xref: /sqlite-3.40.0/test/malloc_common.tcl (revision dca321ae) 
1# 2007 May 05
2#
3# The author disclaims copyright to this source code.  In place of
4# a legal notice, here is a blessing:
5#
6#    May you do good and not evil.
7#    May you find forgiveness for yourself and forgive others.
8#    May you share freely, never taking more than you give.
9#
10#***********************************************************************
11#
12# This file contains common code used by many different malloc tests
13# within the test suite.
14#
15# $Id: malloc_common.tcl,v 1.22 2008/09/23 16:41:30 danielk1977 Exp $
16
17# If we did not compile with malloc testing enabled, then do nothing.
18#
19ifcapable builtin_test {
20  set MEMDEBUG 1
21} else {
22  set MEMDEBUG 0
23  return 0
24}
25
26# Transient and persistent OOM errors:
27#
28set FAULTSIM(oom-transient) [list          \
29  -injectstart   {oom_injectstart 0}       \
30  -injectstop    oom_injectstop            \
31  -injecterrlist {{1 {out of memory}}}     \
32]
33set FAULTSIM(oom-persistent) [list         \
34  -injectstart {oom_injectstart 1000000}   \
35  -injectstop oom_injectstop               \
36  -injecterrlist {{1 {out of memory}}}     \
37]
38
39# Transient and persistent IO errors:
40#
41set FAULTSIM(ioerr-transient) [list        \
42  -injectstart   {ioerr_injectstart 0}     \
43  -injectstop    ioerr_injectstop          \
44  -injecterrlist {{1 {disk I/O error}}}    \
45]
46set FAULTSIM(ioerr-persistent) [list       \
47  -injectstart   {ioerr_injectstart 1}     \
48  -injectstop    ioerr_injectstop          \
49  -injecterrlist {{1 {disk I/O error}}}    \
50]
51
52# SQLITE_FULL errors (always persistent):
53#
54set FAULTSIM(full) [list                   \
55  -injectinstall   fullerr_injectinstall   \
56  -injectstart     fullerr_injectstart     \
57  -injectstop      fullerr_injectstop      \
58  -injecterrlist   {{1 {database or disk is full}}} \
59  -injectuninstall fullerr_injectuninstall \
60]
61
62# Transient and persistent SHM errors:
63#
64set FAULTSIM(shmerr-transient) [list       \
65  -injectinstall   shmerr_injectinstall    \
66  -injectstart     {shmerr_injectstart 0}  \
67  -injectstop      shmerr_injectstop       \
68  -injecterrlist   {{1 {disk I/O error}}}  \
69  -injectuninstall shmerr_injectuninstall  \
70]
71set FAULTSIM(shmerr-persistent) [list      \
72  -injectinstall   shmerr_injectinstall    \
73  -injectstart     {shmerr_injectstart 1}  \
74  -injectstop      shmerr_injectstop       \
75  -injecterrlist   {{1 {disk I/O error}}}  \
76  -injectuninstall shmerr_injectuninstall  \
77]
78
79
80
81#--------------------------------------------------------------------------
82# Usage do_faultsim_test NAME ?OPTIONS...?
83#
84#     -faults           List of fault types to simulate.
85#
86#     -prep             Script to execute before -body.
87#
88#     -body             Script to execute (with fault injection).
89#
90#     -test             Script to execute after -body.
91#
92proc do_faultsim_test {name args} {
93  global FAULTSIM
94
95  set DEFAULT(-faults)        [array names FAULTSIM]
96  set DEFAULT(-prep)          ""
97  set DEFAULT(-body)          ""
98  set DEFAULT(-test)          ""
99
100  array set O [array get DEFAULT]
101  array set O $args
102  foreach o [array names O] {
103    if {[info exists DEFAULT($o)]==0} { error "unknown option: $o" }
104  }
105
106  set faultlist [list]
107  foreach f $O(-faults) {
108    set flist [array names FAULTSIM $f]
109    if {[llength $flist]==0} { error "unknown fault: $f" }
110    set faultlist [concat $faultlist $flist]
111  }
112
113  set testspec [list -prep $O(-prep) -body $O(-body) -test $O(-test)]
114  foreach f [lsort -unique $faultlist] {
115    eval do_one_faultsim_test "$name-$f" $FAULTSIM($f) $testspec
116  }
117}
118
119#-------------------------------------------------------------------------
120# Procedures to save and restore the current file-system state:
121#
122#   faultsim_save
123#   faultsim_save_and_close
124#   faultsim_restore_and_reopen
125#   faultsim_delete_and_reopen
126#
127proc faultsim_save {} {
128  foreach f [glob -nocomplain sv_test.db*] { file delete -force $f }
129  foreach f [glob -nocomplain test.db*] {
130    set f2 "sv_$f"
131    file copy -force $f $f2
132  }
133}
134proc faultsim_save_and_close {} {
135  faultsim_save
136  catch { db close }
137  return ""
138}
139proc faultsim_restore_and_reopen {{dbfile test.db}} {
140  catch { db close }
141  foreach f [glob -nocomplain test.db*] { file delete -force $f }
142  foreach f2 [glob -nocomplain sv_test.db*] {
143    set f [string range $f2 3 end]
144    file copy -force $f2 $f
145  }
146  sqlite3 db $dbfile
147  sqlite3_extended_result_codes db 1
148  sqlite3_db_config_lookaside db 0 0 0
149}
150
151proc faultsim_integrity_check {{db db}} {
152  set ic [$db eval { PRAGMA integrity_check }]
153  if {$ic != "ok"} { error "Integrity check: $ic" }
154}
155
156proc faultsim_delete_and_reopen {{file test.db}} {
157  catch { db close }
158  foreach f [glob -nocomplain test.db*] { file delete -force $f }
159  sqlite3 db $file
160}
161
162
163# The following procs are used as [do_one_faultsim_test] callbacks when
164# injecting OOM faults into test cases.
165#
166proc oom_injectstart {nRepeat iFail} {
167  sqlite3_memdebug_fail $iFail -repeat $nRepeat
168}
169proc oom_injectstop {} {
170  sqlite3_memdebug_fail -1
171}
172
173# The following procs are used as [do_one_faultsim_test] callbacks when
174# injecting IO error faults into test cases.
175#
176proc ioerr_injectstart {persist iFail} {
177  set ::sqlite_io_error_persist $persist
178  set ::sqlite_io_error_pending $iFail
179}
180proc ioerr_injectstop {} {
181  set sv $::sqlite_io_error_hit
182  set ::sqlite_io_error_persist 0
183  set ::sqlite_io_error_pending 0
184  set ::sqlite_io_error_hardhit 0
185  set ::sqlite_io_error_hit     0
186  set ::sqlite_io_error_pending 0
187  return $sv
188}
189
190# The following procs are used as [do_one_faultsim_test] callbacks when
191# injecting shared-memory related error faults into test cases.
192#
193proc shmerr_injectinstall {} {
194  testvfs shmfault -default true
195  shmfault filter {xShmOpen xShmMap xShmLock}
196}
197proc shmerr_injectuninstall {} {
198  catch {db  close}
199  catch {db2 close}
200  shmfault delete
201}
202proc shmerr_injectstart {persist iFail} {
203  shmfault ioerr $iFail $persist
204}
205proc shmerr_injectstop {} {
206  shmfault ioerr 0 0
207}
208
209# The following procs are used as [do_one_faultsim_test] callbacks when
210# injecting SQLITE_FULL error faults into test cases.
211#
212proc fullerr_injectinstall {} {
213  testvfs shmfault -default true
214}
215proc fullerr_injectuninstall {} {
216  catch {db  close}
217  catch {db2 close}
218  shmfault delete
219}
220proc fullerr_injectstart {iFail} {
221  shmfault full $iFail
222}
223proc fullerr_injectstop {} {
224  shmfault full 0
225}
226
227# This command is not called directly. It is used by the
228# [faultsim_test_result] command created by [do_faultsim_test] and used
229# by -test scripts.
230#
231proc faultsim_test_result_int {args} {
232  upvar testrc testrc testresult testresult testnfail testnfail
233  set t [list $testrc $testresult]
234  set r $args
235  if { ($testnfail==0 && $t != [lindex $r 0]) || [lsearch $r $t]<0 } {
236    error "nfail=$testnfail rc=$testrc result=$testresult"
237  }
238}
239
240#--------------------------------------------------------------------------
241# Usage do_one_faultsim_test NAME ?OPTIONS...?
242#
243# The first argument, <test number>, is used as a prefix of the test names
244# taken by tests executed by this command. Options are as follows. All
245# options take a single argument.
246#
247#     -injectstart      Script to enable fault-injection.
248#
249#     -injectstop       Script to disable fault-injection.
250#
251#     -injecterrlist    List of generally acceptable test results (i.e. error
252#                       messages). Example: [list {1 {out of memory}}]
253#
254#     -injectinstall
255#
256#     -injectuninstall
257#
258#     -prep             Script to execute before -body.
259#
260#     -body             Script to execute (with fault injection).
261#
262#     -test             Script to execute after -body.
263#
264proc do_one_faultsim_test {testname args} {
265
266  set DEFAULT(-injectstart)     "expr"
267  set DEFAULT(-injectstop)      "expr 0"
268  set DEFAULT(-injecterrlist)   [list]
269  set DEFAULT(-injectinstall)   ""
270  set DEFAULT(-injectuninstall) ""
271  set DEFAULT(-prep)            ""
272  set DEFAULT(-body)            ""
273  set DEFAULT(-test)            ""
274
275  array set O [array get DEFAULT]
276  array set O $args
277  foreach o [array names O] {
278    if {[info exists DEFAULT($o)]==0} { error "unknown option: $o" }
279  }
280
281  proc faultsim_test_proc {testrc testresult testnfail} $O(-test)
282  proc faultsim_test_result {args} "
283    uplevel faultsim_test_result_int \$args [list $O(-injecterrlist)]
284  "
285
286  eval $O(-injectinstall)
287
288  set stop 0
289  for {set iFail 1} {!$stop} {incr iFail} {
290
291    # Evaluate the -prep script.
292    #
293    eval $O(-prep)
294
295    # Start the fault-injection. Run the -body script. Stop the fault
296    # injection. Local var $nfail is set to the total number of faults
297    # injected into the system this trial.
298    #
299    eval $O(-injectstart) $iFail
300    set rc [catch $O(-body) res]
301    set nfail [eval $O(-injectstop)]
302
303    # Run the -test script. If it throws no error, consider this trial
304    # sucessful. If it does throw an error, cause a [do_test] test to
305    # fail (and print out the unexpected exception thrown by the -test
306    # script at the same time).
307    #
308    set rc [catch [list faultsim_test_proc $rc $res $nfail] res]
309    if {$rc == 0} {set res ok}
310    do_test $testname.$iFail [list list $rc $res] {0 ok}
311
312    # If no faults where injected this trial, don't bother running
313    # any more. This test is finished.
314    #
315    if {$nfail==0} { set stop 1 }
316  }
317
318  eval $O(-injectuninstall)
319}
320
321# Usage: do_malloc_test <test number> <options...>
322#
323# The first argument, <test number>, is an integer used to name the
324# tests executed by this proc. Options are as follows:
325#
326#     -tclprep          TCL script to run to prepare test.
327#     -sqlprep          SQL script to run to prepare test.
328#     -tclbody          TCL script to run with malloc failure simulation.
329#     -sqlbody          TCL script to run with malloc failure simulation.
330#     -cleanup          TCL script to run after the test.
331#
332# This command runs a series of tests to verify SQLite's ability
333# to handle an out-of-memory condition gracefully. It is assumed
334# that if this condition occurs a malloc() call will return a
335# NULL pointer. Linux, for example, doesn't do that by default. See
336# the "BUGS" section of malloc(3).
337#
338# Each iteration of a loop, the TCL commands in any argument passed
339# to the -tclbody switch, followed by the SQL commands in any argument
340# passed to the -sqlbody switch are executed. Each iteration the
341# Nth call to sqliteMalloc() is made to fail, where N is increased
342# each time the loop runs starting from 1. When all commands execute
343# successfully, the loop ends.
344#
345proc do_malloc_test {tn args} {
346  array unset ::mallocopts
347  array set ::mallocopts $args
348
349  if {[string is integer $tn]} {
350    set tn malloc-$tn
351  }
352  if {[info exists ::mallocopts(-start)]} {
353    set start $::mallocopts(-start)
354  } else {
355    set start 0
356  }
357  if {[info exists ::mallocopts(-end)]} {
358    set end $::mallocopts(-end)
359  } else {
360    set end 50000
361  }
362  save_prng_state
363
364  foreach ::iRepeat {0 10000000} {
365    set ::go 1
366    for {set ::n $start} {$::go && $::n <= $end} {incr ::n} {
367
368      # If $::iRepeat is 0, then the malloc() failure is transient - it
369      # fails and then subsequent calls succeed. If $::iRepeat is 1,
370      # then the failure is persistent - once malloc() fails it keeps
371      # failing.
372      #
373      set zRepeat "transient"
374      if {$::iRepeat} {set zRepeat "persistent"}
375      restore_prng_state
376      foreach file [glob -nocomplain test.db-mj*] {file delete -force $file}
377
378      do_test ${tn}.${zRepeat}.${::n} {
379
380        # Remove all traces of database files test.db and test2.db
381        # from the file-system. Then open (empty database) "test.db"
382        # with the handle [db].
383        #
384        catch {db close}
385        catch {file delete -force test.db}
386        catch {file delete -force test.db-journal}
387        catch {file delete -force test.db-wal}
388        catch {file delete -force test2.db}
389        catch {file delete -force test2.db-journal}
390        catch {file delete -force test2.db-wal}
391        if {[info exists ::mallocopts(-testdb)]} {
392          file copy $::mallocopts(-testdb) test.db
393        }
394        catch { sqlite3 db test.db }
395        if {[info commands db] ne ""} {
396          sqlite3_extended_result_codes db 1
397        }
398        sqlite3_db_config_lookaside db 0 0 0
399
400        # Execute any -tclprep and -sqlprep scripts.
401        #
402        if {[info exists ::mallocopts(-tclprep)]} {
403          eval $::mallocopts(-tclprep)
404        }
405        if {[info exists ::mallocopts(-sqlprep)]} {
406          execsql $::mallocopts(-sqlprep)
407        }
408
409        # Now set the ${::n}th malloc() to fail and execute the -tclbody
410        # and -sqlbody scripts.
411        #
412        sqlite3_memdebug_fail $::n -repeat $::iRepeat
413        set ::mallocbody {}
414        if {[info exists ::mallocopts(-tclbody)]} {
415          append ::mallocbody "$::mallocopts(-tclbody)\n"
416        }
417        if {[info exists ::mallocopts(-sqlbody)]} {
418          append ::mallocbody "db eval {$::mallocopts(-sqlbody)}"
419        }
420
421        # The following block sets local variables as follows:
422        #
423        #     isFail  - True if an error (any error) was reported by sqlite.
424        #     nFail   - The total number of simulated malloc() failures.
425        #     nBenign - The number of benign simulated malloc() failures.
426        #
427        set isFail [catch $::mallocbody msg]
428        set nFail [sqlite3_memdebug_fail -1 -benigncnt nBenign]
429        # puts -nonewline " (isFail=$isFail nFail=$nFail nBenign=$nBenign) "
430
431        # If one or more mallocs failed, run this loop body again.
432        #
433        set go [expr {$nFail>0}]
434
435        if {($nFail-$nBenign)==0} {
436          if {$isFail} {
437            set v2 $msg
438          } else {
439            set isFail 1
440            set v2 1
441          }
442        } elseif {!$isFail} {
443          set v2 $msg
444        } elseif {
445          [info command db]=="" ||
446          [db errorcode]==7 ||
447          $msg=="out of memory"
448        } {
449          set v2 1
450        } else {
451          set v2 $msg
452          puts [db errorcode]
453        }
454        lappend isFail $v2
455      } {1 1}
456
457      if {[info exists ::mallocopts(-cleanup)]} {
458        catch [list uplevel #0 $::mallocopts(-cleanup)] msg
459      }
460    }
461  }
462  unset ::mallocopts
463  sqlite3_memdebug_fail -1
464}
465
466
467#-------------------------------------------------------------------------
468# This proc is used to test a single SELECT statement. Parameter $name is
469# passed a name for the test case (i.e. "fts3_malloc-1.4.1") and parameter
470# $sql is passed the text of the SELECT statement. Parameter $result is
471# set to the expected output if the SELECT statement is successfully
472# executed using [db eval].
473#
474# Example:
475#
476#   do_select_test testcase-1.1 "SELECT 1+1, 1+2" {1 2}
477#
478# If global variable DO_MALLOC_TEST is set to a non-zero value, or if
479# it is not defined at all, then OOM testing is performed on the SELECT
480# statement. Each OOM test case is said to pass if either (a) executing
481# the SELECT statement succeeds and the results match those specified
482# by parameter $result, or (b) TCL throws an "out of memory" error.
483#
484# If DO_MALLOC_TEST is defined and set to zero, then the SELECT statement
485# is executed just once. In this case the test case passes if the results
486# match the expected results passed via parameter $result.
487#
488proc do_select_test {name sql result} {
489  uplevel [list doPassiveTest 0 $name $sql [list 0 $result]]
490}
491
492proc do_restart_select_test {name sql result} {
493  uplevel [list doPassiveTest 1 $name $sql [list 0 $result]]
494}
495
496proc do_error_test {name sql error} {
497  uplevel [list doPassiveTest 0 $name $sql [list 1 $error]]
498}
499
500proc doPassiveTest {isRestart name sql catchres} {
501  if {![info exists ::DO_MALLOC_TEST]} { set ::DO_MALLOC_TEST 1 }
502
503  switch $::DO_MALLOC_TEST {
504    0 { # No malloc failures.
505      do_test $name [list set {} [uplevel [list catchsql $sql]]] $catchres
506      return
507    }
508    1 { # Simulate transient failures.
509      set nRepeat 1
510      set zName "transient"
511      set nStartLimit 100000
512      set nBackup 1
513    }
514    2 { # Simulate persistent failures.
515      set nRepeat 1
516      set zName "persistent"
517      set nStartLimit 100000
518      set nBackup 1
519    }
520    3 { # Simulate transient failures with extra brute force.
521      set nRepeat 100000
522      set zName "ridiculous"
523      set nStartLimit 1
524      set nBackup 10
525    }
526  }
527
528  # The set of acceptable results from running [catchsql $sql].
529  #
530  set answers [list {1 {out of memory}} $catchres]
531  set str [join $answers " OR "]
532
533  set nFail 1
534  for {set iLimit $nStartLimit} {$nFail} {incr iLimit} {
535    for {set iFail 1} {$nFail && $iFail<=$iLimit} {incr iFail} {
536      for {set iTest 0} {$iTest<$nBackup && ($iFail-$iTest)>0} {incr iTest} {
537
538        if {$isRestart} { sqlite3 db test.db }
539
540        sqlite3_memdebug_fail [expr $iFail-$iTest] -repeat $nRepeat
541        set res [uplevel [list catchsql $sql]]
542        if {[lsearch -exact $answers $res]>=0} { set res $str }
543        set testname "$name.$zName.$iFail"
544        do_test "$name.$zName.$iLimit.$iFail" [list set {} $res] $str
545
546        set nFail [sqlite3_memdebug_fail -1 -benigncnt nBenign]
547      }
548    }
549  }
550}
551
552
553#-------------------------------------------------------------------------
554# Test a single write to the database. In this case a  "write" is a
555# DELETE, UPDATE or INSERT statement.
556#
557# If OOM testing is performed, there are several acceptable outcomes:
558#
559#   1) The write succeeds. No error is returned.
560#
561#   2) An "out of memory" exception is thrown and:
562#
563#     a) The statement has no effect, OR
564#     b) The current transaction is rolled back, OR
565#     c) The statement succeeds. This can only happen if the connection
566#        is in auto-commit mode (after the statement is executed, so this
567#        includes COMMIT statements).
568#
569# If the write operation eventually succeeds, zero is returned. If a
570# transaction is rolled back, non-zero is returned.
571#
572# Parameter $name is the name to use for the test case (or test cases).
573# The second parameter, $tbl, should be the name of the database table
574# being modified. Parameter $sql contains the SQL statement to test.
575#
576proc do_write_test {name tbl sql} {
577  if {![info exists ::DO_MALLOC_TEST]} { set ::DO_MALLOC_TEST 1 }
578
579  # Figure out an statement to get a checksum for table $tbl.
580  db eval "SELECT * FROM $tbl" V break
581  set cksumsql "SELECT md5sum([join [concat rowid $V(*)] ,]) FROM $tbl"
582
583  # Calculate the initial table checksum.
584  set cksum1 [db one $cksumsql]
585
586  if {$::DO_MALLOC_TEST } {
587    set answers [list {1 {out of memory}} {0 {}}]
588    if {$::DO_MALLOC_TEST==1} {
589      set modes {100000 transient}
590    } else {
591      set modes {1 persistent}
592    }
593  } else {
594    set answers [list {0 {}}]
595    set modes [list 0 nofail]
596  }
597  set str [join $answers " OR "]
598
599  foreach {nRepeat zName} $modes {
600    for {set iFail 1} 1 {incr iFail} {
601      if {$::DO_MALLOC_TEST} {sqlite3_memdebug_fail $iFail -repeat $nRepeat}
602
603      set res [uplevel [list catchsql $sql]]
604      set nFail [sqlite3_memdebug_fail -1 -benigncnt nBenign]
605      if {$nFail==0} {
606        do_test $name.$zName.$iFail [list set {} $res] {0 {}}
607        return
608      } else {
609        if {[lsearch $answers $res]>=0} {
610          set res $str
611        }
612        do_test $name.$zName.$iFail [list set {} $res] $str
613        set cksum2 [db one $cksumsql]
614        if {$cksum1 != $cksum2} return
615      }
616    }
617  }
618}
619