1# 2001 September 15 2# 3# The author disclaims copyright to this source code. In place of 4# a legal notice, here is a blessing: 5# 6# May you do good and not evil. 7# May you find forgiveness for yourself and forgive others. 8# May you share freely, never taking more than you give. 9# 10#*********************************************************************** 11# This file implements regression tests for SQLite library. 12# 13# The focus of this file is testing the ability of the database to 14# uses its rollback journal to recover intact (no database corruption) 15# from a power failure during the middle of a COMMIT. The special test 16# module "crashtest" compiled with the special "os_test.c" backend is used. 17# The os_test.c simulates the kind of file corruption that can occur 18# when writes are happening at the moment of power loss. 19# 20# The special crash-test module with its os_test.c backend only works 21# on Unix. 22# 23# $Id: crash.test,v 1.17 2005/01/20 05:24:33 danielk1977 Exp $ 24 25set testdir [file dirname $argv0] 26source $testdir/tester.tcl 27 28# set repeats 100 29set repeats 10 30 31# This proc execs a seperate process that crashes midway through executing 32# the SQL script $sql on database test.db. 33# 34# The crash occurs during a sync() of file $crashfile. When the crash 35# occurs a random subset of all unsynced writes made by the process are 36# written into the files on disk. Argument $crashdelay indicates the 37# number of file syncs to wait before crashing. 38# 39# The return value is a list of two elements. The first element is a 40# boolean, indicating whether or not the process actually crashed or 41# reported some other error. The second element in the returned list is the 42# error message. This is "child process exited abnormally" if the crash 43# occured. 44proc crashsql {crashdelay crashfile sql} { 45 set cfile [file join [pwd] $crashfile] 46 47 set f [open crash.tcl w] 48 puts $f "sqlite3_crashparams $crashdelay $cfile" 49 puts $f {sqlite3 db test.db} 50 51 # This block sets the cache size of the main database to 10 52 # pages. This is done in case the build is configured to omit 53 # "PRAGMA cache_size". 54 puts $f {db eval {SELECT * FROM sqlite_master;}} 55 puts $f {set bt [btree_from_db db]} 56 puts $f {btree_set_cache_size $bt 10} 57 58 puts $f "db eval {" 59 puts $f "$sql" 60 puts $f "}" 61 close $f 62 63 set r [catch { 64 exec [file join . crashtest] crash.tcl >@stdout 65 } msg] 66 lappend r $msg 67} 68 69# The following procedure computes a "signature" for table "abc". If 70# abc changes in any way, the signature should change. 71proc signature {} { 72 return [db eval {SELECT count(*), md5sum(a), md5sum(b), md5sum(c) FROM abc}] 73} 74proc signature2 {} { 75 return [db eval {SELECT count(*), md5sum(a), md5sum(b), md5sum(c) FROM abc2}] 76} 77 78#-------------------------------------------------------------------------- 79# Simple crash test: 80# 81# crash-1.1: Create a database with a table with two rows. 82# crash-1.2: Run a 'DELETE FROM abc WHERE a = 1' that crashes during 83# the first journal-sync. 84# crash-1.3: Ensure the database is in the same state as after crash-1.1. 85# crash-1.4: Run a 'DELETE FROM abc WHERE a = 1' that crashes during 86# the first database-sync. 87# crash-1.5: Ensure the database is in the same state as after crash-1.1. 88# crash-1.6: Run a 'DELETE FROM abc WHERE a = 1' that crashes during 89# the second journal-sync. 90# crash-1.7: Ensure the database is in the same state as after crash-1.1. 91# 92# Tests 1.8 through 1.11 test for crashes on the third journal sync and 93# second database sync. Neither of these is required in such a small test 94# case, so these tests are just to verify that the test infrastructure 95# operates as expected. 96# 97do_test crash-1.1 { 98 execsql { 99 CREATE TABLE abc(a, b, c); 100 INSERT INTO abc VALUES(1, 2, 3); 101 INSERT INTO abc VALUES(4, 5, 6); 102 } 103 set ::sig [signature] 104 expr 0 105} {0} 106do_test crash-1.2 { 107 crashsql 1 test.db-journal { 108 DELETE FROM abc WHERE a = 1; 109 } 110} {1 {child process exited abnormally}} 111do_test crash-1.3 { 112 signature 113} $::sig 114do_test crash-1.4 { 115 crashsql 1 test.db { 116 DELETE FROM abc WHERE a = 1; 117 } 118} {1 {child process exited abnormally}} 119do_test crash-1.5 { 120 signature 121} $::sig 122do_test crash-1.6 { 123 crashsql 2 test.db-journal { 124 DELETE FROM abc WHERE a = 1; 125 } 126} {1 {child process exited abnormally}} 127do_test crash-1.7 { 128 catchsql { 129 SELECT * FROM abc; 130 } 131} {0 {1 2 3 4 5 6}} 132 133do_test crash-1.8 { 134 crashsql 3 test.db-journal { 135 DELETE FROM abc WHERE a = 1; 136 } 137} {0 {}} 138do_test crash-1.9 { 139 catchsql { 140 SELECT * FROM abc; 141 } 142} {0 {4 5 6}} 143do_test crash-1.10 { 144 crashsql 2 test.db { 145 DELETE FROM abc WHERE a = 4; 146 } 147} {0 {}} 148do_test crash-1.11 { 149 catchsql { 150 SELECT * FROM abc; 151 } 152} {0 {}} 153 154#-------------------------------------------------------------------------- 155# The following tests test recovery when both the database file and the the 156# journal file contain corrupt data. This can happen after pages are 157# written to the database file before a transaction is committed due to 158# cache-pressure. 159# 160# crash-2.1: Insert 18 pages of data into the database. 161# crash-2.2: Check the database file size looks ok. 162# crash-2.3: Delete 15 or so pages (with a 10 page page-cache), then crash. 163# crash-2.4: Ensure the database is in the same state as after crash-2.1. 164# 165# Test cases crash-2.5 and crash-2.6 check that the database is OK if the 166# crash occurs during the main database file sync. But this isn't really 167# different from the crash-1.* cases. 168# 169do_test crash-2.1 { 170 execsql { BEGIN } 171 for {set n 0} {$n < 1000} {incr n} { 172 execsql "INSERT INTO abc VALUES($n, [expr 2*$n], [expr 3*$n])" 173 } 174 execsql { COMMIT } 175 set ::sig [signature] 176 execsql { SELECT sum(a), sum(b), sum(c) from abc } 177} {499500.0 999000.0 1498500.0} 178do_test crash-2.2 { 179 expr ([file size test.db] / 1024)>16 180} {1} 181do_test crash-2.3 { 182 crashsql 2 test.db-journal { 183 DELETE FROM abc WHERE a < 800; 184 } 185} {1 {child process exited abnormally}} 186do_test crash-2.4 { 187 signature 188} $sig 189do_test crash-2.5 { 190 crashsql 1 test.db { 191 DELETE FROM abc WHERE a<800; 192 } 193} {1 {child process exited abnormally}} 194do_test crash-2.6 { 195 signature 196} $sig 197 198#-------------------------------------------------------------------------- 199# The crash-3.* test cases are essentially the same test as test case 200# crash-2.*, but with a more complicated data set. 201# 202# The test is repeated a few times with different seeds for the random 203# number generator in the crashing executable. Because there is no way to 204# seed the random number generator directly, some SQL is added to the test 205# case to 'use up' a different quantity random numbers before the test SQL 206# is executed. 207# 208 209# Make sure the file is much bigger than the pager-cache (10 pages). This 210# ensures that cache-spills happen regularly. 211do_test crash-3.0 { 212 execsql { 213 INSERT INTO abc SELECT * FROM abc; 214 INSERT INTO abc SELECT * FROM abc; 215 INSERT INTO abc SELECT * FROM abc; 216 INSERT INTO abc SELECT * FROM abc; 217 INSERT INTO abc SELECT * FROM abc; 218 } 219 expr ([file size test.db] / 1024) > 450 220} {1} 221for {set i 1} {$i < $repeats} {incr i} { 222 set sig [signature] 223 do_test crash-3.$i.1 { 224 crashsql [expr $i%5 + 1] test.db-journal " 225 BEGIN; 226 SELECT random() FROM abc LIMIT $i; 227 INSERT INTO abc VALUES(randstr(10,10), 0, 0); 228 DELETE FROM abc WHERE random()%10!=0; 229 COMMIT; 230 " 231 } {1 {child process exited abnormally}} 232 do_test crash-3.$i.2 { 233 signature 234 } $sig 235} 236 237#-------------------------------------------------------------------------- 238# The following test cases - crash-4.* - test the correct recovery of the 239# database when a crash occurs during a multi-file transaction. 240# 241# crash-4.1.*: Test recovery when crash occurs during sync() of the 242# main database journal file. 243# crash-4.2.*: Test recovery when crash occurs during sync() of an 244# attached database journal file. 245# crash-4.3.*: Test recovery when crash occurs during sync() of the master 246# journal file. 247# 248do_test crash-4.0 { 249 file delete -force test2.db 250 file delete -force test2.db-journal 251 execsql { 252 ATTACH 'test2.db' AS aux; 253 PRAGMA aux.default_cache_size = 10; 254 CREATE TABLE aux.abc2 AS SELECT 2*a as a, 2*b as b, 2*c as c FROM abc; 255 } 256 expr ([file size test2.db] / 1024) > 450 257} {1} 258 259for {set i 1} {$i<$repeats} {incr i} { 260 set sig [signature] 261 set sig2 [signature2] 262 do_test crash-4.1.$i.1 { 263 set c [crashsql $i test.db-journal " 264 ATTACH 'test2.db' AS aux; 265 BEGIN; 266 SELECT random() FROM abc LIMIT $i; 267 INSERT INTO abc VALUES(randstr(10,10), 0, 0); 268 DELETE FROM abc WHERE random()%10!=0; 269 INSERT INTO abc2 VALUES(randstr(10,10), 0, 0); 270 DELETE FROM abc2 WHERE random()%10!=0; 271 COMMIT; 272 "] 273 set c 274 } {1 {child process exited abnormally}} 275 do_test crash-4.1.$i.2 { 276 signature 277 } $sig 278 do_test crash-4.1.$i.3 { 279 signature2 280 } $sig2 281} 282set i 0 283while {[incr i]} { 284 set sig [signature] 285 set sig2 [signature2] 286 set ::fin 0 287 do_test crash-4.2.$i.1 { 288 set c [crashsql $i test2.db-journal " 289 ATTACH 'test2.db' AS aux; 290 BEGIN; 291 SELECT random() FROM abc LIMIT $i; 292 INSERT INTO abc VALUES(randstr(10,10), 0, 0); 293 DELETE FROM abc WHERE random()%10!=0; 294 INSERT INTO abc2 VALUES(randstr(10,10), 0, 0); 295 DELETE FROM abc2 WHERE random()%10!=0; 296 COMMIT; 297 "] 298 if { $c == {0 {}} } { 299 set ::fin 1 300 set c {1 {child process exited abnormally}} 301 } 302 set c 303 } {1 {child process exited abnormally}} 304 if { $::fin } break 305 do_test crash-4.2.$i.2 { 306 signature 307 } $sig 308 do_test crash-4.2.$i.3 { 309 signature2 310 } $sig2 311} 312for {set i 1} {$i < 5} {incr i} { 313 set sig [signature] 314 set sig2 [signature2] 315 do_test crash-4.3.$i.1 { 316 crashsql 1 test.db-mj* " 317 ATTACH 'test2.db' AS aux; 318 BEGIN; 319 SELECT random() FROM abc LIMIT $i; 320 INSERT INTO abc VALUES(randstr(10,10), 0, 0); 321 DELETE FROM abc WHERE random()%10!=0; 322 INSERT INTO abc2 VALUES(randstr(10,10), 0, 0); 323 DELETE FROM abc2 WHERE random()%10!=0; 324 COMMIT; 325 " 326 } {1 {child process exited abnormally}} 327 do_test crash-4.3.$i.2 { 328 signature 329 } $sig 330 do_test crash-4.3.$i.3 { 331 signature2 332 } $sig2 333} 334 335#-------------------------------------------------------------------------- 336# The following test cases - crash-5.* - exposes a bug that existed in the 337# sqlite3pager_movepage() API used by auto-vacuum databases. 338# database when a crash occurs during a multi-file transaction. See comments 339# in test crash-5.3 for details. 340# 341db close 342file delete -force test.db 343sqlite3 db test.db 344do_test crash-5.1 { 345 execsql { 346 CREATE TABLE abc(a, b, c); -- Root page 3 347 INSERT INTO abc VALUES(randstr(1500,1500), 0, 0); -- Overflow page 4 348 INSERT INTO abc SELECT * FROM abc; 349 INSERT INTO abc SELECT * FROM abc; 350 INSERT INTO abc SELECT * FROM abc; 351 } 352} {} 353do_test crash-5.2 { 354 expr [file size test.db] / 1024 355} [expr [string match [execsql {pragma auto_vacuum}] 1] ? 11 : 10] 356set sig [signature] 357do_test crash-5.3 { 358# The SQL below is used to expose a bug that existed in 359# sqlite3pager_movepage() during development of the auto-vacuum feature. It 360# functions as follows: 361# 362# 1: Begin a transaction. 363# 2: Put page 4 on the free-list (was the overflow page for the row deleted). 364# 3: Write data to page 4 (it becomes the overflow page for the row inserted). 365# The old page 4 data has been written to the journal file, but the 366# journal file has not been sync()hronized. 367# 4: Create a table, which calls sqlite3pager_movepage() to move page 4 368# to the end of the database (page 12) to make room for the new root-page. 369# 5: Put pressure on the pager-cache. This results in page 4 being written 370# to the database file to make space in the cache to load a new page. The 371# bug was that page 4 was written to the database file before the journal 372# is sync()hronized. 373# 6: Commit. A crash occurs during the sync of the journal file. 374# 375# End result: Before the bug was fixed, data has been written to page 4 of the 376# database file and the journal file does not contain trustworthy rollback 377# data for this page. 378# 379 crashsql 1 test.db-journal { 380 BEGIN; -- 1 381 DELETE FROM abc WHERE oid = 1; -- 2 382 INSERT INTO abc VALUES(randstr(1500,1500), 0, 0); -- 3 383 CREATE TABLE abc2(a, b, c); -- 4 384 SELECT * FROM abc; -- 5 385 COMMIT; -- 6 386 } 387} {1 {child process exited abnormally}} 388integrity_check crash-5.4 389do_test crash-5.5 { 390 signature 391} $sig 392 393#-------------------------------------------------------------------------- 394# The following test cases - crash-6.* - test that a DROP TABLE operation 395# is correctly rolled back in the event of a crash while the database file 396# is being written. This is mainly to test that all pages are written to the 397# journal file before truncation in an auto-vacuum database. 398# 399do_test crash-6.1 { 400 crashsql 1 test.db { 401 DROP TABLE abc; 402 } 403} {1 {child process exited abnormally}} 404do_test crash-6.2 { 405 signature 406} $sig 407 408#-------------------------------------------------------------------------- 409# These test cases test the case where the master journal file name is 410# corrupted slightly so that the corruption has to be detected by the 411# checksum. 412do_test crash-7.1 { 413 crashsql 1 test.db { 414 ATTACH 'test2.db' AS aux; 415 BEGIN; 416 INSERT INTO abc VALUES(randstr(1500,1500), 0, 0); 417 INSERT INTO abc2 VALUES(randstr(1500,1500), 0, 0); 418 COMMIT; 419 } 420 421 # Change the checksum value for the master journal name. 422 set f [open test.db-journal a] 423 fconfigure $f -encoding binary 424 seek $f [expr [file size test.db-journal] - 12] 425 puts -nonewline $f "\00\00\00\00" 426 close $f 427} {} 428do_test crash-7.2 { 429 signature 430} $sig 431 432finish_test 433