diff options
Diffstat (limited to '')
| -rw-r--r-- | test/crash8.test | 419 |
1 files changed, 419 insertions, 0 deletions
diff --git a/test/crash8.test b/test/crash8.test new file mode 100644 index 0000000..c078299 --- /dev/null +++ b/test/crash8.test @@ -0,0 +1,419 @@ +# 2009 January 8 +# +# The author disclaims copyright to this source code. In place of +# a legal notice, here is a blessing: +# +# May you do good and not evil. +# May you find forgiveness for yourself and forgive others. +# May you share freely, never taking more than you give. +# +#*********************************************************************** +# +# This test verifies a couple of specific potential data corruption +# scenarios involving crashes or power failures. +# +# Later: Also, some other specific scenarios required for coverage +# testing that do not lead to corruption. +# +# $Id: crash8.test,v 1.4 2009/01/11 00:44:48 drh Exp $ + + +set testdir [file dirname $argv0] +source $testdir/tester.tcl + +ifcapable !crashtest { + finish_test + return +} +do_not_use_codec + +do_test crash8-1.1 { + execsql { + PRAGMA auto_vacuum=OFF; + CREATE TABLE t1(a, b); + CREATE INDEX i1 ON t1(a, b); + INSERT INTO t1 VALUES(1, randstr(1000,1000)); + INSERT INTO t1 VALUES(2, randstr(1000,1000)); + INSERT INTO t1 VALUES(3, randstr(1000,1000)); + INSERT INTO t1 VALUES(4, randstr(1000,1000)); + INSERT INTO t1 VALUES(5, randstr(1000,1000)); + INSERT INTO t1 VALUES(6, randstr(1000,1000)); + CREATE TABLE t2(a, b); + CREATE TABLE t3(a, b); + CREATE TABLE t4(a, b); + CREATE TABLE t5(a, b); + CREATE TABLE t6(a, b); + CREATE TABLE t7(a, b); + CREATE TABLE t8(a, b); + CREATE TABLE t9(a, b); + CREATE TABLE t10(a, b); + PRAGMA integrity_check + } +} {ok} + + +# Potential corruption scenario 1. A second process opens the database +# and modifies a large portion of it. It then opens a second transaction +# and modifies a small part of the database, but crashes before it commits +# the transaction. +# +# When the first process accessed the database again, it was rolling back +# the aborted transaction, but was not purging its in-memory cache (which +# was loaded before the second process made its first, successful, +# modification). Producing an inconsistent cache. +# +do_test crash8-1.2 { + crashsql -delay 2 -file test.db { + PRAGMA cache_size = 10; + UPDATE t1 SET b = randstr(1000,1000); + INSERT INTO t9 VALUES(1, 2); + } +} {1 {child process exited abnormally}} +do_test crash8-1.3 { + execsql {PRAGMA integrity_check} +} {ok} + +# Potential corruption scenario 2. The second process, operating in +# persistent-journal mode, makes a large change to the database file +# with a small in-memory cache. Such that more than one journal-header +# was written to the file. It then opens a second transaction and makes +# a smaller change that requires only a single journal-header to be +# written to the journal file. The second change is such that the +# journal content written to the persistent journal file exactly overwrites +# the first journal-header and set of subsequent records written by the +# first, successful, change. The second process crashes before it can +# commit its second change. +# +# When the first process accessed the database again, it was rolling back +# the second aborted transaction, then continuing to rollback the second +# and subsequent journal-headers written by the first, successful, change. +# Database corruption. +# +do_test crash8.2.1 { + crashsql -delay 2 -file test.db { + PRAGMA journal_mode = persist; + PRAGMA cache_size = 10; + UPDATE t1 SET b = randstr(1000,1000); + PRAGMA cache_size = 100; + BEGIN; + INSERT INTO t2 VALUES('a', 'b'); + INSERT INTO t3 VALUES('a', 'b'); + INSERT INTO t4 VALUES('a', 'b'); + INSERT INTO t5 VALUES('a', 'b'); + INSERT INTO t6 VALUES('a', 'b'); + INSERT INTO t7 VALUES('a', 'b'); + INSERT INTO t8 VALUES('a', 'b'); + INSERT INTO t9 VALUES('a', 'b'); + INSERT INTO t10 VALUES('a', 'b'); + COMMIT; + } +} {1 {child process exited abnormally}} + +do_test crash8-2.3 { + execsql {PRAGMA integrity_check} +} {ok} + +proc read_file {zFile} { + set fd [open $zFile] + fconfigure $fd -translation binary + set zData [read $fd] + close $fd + return $zData +} +proc write_file {zFile zData} { + set fd [open $zFile w] + fconfigure $fd -translation binary + puts -nonewline $fd $zData + close $fd +} + +# The following tests check that SQLite will not roll back a hot-journal +# file if the sector-size field in the first journal file header is +# suspect. Definition of suspect: +# +# a) Not a power of 2, or (crash8-3.5) +# b) Greater than 0x01000000 (16MB), or (crash8-3.6) +# c) Less than 512. (crash8-3.7) +# +# Also test that SQLite will not rollback a hot-journal file with a +# suspect page-size. In this case "suspect" means: +# +# a) Not a power of 2, or +# b) Less than 512, or +# c) Greater than SQLITE_MAX_PAGE_SIZE +# +if {[atomic_batch_write test.db]==0} { +do_test crash8-3.1 { + list [file exists test.db-joural] [file exists test.db] +} {0 1} +do_test crash8-3.2 { + execsql { + PRAGMA synchronous = off; + BEGIN; + DELETE FROM t1; + SELECT count(*) FROM t1; + } +} {0} +do_test crash8-3.3 { + set zJournal [read_file test.db-journal] + execsql { + COMMIT; + SELECT count(*) FROM t1; + } +} {0} +do_test crash8-3.4 { + binary scan [string range $zJournal 20 23] I nSector + set nSector +} {512} + +do_test crash8-3.5 { + set zJournal2 [string replace $zJournal 20 23 [binary format I 513]] + write_file test.db-journal $zJournal2 + + execsql { + SELECT count(*) FROM t1; + PRAGMA integrity_check + } +} {0 ok} +do_test crash8-3.6 { + set zJournal2 [string replace $zJournal 20 23 [binary format I 0x2000000]] + write_file test.db-journal $zJournal2 + execsql { + SELECT count(*) FROM t1; + PRAGMA integrity_check + } +} {0 ok} +do_test crash8-3.7 { + set zJournal2 [string replace $zJournal 20 23 [binary format I 256]] + write_file test.db-journal $zJournal2 + execsql { + SELECT count(*) FROM t1; + PRAGMA integrity_check + } +} {0 ok} + +do_test crash8-3.8 { + set zJournal2 [string replace $zJournal 24 27 [binary format I 513]] + write_file test.db-journal $zJournal2 + + execsql { + SELECT count(*) FROM t1; + PRAGMA integrity_check + } +} {0 ok} +do_test crash8-3.9 { + set big [expr $SQLITE_MAX_PAGE_SIZE * 2] + set zJournal2 [string replace $zJournal 24 27 [binary format I $big]] + write_file test.db-journal $zJournal2 + execsql { + SELECT count(*) FROM t1; + PRAGMA integrity_check + } +} {0 ok} +do_test crash8-3.10 { + set zJournal2 [string replace $zJournal 24 27 [binary format I 256]] + write_file test.db-journal $zJournal2 + execsql { + SELECT count(*) FROM t1; + PRAGMA integrity_check + } +} {0 ok} + +do_test crash8-3.11 { + set fd [open test.db-journal w] + fconfigure $fd -translation binary + puts -nonewline $fd $zJournal + close $fd + execsql { + SELECT count(*) FROM t1; + PRAGMA integrity_check + } +} {6 ok} +} + + +# If a connection running in persistent-journal mode is part of a +# multi-file transaction, it must ensure that the master-journal name +# appended to the journal file contents during the commit is located +# at the end of the physical journal file. If there was already a +# large journal file allocated at the start of the transaction, this +# may mean truncating the file so that the master journal name really +# is at the physical end of the file. +# +# This block of tests test that SQLite correctly truncates such +# journal files, and that the results behave correctly if a hot-journal +# rollback occurs. +# +ifcapable pragma { + reset_db + forcedelete test2.db + + do_test crash8-4.1 { + execsql { + PRAGMA journal_mode = persist; + CREATE TABLE ab(a, b); + INSERT INTO ab VALUES(0, 'abc'); + INSERT INTO ab VALUES(1, NULL); + INSERT INTO ab VALUES(2, NULL); + INSERT INTO ab VALUES(3, NULL); + INSERT INTO ab VALUES(4, NULL); + INSERT INTO ab VALUES(5, NULL); + INSERT INTO ab VALUES(6, NULL); + UPDATE ab SET b = randstr(1000,1000); + ATTACH 'test2.db' AS aux; + PRAGMA aux.journal_mode = persist; + CREATE TABLE aux.ab(a, b); + INSERT INTO aux.ab SELECT * FROM main.ab; + + UPDATE aux.ab SET b = randstr(1000,1000) WHERE a>=1; + UPDATE ab SET b = randstr(1000,1000) WHERE a>=1; + } + } {persist persist} + if {[atomic_batch_write test.db]==0} { + do_test crash8.4.1.1 { + list [file exists test.db-journal] [file exists test2.db-journal] + } {1 1} + } + + do_test crash8-4.2 { + execsql { + BEGIN; + UPDATE aux.ab SET b = 'def' WHERE a = 0; + UPDATE main.ab SET b = 'def' WHERE a = 0; + COMMIT; + } + } {} + + do_test crash8-4.3 { + execsql { + UPDATE aux.ab SET b = randstr(1000,1000) WHERE a>=1; + UPDATE ab SET b = randstr(1000,1000) WHERE a>=1; + } + } {} + + set contents_main [db eval {SELECT b FROM main.ab WHERE a = 1}] + set contents_aux [db eval {SELECT b FROM aux.ab WHERE a = 1}] + + do_test crash8-4.4 { + crashsql -file test2.db -delay 1 { + ATTACH 'test2.db' AS aux; + BEGIN; + UPDATE aux.ab SET b = 'ghi' WHERE a = 0; + UPDATE main.ab SET b = 'ghi' WHERE a = 0; + COMMIT; + } + } {1 {child process exited abnormally}} + + do_test crash8-4.5 { + list [file exists test.db-journal] [file exists test2.db-journal] + } {1 1} + + do_test crash8-4.6 { + execsql { + SELECT b FROM main.ab WHERE a = 0; + SELECT b FROM aux.ab WHERE a = 0; + } + } {def def} + + do_test crash8-4.7 { + crashsql -file test2.db -delay 1 { + ATTACH 'test2.db' AS aux; + BEGIN; + UPDATE aux.ab SET b = 'jkl' WHERE a = 0; + UPDATE main.ab SET b = 'jkl' WHERE a = 0; + COMMIT; + } + } {1 {child process exited abnormally}} + + do_test crash8-4.8 { + set fd [open test.db-journal] + fconfigure $fd -translation binary + seek $fd -16 end + binary scan [read $fd 4] I len + + seek $fd [expr {-1 * ($len + 16)}] end + set zMasterJournal [read $fd $len] + close $fd + + file exists $zMasterJournal + } {1} + + do_test crash8-4.9 { + execsql { SELECT b FROM aux.ab WHERE a = 0 } + } {def} + + do_test crash8-4.10 { + delete_file $zMasterJournal + execsql { SELECT b FROM main.ab WHERE a = 0 } + } {jkl} +} + +# +# Since the following tests (crash8-5.*) rely upon being able +# to copy a file while open, they will not work on Windows. +# +# They also depend on being able to copy the journal file, which +# is not created on F2FS file-systems that support atomic +# write. So do not run these tests in that case either. +# +if {$::tcl_platform(platform)=="unix" && [atomic_batch_write test.db]==0 } { + for {set i 1} {$i < 10} {incr i} { + catch { db close } + forcedelete test.db test.db-journal + sqlite3 db test.db + do_test crash8-5.$i.1 { + execsql { + CREATE TABLE t1(x PRIMARY KEY); + INSERT INTO t1 VALUES(randomblob(900)); + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; /* 64 rows */ + } + crashsql -file test.db -delay [expr ($::i%2) + 1] { + PRAGMA cache_size = 10; + BEGIN; + UPDATE t1 SET x = randomblob(900); + ROLLBACK; + INSERT INTO t1 VALUES(randomblob(900)); + } + execsql { PRAGMA integrity_check } + } {ok} + + catch { db close } + forcedelete test.db test.db-journal + sqlite3 db test.db + do_test crash8-5.$i.2 { + execsql { + PRAGMA cache_size = 10; + CREATE TABLE t1(x PRIMARY KEY); + INSERT INTO t1 VALUES(randomblob(900)); + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; + INSERT INTO t1 SELECT randomblob(900) FROM t1; /* 64 rows */ + BEGIN; + UPDATE t1 SET x = randomblob(900); + } + forcedelete testX.db testX.db-journal testX.db-wal + forcecopy test.db testX.db + forcecopy test.db-journal testX.db-journal + db close + + crashsql -file test.db -delay [expr ($::i%2) + 1] { + SELECT * FROM sqlite_master; + INSERT INTO t1 VALUES(randomblob(900)); + } + + sqlite3 db2 testX.db + execsql { PRAGMA integrity_check } db2 + } {ok} + } + catch {db2 close} +} + +finish_test |