xref: /sqlite-3.40.0/test/malloc_common.tcl (revision 50833e32) 
1# 2007 May 05
2#
3# The author disclaims copyright to this source code.  In place of
4# a legal notice, here is a blessing:
5#
6#    May you do good and not evil.
7#    May you find forgiveness for yourself and forgive others.
8#    May you share freely, never taking more than you give.
9#
10#***********************************************************************
11#
12# This file contains common code used by many different malloc tests
13# within the test suite.
14#
15# $Id: malloc_common.tcl,v 1.22 2008/09/23 16:41:30 danielk1977 Exp $
16
17# If we did not compile with malloc testing enabled, then do nothing.
18#
19ifcapable builtin_test {
20  set MEMDEBUG 1
21} else {
22  set MEMDEBUG 0
23  return 0
24}
25
26# Transient and persistent OOM errors:
27#
28set FAULTSIM(oom-transient) [list          \
29  -injectstart   {oom_injectstart 0}       \
30  -injectstop    oom_injectstop            \
31  -injecterrlist {{1 {out of memory}}}     \
32]
33set FAULTSIM(oom-persistent) [list         \
34  -injectstart {oom_injectstart 1000000}   \
35  -injectstop oom_injectstop               \
36  -injecterrlist {{1 {out of memory}}}     \
37]
38
39# Transient and persistent IO errors:
40#
41set FAULTSIM(ioerr-transient) [list        \
42  -injectstart   {ioerr_injectstart 0}     \
43  -injectstop    ioerr_injectstop          \
44  -injecterrlist {{1 {disk I/O error}}}    \
45]
46set FAULTSIM(ioerr-persistent) [list       \
47  -injectstart   {ioerr_injectstart 1}     \
48  -injectstop    ioerr_injectstop          \
49  -injecterrlist {{1 {disk I/O error}}}    \
50]
51
52# SQLITE_FULL errors (always persistent):
53#
54set FAULTSIM(full) [list                   \
55  -injectinstall   fullerr_injectinstall   \
56  -injectstart     fullerr_injectstart     \
57  -injectstop      fullerr_injectstop      \
58  -injecterrlist   {{1 {database or disk is full}}} \
59  -injectuninstall fullerr_injectuninstall \
60]
61
62# Transient and persistent SHM errors:
63#
64set FAULTSIM(shmerr-transient) [list       \
65  -injectinstall   shmerr_injectinstall    \
66  -injectstart     {shmerr_injectstart 0}  \
67  -injectstop      shmerr_injectstop       \
68  -injecterrlist   {{1 {disk I/O error}}}  \
69  -injectuninstall shmerr_injectuninstall  \
70]
71set FAULTSIM(shmerr-persistent) [list      \
72  -injectinstall   shmerr_injectinstall    \
73  -injectstart     {shmerr_injectstart 1}  \
74  -injectstop      shmerr_injectstop       \
75  -injecterrlist   {{1 {disk I/O error}}}  \
76  -injectuninstall shmerr_injectuninstall  \
77]
78
79# Transient and persistent CANTOPEN errors:
80#
81set FAULTSIM(cantopen-transient) [list       \
82  -injectinstall   cantopen_injectinstall    \
83  -injectstart     {cantopen_injectstart 0}  \
84  -injectstop      cantopen_injectstop       \
85  -injecterrlist   {{1 {unable to open database file}}}  \
86  -injectuninstall cantopen_injectuninstall  \
87]
88set FAULTSIM(cantopen-persistent) [list      \
89  -injectinstall   cantopen_injectinstall    \
90  -injectstart     {cantopen_injectstart 1}  \
91  -injectstop      cantopen_injectstop       \
92  -injecterrlist   {{1 {unable to open database file}}}  \
93  -injectuninstall cantopen_injectuninstall  \
94]
95
96
97
98#--------------------------------------------------------------------------
99# Usage do_faultsim_test NAME ?OPTIONS...?
100#
101#     -faults           List of fault types to simulate.
102#
103#     -prep             Script to execute before -body.
104#
105#     -body             Script to execute (with fault injection).
106#
107#     -test             Script to execute after -body.
108#
109proc do_faultsim_test {name args} {
110  global FAULTSIM
111
112  set DEFAULT(-faults)        [array names FAULTSIM]
113  set DEFAULT(-prep)          ""
114  set DEFAULT(-body)          ""
115  set DEFAULT(-test)          ""
116
117  array set O [array get DEFAULT]
118  array set O $args
119  foreach o [array names O] {
120    if {[info exists DEFAULT($o)]==0} { error "unknown option: $o" }
121  }
122
123  set faultlist [list]
124  foreach f $O(-faults) {
125    set flist [array names FAULTSIM $f]
126    if {[llength $flist]==0} { error "unknown fault: $f" }
127    set faultlist [concat $faultlist $flist]
128  }
129
130  set testspec [list -prep $O(-prep) -body $O(-body) -test $O(-test)]
131  foreach f [lsort -unique $faultlist] {
132    eval do_one_faultsim_test "$name-$f" $FAULTSIM($f) $testspec
133  }
134}
135
136#-------------------------------------------------------------------------
137# Procedures to save and restore the current file-system state:
138#
139#   faultsim_save
140#   faultsim_restore
141#   faultsim_save_and_close
142#   faultsim_restore_and_reopen
143#   faultsim_delete_and_reopen
144#
145proc faultsim_save {} {
146  foreach f [glob -nocomplain sv_test.db*] { file delete -force $f }
147  foreach f [glob -nocomplain test.db*] {
148    set f2 "sv_$f"
149    file copy -force $f $f2
150  }
151}
152proc faultsim_save_and_close {} {
153  faultsim_save
154  catch { db close }
155  return ""
156}
157proc faultsim_restore {} {
158  foreach f [glob -nocomplain test.db*] { file delete -force $f }
159  foreach f2 [glob -nocomplain sv_test.db*] {
160    set f [string range $f2 3 end]
161    file copy -force $f2 $f
162  }
163}
164proc faultsim_restore_and_reopen {{dbfile test.db}} {
165  catch { db close }
166  faultsim_restore
167  sqlite3 db $dbfile
168  sqlite3_extended_result_codes db 1
169  sqlite3_db_config_lookaside db 0 0 0
170}
171
172proc faultsim_integrity_check {{db db}} {
173  set ic [$db eval { PRAGMA integrity_check }]
174  if {$ic != "ok"} { error "Integrity check: $ic" }
175}
176
177proc faultsim_delete_and_reopen {{file test.db}} {
178  catch { db close }
179  foreach f [glob -nocomplain test.db*] { file delete -force $f }
180  sqlite3 db $file
181}
182
183
184# The following procs are used as [do_one_faultsim_test] callbacks when
185# injecting OOM faults into test cases.
186#
187proc oom_injectstart {nRepeat iFail} {
188  sqlite3_memdebug_fail $iFail -repeat $nRepeat
189}
190proc oom_injectstop {} {
191  sqlite3_memdebug_fail -1
192}
193
194# The following procs are used as [do_one_faultsim_test] callbacks when
195# injecting IO error faults into test cases.
196#
197proc ioerr_injectstart {persist iFail} {
198  set ::sqlite_io_error_persist $persist
199  set ::sqlite_io_error_pending $iFail
200}
201proc ioerr_injectstop {} {
202  set sv $::sqlite_io_error_hit
203  set ::sqlite_io_error_persist 0
204  set ::sqlite_io_error_pending 0
205  set ::sqlite_io_error_hardhit 0
206  set ::sqlite_io_error_hit     0
207  set ::sqlite_io_error_pending 0
208  return $sv
209}
210
211# The following procs are used as [do_one_faultsim_test] callbacks when
212# injecting shared-memory related error faults into test cases.
213#
214proc shmerr_injectinstall {} {
215  testvfs shmfault -default true
216  shmfault filter {xShmOpen xShmMap xShmLock}
217}
218proc shmerr_injectuninstall {} {
219  catch {db  close}
220  catch {db2 close}
221  shmfault delete
222}
223proc shmerr_injectstart {persist iFail} {
224  shmfault ioerr $iFail $persist
225}
226proc shmerr_injectstop {} {
227  shmfault ioerr
228}
229
230# The following procs are used as [do_one_faultsim_test] callbacks when
231# injecting SQLITE_FULL error faults into test cases.
232#
233proc fullerr_injectinstall {} {
234  testvfs shmfault -default true
235}
236proc fullerr_injectuninstall {} {
237  catch {db  close}
238  catch {db2 close}
239  shmfault delete
240}
241proc fullerr_injectstart {iFail} {
242  shmfault full $iFail 1
243}
244proc fullerr_injectstop {} {
245  shmfault full
246}
247
248# The following procs are used as [do_one_faultsim_test] callbacks when
249# injecting SQLITE_CANTOPEN error faults into test cases.
250#
251proc cantopen_injectinstall {} {
252  testvfs shmfault -default true
253}
254proc cantopen_injectuninstall {} {
255  catch {db  close}
256  catch {db2 close}
257  shmfault delete
258}
259proc cantopen_injectstart {persist iFail} {
260  shmfault cantopen $iFail $persist
261}
262proc cantopen_injectstop {} {
263  shmfault cantopen
264}
265
266# This command is not called directly. It is used by the
267# [faultsim_test_result] command created by [do_faultsim_test] and used
268# by -test scripts.
269#
270proc faultsim_test_result_int {args} {
271  upvar testrc testrc testresult testresult testnfail testnfail
272  set t [list $testrc $testresult]
273  set r $args
274  if { ($testnfail==0 && $t != [lindex $r 0]) || [lsearch $r $t]<0 } {
275    error "nfail=$testnfail rc=$testrc result=$testresult"
276  }
277}
278
279#--------------------------------------------------------------------------
280# Usage do_one_faultsim_test NAME ?OPTIONS...?
281#
282# The first argument, <test number>, is used as a prefix of the test names
283# taken by tests executed by this command. Options are as follows. All
284# options take a single argument.
285#
286#     -injectstart      Script to enable fault-injection.
287#
288#     -injectstop       Script to disable fault-injection.
289#
290#     -injecterrlist    List of generally acceptable test results (i.e. error
291#                       messages). Example: [list {1 {out of memory}}]
292#
293#     -injectinstall
294#
295#     -injectuninstall
296#
297#     -prep             Script to execute before -body.
298#
299#     -body             Script to execute (with fault injection).
300#
301#     -test             Script to execute after -body.
302#
303proc do_one_faultsim_test {testname args} {
304
305  set DEFAULT(-injectstart)     "expr"
306  set DEFAULT(-injectstop)      "expr 0"
307  set DEFAULT(-injecterrlist)   [list]
308  set DEFAULT(-injectinstall)   ""
309  set DEFAULT(-injectuninstall) ""
310  set DEFAULT(-prep)            ""
311  set DEFAULT(-body)            ""
312  set DEFAULT(-test)            ""
313
314  array set O [array get DEFAULT]
315  array set O $args
316  foreach o [array names O] {
317    if {[info exists DEFAULT($o)]==0} { error "unknown option: $o" }
318  }
319
320  proc faultsim_test_proc {testrc testresult testnfail} $O(-test)
321  proc faultsim_test_result {args} "
322    uplevel faultsim_test_result_int \$args [list $O(-injecterrlist)]
323  "
324
325  eval $O(-injectinstall)
326
327  set stop 0
328  for {set iFail 1} {!$stop} {incr iFail} {
329
330    # Evaluate the -prep script.
331    #
332    eval $O(-prep)
333
334    # Start the fault-injection. Run the -body script. Stop the fault
335    # injection. Local var $nfail is set to the total number of faults
336    # injected into the system this trial.
337    #
338    eval $O(-injectstart) $iFail
339    set rc [catch $O(-body) res]
340    set nfail [eval $O(-injectstop)]
341
342    # Run the -test script. If it throws no error, consider this trial
343    # sucessful. If it does throw an error, cause a [do_test] test to
344    # fail (and print out the unexpected exception thrown by the -test
345    # script at the same time).
346    #
347    set rc [catch [list faultsim_test_proc $rc $res $nfail] res]
348    if {$rc == 0} {set res ok}
349    do_test $testname.$iFail [list list $rc $res] {0 ok}
350
351    # If no faults where injected this trial, don't bother running
352    # any more. This test is finished.
353    #
354    if {$nfail==0} { set stop 1 }
355  }
356
357  eval $O(-injectuninstall)
358}
359
360# Usage: do_malloc_test <test number> <options...>
361#
362# The first argument, <test number>, is an integer used to name the
363# tests executed by this proc. Options are as follows:
364#
365#     -tclprep          TCL script to run to prepare test.
366#     -sqlprep          SQL script to run to prepare test.
367#     -tclbody          TCL script to run with malloc failure simulation.
368#     -sqlbody          TCL script to run with malloc failure simulation.
369#     -cleanup          TCL script to run after the test.
370#
371# This command runs a series of tests to verify SQLite's ability
372# to handle an out-of-memory condition gracefully. It is assumed
373# that if this condition occurs a malloc() call will return a
374# NULL pointer. Linux, for example, doesn't do that by default. See
375# the "BUGS" section of malloc(3).
376#
377# Each iteration of a loop, the TCL commands in any argument passed
378# to the -tclbody switch, followed by the SQL commands in any argument
379# passed to the -sqlbody switch are executed. Each iteration the
380# Nth call to sqliteMalloc() is made to fail, where N is increased
381# each time the loop runs starting from 1. When all commands execute
382# successfully, the loop ends.
383#
384proc do_malloc_test {tn args} {
385  array unset ::mallocopts
386  array set ::mallocopts $args
387
388  if {[string is integer $tn]} {
389    set tn malloc-$tn
390  }
391  if {[info exists ::mallocopts(-start)]} {
392    set start $::mallocopts(-start)
393  } else {
394    set start 0
395  }
396  if {[info exists ::mallocopts(-end)]} {
397    set end $::mallocopts(-end)
398  } else {
399    set end 50000
400  }
401  save_prng_state
402
403  foreach ::iRepeat {0 10000000} {
404    set ::go 1
405    for {set ::n $start} {$::go && $::n <= $end} {incr ::n} {
406
407      # If $::iRepeat is 0, then the malloc() failure is transient - it
408      # fails and then subsequent calls succeed. If $::iRepeat is 1,
409      # then the failure is persistent - once malloc() fails it keeps
410      # failing.
411      #
412      set zRepeat "transient"
413      if {$::iRepeat} {set zRepeat "persistent"}
414      restore_prng_state
415      foreach file [glob -nocomplain test.db-mj*] {file delete -force $file}
416
417      do_test ${tn}.${zRepeat}.${::n} {
418
419        # Remove all traces of database files test.db and test2.db
420        # from the file-system. Then open (empty database) "test.db"
421        # with the handle [db].
422        #
423        catch {db close}
424        catch {file delete -force test.db}
425        catch {file delete -force test.db-journal}
426        catch {file delete -force test.db-wal}
427        catch {file delete -force test2.db}
428        catch {file delete -force test2.db-journal}
429        catch {file delete -force test2.db-wal}
430        if {[info exists ::mallocopts(-testdb)]} {
431          file copy $::mallocopts(-testdb) test.db
432        }
433        catch { sqlite3 db test.db }
434        if {[info commands db] ne ""} {
435          sqlite3_extended_result_codes db 1
436        }
437        sqlite3_db_config_lookaside db 0 0 0
438
439        # Execute any -tclprep and -sqlprep scripts.
440        #
441        if {[info exists ::mallocopts(-tclprep)]} {
442          eval $::mallocopts(-tclprep)
443        }
444        if {[info exists ::mallocopts(-sqlprep)]} {
445          execsql $::mallocopts(-sqlprep)
446        }
447
448        # Now set the ${::n}th malloc() to fail and execute the -tclbody
449        # and -sqlbody scripts.
450        #
451        sqlite3_memdebug_fail $::n -repeat $::iRepeat
452        set ::mallocbody {}
453        if {[info exists ::mallocopts(-tclbody)]} {
454          append ::mallocbody "$::mallocopts(-tclbody)\n"
455        }
456        if {[info exists ::mallocopts(-sqlbody)]} {
457          append ::mallocbody "db eval {$::mallocopts(-sqlbody)}"
458        }
459
460        # The following block sets local variables as follows:
461        #
462        #     isFail  - True if an error (any error) was reported by sqlite.
463        #     nFail   - The total number of simulated malloc() failures.
464        #     nBenign - The number of benign simulated malloc() failures.
465        #
466        set isFail [catch $::mallocbody msg]
467        set nFail [sqlite3_memdebug_fail -1 -benigncnt nBenign]
468        # puts -nonewline " (isFail=$isFail nFail=$nFail nBenign=$nBenign) "
469
470        # If one or more mallocs failed, run this loop body again.
471        #
472        set go [expr {$nFail>0}]
473
474        if {($nFail-$nBenign)==0} {
475          if {$isFail} {
476            set v2 $msg
477          } else {
478            set isFail 1
479            set v2 1
480          }
481        } elseif {!$isFail} {
482          set v2 $msg
483        } elseif {
484          [info command db]=="" ||
485          [db errorcode]==7 ||
486          $msg=="out of memory"
487        } {
488          set v2 1
489        } else {
490          set v2 $msg
491          puts [db errorcode]
492        }
493        lappend isFail $v2
494      } {1 1}
495
496      if {[info exists ::mallocopts(-cleanup)]} {
497        catch [list uplevel #0 $::mallocopts(-cleanup)] msg
498      }
499    }
500  }
501  unset ::mallocopts
502  sqlite3_memdebug_fail -1
503}
504
505
506#-------------------------------------------------------------------------
507# This proc is used to test a single SELECT statement. Parameter $name is
508# passed a name for the test case (i.e. "fts3_malloc-1.4.1") and parameter
509# $sql is passed the text of the SELECT statement. Parameter $result is
510# set to the expected output if the SELECT statement is successfully
511# executed using [db eval].
512#
513# Example:
514#
515#   do_select_test testcase-1.1 "SELECT 1+1, 1+2" {1 2}
516#
517# If global variable DO_MALLOC_TEST is set to a non-zero value, or if
518# it is not defined at all, then OOM testing is performed on the SELECT
519# statement. Each OOM test case is said to pass if either (a) executing
520# the SELECT statement succeeds and the results match those specified
521# by parameter $result, or (b) TCL throws an "out of memory" error.
522#
523# If DO_MALLOC_TEST is defined and set to zero, then the SELECT statement
524# is executed just once. In this case the test case passes if the results
525# match the expected results passed via parameter $result.
526#
527proc do_select_test {name sql result} {
528  uplevel [list doPassiveTest 0 $name $sql [list 0 $result]]
529}
530
531proc do_restart_select_test {name sql result} {
532  uplevel [list doPassiveTest 1 $name $sql [list 0 $result]]
533}
534
535proc do_error_test {name sql error} {
536  uplevel [list doPassiveTest 0 $name $sql [list 1 $error]]
537}
538
539proc doPassiveTest {isRestart name sql catchres} {
540  if {![info exists ::DO_MALLOC_TEST]} { set ::DO_MALLOC_TEST 1 }
541
542  switch $::DO_MALLOC_TEST {
543    0 { # No malloc failures.
544      do_test $name [list set {} [uplevel [list catchsql $sql]]] $catchres
545      return
546    }
547    1 { # Simulate transient failures.
548      set nRepeat 1
549      set zName "transient"
550      set nStartLimit 100000
551      set nBackup 1
552    }
553    2 { # Simulate persistent failures.
554      set nRepeat 1
555      set zName "persistent"
556      set nStartLimit 100000
557      set nBackup 1
558    }
559    3 { # Simulate transient failures with extra brute force.
560      set nRepeat 100000
561      set zName "ridiculous"
562      set nStartLimit 1
563      set nBackup 10
564    }
565  }
566
567  # The set of acceptable results from running [catchsql $sql].
568  #
569  set answers [list {1 {out of memory}} $catchres]
570  set str [join $answers " OR "]
571
572  set nFail 1
573  for {set iLimit $nStartLimit} {$nFail} {incr iLimit} {
574    for {set iFail 1} {$nFail && $iFail<=$iLimit} {incr iFail} {
575      for {set iTest 0} {$iTest<$nBackup && ($iFail-$iTest)>0} {incr iTest} {
576
577        if {$isRestart} { sqlite3 db test.db }
578
579        sqlite3_memdebug_fail [expr $iFail-$iTest] -repeat $nRepeat
580        set res [uplevel [list catchsql $sql]]
581        if {[lsearch -exact $answers $res]>=0} { set res $str }
582        set testname "$name.$zName.$iFail"
583        do_test "$name.$zName.$iLimit.$iFail" [list set {} $res] $str
584
585        set nFail [sqlite3_memdebug_fail -1 -benigncnt nBenign]
586      }
587    }
588  }
589}
590
591
592#-------------------------------------------------------------------------
593# Test a single write to the database. In this case a  "write" is a
594# DELETE, UPDATE or INSERT statement.
595#
596# If OOM testing is performed, there are several acceptable outcomes:
597#
598#   1) The write succeeds. No error is returned.
599#
600#   2) An "out of memory" exception is thrown and:
601#
602#     a) The statement has no effect, OR
603#     b) The current transaction is rolled back, OR
604#     c) The statement succeeds. This can only happen if the connection
605#        is in auto-commit mode (after the statement is executed, so this
606#        includes COMMIT statements).
607#
608# If the write operation eventually succeeds, zero is returned. If a
609# transaction is rolled back, non-zero is returned.
610#
611# Parameter $name is the name to use for the test case (or test cases).
612# The second parameter, $tbl, should be the name of the database table
613# being modified. Parameter $sql contains the SQL statement to test.
614#
615proc do_write_test {name tbl sql} {
616  if {![info exists ::DO_MALLOC_TEST]} { set ::DO_MALLOC_TEST 1 }
617
618  # Figure out an statement to get a checksum for table $tbl.
619  db eval "SELECT * FROM $tbl" V break
620  set cksumsql "SELECT md5sum([join [concat rowid $V(*)] ,]) FROM $tbl"
621
622  # Calculate the initial table checksum.
623  set cksum1 [db one $cksumsql]
624
625  if {$::DO_MALLOC_TEST } {
626    set answers [list {1 {out of memory}} {0 {}}]
627    if {$::DO_MALLOC_TEST==1} {
628      set modes {100000 persistent}
629    } else {
630      set modes {1 transient}
631    }
632  } else {
633    set answers [list {0 {}}]
634    set modes [list 0 nofail]
635  }
636  set str [join $answers " OR "]
637
638  foreach {nRepeat zName} $modes {
639    for {set iFail 1} 1 {incr iFail} {
640      if {$::DO_MALLOC_TEST} {sqlite3_memdebug_fail $iFail -repeat $nRepeat}
641
642      set res [uplevel [list catchsql $sql]]
643      set nFail [sqlite3_memdebug_fail -1 -benigncnt nBenign]
644      if {$nFail==0} {
645        do_test $name.$zName.$iFail [list set {} $res] {0 {}}
646        return
647      } else {
648        if {[lsearch $answers $res]>=0} {
649          set res $str
650        }
651        do_test $name.$zName.$iFail [list set {} $res] $str
652        set cksum2 [db one $cksumsql]
653        if {$cksum1 != $cksum2} return
654      }
655    }
656  }
657}
658