),
SqliteLoggedResultCode::kNoError,
/*expected_bucket_count=*/1);
}
TEST_P(SqlRecoveryTest, RecoverDatabaseWithView) {
db_.Close();
Database db(DatabaseOptions().set_enable_views_discouraged(true),
test::kTestTag);
ASSERT_TRUE(db.Open(db_path_));
ASSERT_TRUE(db.Execute(
"CREATE TABLE table1(id INTEGER PRIMARY KEY AUTOINCREMENT, value TEXT)"));
EXPECT_TRUE(db.Execute("INSERT INTO table1(value) VALUES('turtle')"));
EXPECT_TRUE(db.Execute("INSERT INTO table1(value) VALUES('truck')"));
EXPECT_TRUE(db.Execute("INSERT INTO table1(value) VALUES('trailer')"));
ASSERT_TRUE(db.Execute("CREATE TABLE table2(name TEXT, value TEXT)"));
ASSERT_TRUE(db.Execute("CREATE UNIQUE INDEX table2_name ON table2(name)"));
EXPECT_TRUE(
db.Execute("INSERT INTO table2(name, value) VALUES('jim', 'telephone')"));
EXPECT_TRUE(
db.Execute("INSERT INTO table2(name, value) VALUES('bob', 'truck')"));
EXPECT_TRUE(
db.Execute("INSERT INTO table2(name, value) VALUES('dean', 'trailer')"));
// View which is the intersection of [table1.value] and [table2.value].
ASSERT_TRUE(db.Execute(
"CREATE VIEW view_table12 AS SELECT table1.value FROM table1, table2 "
"WHERE table1.value = table2.value"));
static constexpr char kViewSql[] = "SELECT * FROM view_table12 ORDER BY 1";
EXPECT_EQ("trailer\ntruck", ExecuteWithResults(&db, kViewSql, "|", "\n"));
// Save aside a copy of the original schema, verifying that it has the created
// items plus the sqlite_sequence table.
const std::string original_schema = GetSchema(&db);
ASSERT_EQ(4, std::ranges::count(original_schema, '\n')) << original_schema;
// Database handle is valid before recovery, poisoned after.
static constexpr char kTrivialSql[] = "SELECT COUNT(*) FROM sqlite_schema";
EXPECT_TRUE(db.IsSQLValid(kTrivialSql));
EXPECT_EQ(Recovery::RecoverDatabase(&db, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
EXPECT_FALSE(db.IsSQLValid(kTrivialSql));
// Since the database was not corrupt, the entire schema and all data should
// be recovered.
db.Close();
ASSERT_TRUE(db.Open(db_path_));
EXPECT_EQ("trailer\ntruck", ExecuteWithResults(&db, kViewSql, "|", "\n"));
}
// When RecoverDatabase() encounters SQLITE_NOTADB, the database is deleted.
TEST_P(SqlRecoveryTest, RecoverDatabaseDelete) {
// Create a valid database, then write junk over the header. This should lead
// to SQLITE_NOTADB, which will cause ATTACH to fail.
ASSERT_TRUE(db_.Execute("CREATE TABLE x (t TEXT)"));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES ('This is a test')"));
db_.Close();
ASSERT_TRUE(OverwriteDatabaseHeader());
{
test::ScopedErrorExpecter expecter;
expecter.ExpectError(SQLITE_NOTADB);
// Reopen() here because it will see SQLITE_NOTADB.
ASSERT_FALSE(Reopen());
// This should "recover" the database by making it valid, but empty.
EXPECT_EQ(
Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kNotADatabase);
histogram_tester_.ExpectUniqueSample(kRecoveryResultHistogramName,
Recovery::Result::kFailedRecoveryRun,
/*expected_bucket_count=*/1);
histogram_tester_.ExpectUniqueSample(kRecoveryResultCodeHistogramName,
SqliteLoggedResultCode::kNotADatabase,
/*expected_bucket_count=*/1);
ASSERT_TRUE(expecter.SawExpectedErrors());
}
// Recovery poisoned the handle, must re-open.
db_.Close();
ASSERT_TRUE(Reopen());
EXPECT_EQ("", GetSchema(&db_));
}
// Allow callers to validate the database between recovery and commit.
TEST_P(SqlRecoveryTest, BeginRecoverDatabase) {
static const char kCreateTable[] =
"CREATE TABLE rows(indexed INTEGER NOT NULL, unindexed INTEGER NOT NULL)";
ASSERT_TRUE(db_.Execute(kCreateTable));
ASSERT_TRUE(db_.Execute("CREATE UNIQUE INDEX rows_index ON rows(indexed)"));
// Populate the table with powers of two. These numbers make it easy to see if
// SUM() missed a row.
ASSERT_TRUE(db_.Execute("INSERT INTO rows(indexed, unindexed) VALUES(1, 1)"));
ASSERT_TRUE(db_.Execute("INSERT INTO rows(indexed, unindexed) VALUES(2, 2)"));
ASSERT_TRUE(db_.Execute("INSERT INTO rows(indexed, unindexed) VALUES(4, 4)"));
ASSERT_TRUE(db_.Execute("INSERT INTO rows(indexed, unindexed) VALUES(8, 8)"));
db_.Close();
ASSERT_TRUE(test::CorruptIndexRootPage(db_path_, "rows_index"));
ASSERT_TRUE(Reopen());
static const char kIndexedCountSql[] =
"SELECT SUM(indexed) FROM rows INDEXED BY rows_index";
{
test::ScopedErrorExpecter expecter;
expecter.ExpectError(SQLITE_CORRUPT);
EXPECT_EQ("", ExecuteWithResult(&db_, kIndexedCountSql))
<< "Index should still be corrupted after recovery rollback";
EXPECT_TRUE(expecter.SawExpectedErrors())
<< "Index should still be corrupted after recovery rollback";
}
// Run recovery code, then commit. The index is recovered.
EXPECT_EQ(Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
db_.Close();
ASSERT_TRUE(Reopen());
EXPECT_EQ("15", ExecuteWithResult(&db_, kIndexedCountSql))
<< "Index should be reconstructed after database recovery";
}
TEST_P(SqlRecoveryTest, AttachFailure) {
// Create a valid database, then write junk over the header. This should lead
// to SQLITE_NOTADB, which will cause ATTACH to fail.
ASSERT_TRUE(db_.Execute("CREATE TABLE x (t TEXT)"));
ASSERT_TRUE(db_.Execute("INSERT INTO x VALUES ('This is a test')"));
db_.Close();
ASSERT_TRUE(OverwriteDatabaseHeader());
{
test::ScopedErrorExpecter expecter;
expecter.ExpectError(SQLITE_NOTADB);
// Reopen() here because it will see SQLITE_NOTADB.
ASSERT_FALSE(Reopen());
// Begin() should fail.
EXPECT_EQ(
Recovery::RecoverDatabase(&db_, Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kNotADatabase);
histogram_tester_.ExpectUniqueSample(kRecoveryResultHistogramName,
Recovery::Result::kFailedRecoveryRun,
/*expected_bucket_count=*/1);
histogram_tester_.ExpectUniqueSample(kRecoveryResultCodeHistogramName,
SqliteLoggedResultCode::kNotADatabase,
/*expected_bucket_count=*/1);
ASSERT_TRUE(expecter.SawExpectedErrors());
}
}
// Helper for SqlRecoveryTest.PageSize. Creates a fresh db based on db_prefix,
// with the given initial page size, and verifies it against the expected size.
// Then changes to the final page size and recovers, verifying that the
// recovered database ends up with the expected final page size.
void TestPageSize(const base::FilePath& db_prefix,
int initial_page_size,
const std::string& expected_initial_page_size,
int final_page_size,
const std::string& expected_final_page_size) {
static const char kCreateSql[] = "CREATE TABLE x (t TEXT)";
static const char kInsertSql1[] = "INSERT INTO x VALUES ('This is a test')";
static const char kInsertSql2[] = "INSERT INTO x VALUES ('That was a test')";
static const char kSelectSql[] = "SELECT * FROM x ORDER BY t";
const base::FilePath db_path = db_prefix.InsertBeforeExtensionASCII(
base::NumberToString(initial_page_size));
Database::Delete(db_path);
Database db{DatabaseOptions().set_page_size(initial_page_size),
test::kTestTag};
ASSERT_TRUE(db.Open(db_path));
ASSERT_TRUE(db.Execute(kCreateSql));
ASSERT_TRUE(db.Execute(kInsertSql1));
ASSERT_TRUE(db.Execute(kInsertSql2));
ASSERT_EQ(expected_initial_page_size,
ExecuteWithResult(&db, "PRAGMA page_size"));
db.Close();
// Re-open the database while setting a new |options.page_size| in the object.
Database recover_db(DatabaseOptions().set_page_size(final_page_size),
test::kTestTag);
ASSERT_TRUE(recover_db.Open(db_path));
// Recovery will use the page size set in the database object, which may not
// match the file's page size.
EXPECT_EQ(Recovery::RecoverDatabase(&recover_db,
Recovery::Strategy::kRecoverOrRaze),
SqliteResultCode::kOk);
// Recovery poisoned the handle, must re-open.
recover_db.Close();
// Make sure the page size is read from the file.
Database recovered_db(test::kTestTag);
ASSERT_TRUE(recovered_db.Open(db_path));
ASSERT_EQ(expected_final_page_size,
ExecuteWithResult(&recovered_db, "PRAGMA page_size"));
EXPECT_EQ("That was a test\nThis is a test",
ExecuteWithResults(&recovered_db, kSelectSql, "|", "\n"));
}
// Verify that Recovery maintains the page size, and the virtual table
// works with page sizes other than SQLite's default. Also verify the case
// where the default page size has changed.
TEST_P(SqlRecoveryTest, PageSize) {
const std::string default_page_size =
ExecuteWithResult(&db_, "PRAGMA page_size");
// Check the default page size first.
EXPECT_NO_FATAL_FAILURE(TestPageSize(
db_path_, DatabaseOptions::kDefaultPageSize, default_page_size,
DatabaseOptions::kDefaultPageSize, default_page_size));
// Sync uses 32k pages.
EXPECT_NO_FATAL_FAILURE(
TestPageSize(db_path_, 32768, "32768", 32768, "32768"));
// Many clients use 4k pages. This is the SQLite default after 3.12.0.
EXPECT_NO_FATAL_FAILURE(TestPageSize(db_path_, 4096, "4096", 4096, "4096"));
// 1k is the default page size before 3.12.0.
EXPECT_NO_FATAL_FAILURE(TestPageSize(db_path_, 1024, "1024", 1024, "1024"));
ASSERT_NE("2048", default_page_size);
// Databases with no page size specified should recover to the page size of
// the source database.
EXPECT_NO_FATAL_FAILURE(TestPageSize(
db_path_, 2048, "2048", DatabaseOptions::kDefaultPageSize, "2048"));
}
TEST_P(SqlRecoveryTest, CannotRecoverClosedDb) {
db_.Close();
EXPECT_CHECK_DEATH(std::ignore = Recovery::RecoverDatabase(
&db_, Recovery::Strategy::kRecoverOrRaze));
}
TEST_P(SqlRecoveryTest, CannotRecoverDbWithErrorCallback) {
db_.set_error_callback(base::DoNothing());
EXPECT_CHECK_DEATH(std::ignore = Recovery::RecoverDatabase(
&db_, Recovery::Strategy::kRecoverOrRaze));
}
// TODO(crbug.com/40199997): Ideally this would be a
// `SqlRecoveryTest`, but `Recovery::RecoverDatabase()` does not DCHECK
// that it is passed a non-null database pointer and will instead likely result
// in unexpected behavior or crashes.
TEST_P(SqlRecoveryTest, CannotRecoverNullDb) {
// TODO(pbos): Consider consolidating these so that DCHECK builds crash in the
// same spot. Probably either by upgrading DCHECKs to CHECKs, or if feasible
// by setting up the test to make it past failing DCHECKs to the expected
// CHECK.
if (DCHECK_IS_ON()) {
EXPECT_DCHECK_DEATH(std::ignore = Recovery::RecoverDatabase(
nullptr, Recovery::Strategy::kRecoverOrRaze));
} else {
EXPECT_CHECK_DEATH(std::ignore = Recovery::RecoverDatabase(
nullptr, Recovery::Strategy::kRecoverOrRaze));
}
}
// TODO(crbug.com/40199997): Ideally this would be a
// `SqlRecoveryTest`, but `Recovery::RecoverDatabase()` does not DCHECK
// whether the database is in-memory and will instead likely result in
// unexpected behavior or crashes.
TEST_P(SqlRecoveryTest, CannotRecoverInMemoryDb) {
Database in_memory_db(test::kTestTag);
ASSERT_TRUE(in_memory_db.OpenInMemory());
EXPECT_CHECK_DEATH(std::ignore = Recovery::RecoverDatabase(
&in_memory_db, Recovery::Strategy::kRecoverOrRaze));
}
// This test mimics the case where a database that was using WAL mode crashed,
// then next Chrome launch the database is not opened in WAL mode. This may
// occur when e.g. WAL mode if configured via Finch and the user not in the
// experiment group on the second launch of Chrome.
TEST_P(SqlRecoveryTest, PRE_RecoverFormerlyWalDbAfterCrash) {
base::FilePath wal_db_path =
temp_dir_.GetPath().AppendASCII("recovery_wal_test.sqlite");
// Open the DB in WAL mode to set journal_mode="wal".
Database wal_db{DatabaseOptions().set_wal_mode(true), test::kTestTag};
ASSERT_TRUE(wal_db.Open(wal_db_path));
EXPECT_TRUE(wal_db.UseWALMode());
EXPECT_EQ(ExecuteWithResult(&wal_db, "PRAGMA journal_mode"), "wal");
// Crash the database somehow, foregoing the opportunity for any cleanup.
wal_db.set_error_callback(base::DoNothing());
EXPECT_DCHECK_DEATH(wal_db.set_error_callback(base::DoNothing()));
}
TEST_P(SqlRecoveryTest, RecoverFormerlyWalDbAfterCrash) {
base::FilePath wal_db_path =
temp_dir_.GetPath().AppendASCII("recovery_wal_test.sqlite");
Database non_wal_db{DatabaseOptions().set_wal_mode(false), test::kTestTag};
ASSERT_TRUE(non_wal_db.Open(wal_db_path));
auto run_recovery = base::BindLambdaForTesting([&]() {
EXPECT_EQ(
Recovery::RecoverDatabase(
&non_wal_db, Recovery::Strategy::kRecoverWithMetaVersionOrRaze),
SqliteResultCode::kOk);
});
TestRecoverDatabase(non_wal_db, wal_db_path, /*with_meta=*/true,
std::move(run_recovery));
}
} // namespace
} // namespace sql