sl@0: # 2001 September 15 sl@0: # sl@0: # The author disclaims copyright to this source code. In place of sl@0: # a legal notice, here is a blessing: sl@0: # sl@0: # May you do good and not evil. sl@0: # May you find forgiveness for yourself and forgive others. sl@0: # May you share freely, never taking more than you give. sl@0: # sl@0: #*********************************************************************** sl@0: # This file implements regression tests for SQLite library. sl@0: # sl@0: # The focus of this file is testing the ability of the database to sl@0: # uses its rollback journal to recover intact (no database corruption) sl@0: # from a power failure during the middle of a COMMIT. The OS interface sl@0: # modules are overloaded using the modified I/O routines found in test6.c. sl@0: # These routines allow us to simulate the kind of file damage that sl@0: # occurs after a power failure. sl@0: # sl@0: # $Id: crash.test,v 1.27 2008/01/08 15:18:52 drh Exp $ sl@0: sl@0: set testdir [file dirname $argv0] sl@0: source $testdir/tester.tcl sl@0: sl@0: ifcapable !crashtest { sl@0: finish_test sl@0: return sl@0: } sl@0: sl@0: set repeats 100 sl@0: #set repeats 10 sl@0: sl@0: # The following procedure computes a "signature" for table "abc". If sl@0: # abc changes in any way, the signature should change. sl@0: proc signature {} { sl@0: return [db eval {SELECT count(*), md5sum(a), md5sum(b), md5sum(c) FROM abc}] sl@0: } sl@0: proc signature2 {} { sl@0: return [db eval {SELECT count(*), md5sum(a), md5sum(b), md5sum(c) FROM abc2}] sl@0: } sl@0: sl@0: #-------------------------------------------------------------------------- sl@0: # Simple crash test: sl@0: # sl@0: # crash-1.1: Create a database with a table with two rows. sl@0: # crash-1.2: Run a 'DELETE FROM abc WHERE a = 1' that crashes during sl@0: # the first journal-sync. sl@0: # crash-1.3: Ensure the database is in the same state as after crash-1.1. sl@0: # crash-1.4: Run a 'DELETE FROM abc WHERE a = 1' that crashes during sl@0: # the first database-sync. sl@0: # crash-1.5: Ensure the database is in the same state as after crash-1.1. sl@0: # crash-1.6: Run a 'DELETE FROM abc WHERE a = 1' that crashes during sl@0: # the second journal-sync. sl@0: # crash-1.7: Ensure the database is in the same state as after crash-1.1. sl@0: # sl@0: # Tests 1.8 through 1.11 test for crashes on the third journal sync and sl@0: # second database sync. Neither of these is required in such a small test sl@0: # case, so these tests are just to verify that the test infrastructure sl@0: # operates as expected. sl@0: # sl@0: do_test crash-1.1 { sl@0: execsql { sl@0: CREATE TABLE abc(a, b, c); sl@0: INSERT INTO abc VALUES(1, 2, 3); sl@0: INSERT INTO abc VALUES(4, 5, 6); sl@0: } sl@0: set ::sig [signature] sl@0: expr 0 sl@0: } {0} sl@0: for {set i 0} {$i<10} {incr i} { sl@0: set seed [expr {int(abs(rand()*10000))}] sl@0: do_test crash-1.2.$i { sl@0: crashsql -delay 1 -file test.db-journal -seed $seed { sl@0: DELETE FROM abc WHERE a = 1; sl@0: } sl@0: } {1 {child process exited abnormally}} sl@0: do_test crash-1.3.$i { sl@0: signature sl@0: } $::sig sl@0: } sl@0: do_test crash-1.4 { sl@0: crashsql -delay 1 -file test.db { sl@0: DELETE FROM abc WHERE a = 1; sl@0: } sl@0: } {1 {child process exited abnormally}} sl@0: do_test crash-1.5 { sl@0: signature sl@0: } $::sig sl@0: do_test crash-1.6 { sl@0: crashsql -delay 2 -file test.db-journal { sl@0: DELETE FROM abc WHERE a = 1; sl@0: } sl@0: } {1 {child process exited abnormally}} sl@0: do_test crash-1.7 { sl@0: catchsql { sl@0: SELECT * FROM abc; sl@0: } sl@0: } {0 {1 2 3 4 5 6}} sl@0: sl@0: do_test crash-1.8 { sl@0: crashsql -delay 3 -file test.db-journal { sl@0: DELETE FROM abc WHERE a = 1; sl@0: } sl@0: } {0 {}} sl@0: do_test crash-1.9 { sl@0: catchsql { sl@0: SELECT * FROM abc; sl@0: } sl@0: } {0 {4 5 6}} sl@0: do_test crash-1.10 { sl@0: crashsql -delay 2 -file test.db { sl@0: DELETE FROM abc WHERE a = 4; sl@0: } sl@0: } {0 {}} sl@0: do_test crash-1.11 { sl@0: catchsql { sl@0: SELECT * FROM abc; sl@0: } sl@0: } {0 {}} sl@0: sl@0: #-------------------------------------------------------------------------- sl@0: # The following tests test recovery when both the database file and the the sl@0: # journal file contain corrupt data. This can happen after pages are sl@0: # written to the database file before a transaction is committed due to sl@0: # cache-pressure. sl@0: # sl@0: # crash-2.1: Insert 18 pages of data into the database. sl@0: # crash-2.2: Check the database file size looks ok. sl@0: # crash-2.3: Delete 15 or so pages (with a 10 page page-cache), then crash. sl@0: # crash-2.4: Ensure the database is in the same state as after crash-2.1. sl@0: # sl@0: # Test cases crash-2.5 and crash-2.6 check that the database is OK if the sl@0: # crash occurs during the main database file sync. But this isn't really sl@0: # different from the crash-1.* cases. sl@0: # sl@0: do_test crash-2.1 { sl@0: execsql { BEGIN } sl@0: for {set n 0} {$n < 1000} {incr n} { sl@0: execsql "INSERT INTO abc VALUES($n, [expr 2*$n], [expr 3*$n])" sl@0: } sl@0: execsql { COMMIT } sl@0: set ::sig [signature] sl@0: execsql { SELECT sum(a), sum(b), sum(c) from abc } sl@0: } {499500 999000 1498500} sl@0: do_test crash-2.2 { sl@0: expr ([file size test.db] / 1024)>16 sl@0: } {1} sl@0: do_test crash-2.3 { sl@0: crashsql -delay 2 -file test.db-journal { sl@0: DELETE FROM abc WHERE a < 800; sl@0: } sl@0: } {1 {child process exited abnormally}} sl@0: do_test crash-2.4 { sl@0: signature sl@0: } $sig sl@0: do_test crash-2.5 { sl@0: crashsql -delay 1 -file test.db { sl@0: DELETE FROM abc WHERE a<800; sl@0: } sl@0: } {1 {child process exited abnormally}} sl@0: do_test crash-2.6 { sl@0: signature sl@0: } $sig sl@0: sl@0: #-------------------------------------------------------------------------- sl@0: # The crash-3.* test cases are essentially the same test as test case sl@0: # crash-2.*, but with a more complicated data set. sl@0: # sl@0: # The test is repeated a few times with different seeds for the random sl@0: # number generator in the crashing executable. Because there is no way to sl@0: # seed the random number generator directly, some SQL is added to the test sl@0: # case to 'use up' a different quantity random numbers before the test SQL sl@0: # is executed. sl@0: # sl@0: sl@0: # Make sure the file is much bigger than the pager-cache (10 pages). This sl@0: # ensures that cache-spills happen regularly. sl@0: do_test crash-3.0 { sl@0: execsql { sl@0: INSERT INTO abc SELECT * FROM abc; sl@0: INSERT INTO abc SELECT * FROM abc; sl@0: INSERT INTO abc SELECT * FROM abc; sl@0: INSERT INTO abc SELECT * FROM abc; sl@0: INSERT INTO abc SELECT * FROM abc; sl@0: } sl@0: expr ([file size test.db] / 1024) > 450 sl@0: } {1} sl@0: for {set i 1} {$i < $repeats} {incr i} { sl@0: set sig [signature] sl@0: do_test crash-3.$i.1 { sl@0: set seed [expr {int(abs(rand()*10000))}] sl@0: crashsql -delay [expr $i%5 + 1] -file test.db-journal -seed $seed " sl@0: BEGIN; sl@0: SELECT random() FROM abc LIMIT $i; sl@0: INSERT INTO abc VALUES(randstr(10,10), 0, 0); sl@0: DELETE FROM abc WHERE random()%10!=0; sl@0: COMMIT; sl@0: " sl@0: } {1 {child process exited abnormally}} sl@0: do_test crash-3.$i.2 { sl@0: signature sl@0: } $sig sl@0: } sl@0: sl@0: #-------------------------------------------------------------------------- sl@0: # The following test cases - crash-4.* - test the correct recovery of the sl@0: # database when a crash occurs during a multi-file transaction. sl@0: # sl@0: # crash-4.1.*: Test recovery when crash occurs during sync() of the sl@0: # main database journal file. sl@0: # crash-4.2.*: Test recovery when crash occurs during sync() of an sl@0: # attached database journal file. sl@0: # crash-4.3.*: Test recovery when crash occurs during sync() of the master sl@0: # journal file. sl@0: # sl@0: ifcapable attach { sl@0: do_test crash-4.0 { sl@0: file delete -force test2.db sl@0: file delete -force test2.db-journal sl@0: execsql { sl@0: ATTACH 'test2.db' AS aux; sl@0: PRAGMA aux.default_cache_size = 10; sl@0: CREATE TABLE aux.abc2 AS SELECT 2*a as a, 2*b as b, 2*c as c FROM abc; sl@0: } sl@0: expr ([file size test2.db] / 1024) > 450 sl@0: } {1} sl@0: sl@0: set fin 0 sl@0: for {set i 1} {$i<$repeats} {incr i} { sl@0: set seed [expr {int(abs(rand()*10000))}] sl@0: set sig [signature] sl@0: set sig2 [signature2] sl@0: do_test crash-4.1.$i.1 { sl@0: set c [crashsql -delay $i -file test.db-journal -seed $::seed " sl@0: ATTACH 'test2.db' AS aux; sl@0: BEGIN; sl@0: SELECT randstr($i,$i) FROM abc LIMIT $i; sl@0: INSERT INTO abc VALUES(randstr(10,10), 0, 0); sl@0: DELETE FROM abc WHERE random()%10!=0; sl@0: INSERT INTO abc2 VALUES(randstr(10,10), 0, 0); sl@0: DELETE FROM abc2 WHERE random()%10!=0; sl@0: COMMIT; sl@0: "] sl@0: if { $c == {0 {}} } { sl@0: set ::fin 1 sl@0: set c {1 {child process exited abnormally}} sl@0: } sl@0: set c sl@0: } {1 {child process exited abnormally}} sl@0: if {$::fin} break sl@0: do_test crash-4.1.$i.2 { sl@0: signature sl@0: } $sig sl@0: do_test crash-4.1.$i.3 { sl@0: signature2 sl@0: } $sig2 sl@0: } sl@0: set i 0 sl@0: set fin 0 sl@0: while {[incr i]} { sl@0: set seed [expr {int(abs(rand()*10000))}] sl@0: set sig [signature] sl@0: set sig2 [signature2] sl@0: set ::fin 0 sl@0: do_test crash-4.2.$i.1 { sl@0: set c [crashsql -delay $i -file test2.db-journal -seed $::seed " sl@0: ATTACH 'test2.db' AS aux; sl@0: BEGIN; sl@0: SELECT randstr($i,$i) FROM abc LIMIT $i; sl@0: INSERT INTO abc VALUES(randstr(10,10), 0, 0); sl@0: DELETE FROM abc WHERE random()%10!=0; sl@0: INSERT INTO abc2 VALUES(randstr(10,10), 0, 0); sl@0: DELETE FROM abc2 WHERE random()%10!=0; sl@0: COMMIT; sl@0: "] sl@0: if { $c == {0 {}} } { sl@0: set ::fin 1 sl@0: set c {1 {child process exited abnormally}} sl@0: } sl@0: set c sl@0: } {1 {child process exited abnormally}} sl@0: if { $::fin } break sl@0: do_test crash-4.2.$i.2 { sl@0: signature sl@0: } $sig sl@0: do_test crash-4.2.$i.3 { sl@0: signature2 sl@0: } $sig2 sl@0: } sl@0: for {set i 1} {$i < 5} {incr i} { sl@0: set sig [signature] sl@0: set sig2 [signature2] sl@0: do_test crash-4.3.$i.1 { sl@0: crashsql -delay 1 -file test.db-mj* " sl@0: ATTACH 'test2.db' AS aux; sl@0: BEGIN; sl@0: SELECT random() FROM abc LIMIT $i; sl@0: INSERT INTO abc VALUES(randstr(10,10), 0, 0); sl@0: DELETE FROM abc WHERE random()%10!=0; sl@0: INSERT INTO abc2 VALUES(randstr(10,10), 0, 0); sl@0: DELETE FROM abc2 WHERE random()%10!=0; sl@0: COMMIT; sl@0: " sl@0: } {1 {child process exited abnormally}} sl@0: do_test crash-4.3.$i.2 { sl@0: signature sl@0: } $sig sl@0: do_test crash-4.3.$i.3 { sl@0: signature2 sl@0: } $sig2 sl@0: } sl@0: } sl@0: sl@0: #-------------------------------------------------------------------------- sl@0: # The following test cases - crash-5.* - exposes a bug that existed in the sl@0: # sqlite3pager_movepage() API used by auto-vacuum databases. sl@0: # database when a crash occurs during a multi-file transaction. See comments sl@0: # in test crash-5.3 for details. sl@0: # sl@0: db close sl@0: file delete -force test.db sl@0: sqlite3 db test.db sl@0: do_test crash-5.1 { sl@0: execsql { sl@0: CREATE TABLE abc(a, b, c); -- Root page 3 sl@0: INSERT INTO abc VALUES(randstr(1500,1500), 0, 0); -- Overflow page 4 sl@0: INSERT INTO abc SELECT * FROM abc; sl@0: INSERT INTO abc SELECT * FROM abc; sl@0: INSERT INTO abc SELECT * FROM abc; sl@0: } sl@0: } {} sl@0: do_test crash-5.2 { sl@0: expr [file size test.db] / 1024 sl@0: } [expr [string match [execsql {pragma auto_vacuum}] 1] ? 11 : 10] sl@0: set sig [signature] sl@0: do_test crash-5.3 { sl@0: # The SQL below is used to expose a bug that existed in sl@0: # sqlite3pager_movepage() during development of the auto-vacuum feature. It sl@0: # functions as follows: sl@0: # sl@0: # 1: Begin a transaction. sl@0: # 2: Put page 4 on the free-list (was the overflow page for the row deleted). sl@0: # 3: Write data to page 4 (it becomes the overflow page for the row inserted). sl@0: # The old page 4 data has been written to the journal file, but the sl@0: # journal file has not been sync()hronized. sl@0: # 4: Create a table, which calls sqlite3pager_movepage() to move page 4 sl@0: # to the end of the database (page 12) to make room for the new root-page. sl@0: # 5: Put pressure on the pager-cache. This results in page 4 being written sl@0: # to the database file to make space in the cache to load a new page. The sl@0: # bug was that page 4 was written to the database file before the journal sl@0: # is sync()hronized. sl@0: # 6: Commit. A crash occurs during the sync of the journal file. sl@0: # sl@0: # End result: Before the bug was fixed, data has been written to page 4 of the sl@0: # database file and the journal file does not contain trustworthy rollback sl@0: # data for this page. sl@0: # sl@0: crashsql -delay 1 -file test.db-journal { sl@0: BEGIN; -- 1 sl@0: DELETE FROM abc WHERE oid = 1; -- 2 sl@0: INSERT INTO abc VALUES(randstr(1500,1500), 0, 0); -- 3 sl@0: CREATE TABLE abc2(a, b, c); -- 4 sl@0: SELECT * FROM abc; -- 5 sl@0: COMMIT; -- 6 sl@0: } sl@0: } {1 {child process exited abnormally}} sl@0: integrity_check crash-5.4 sl@0: do_test crash-5.5 { sl@0: signature sl@0: } $sig sl@0: sl@0: #-------------------------------------------------------------------------- sl@0: # The following test cases - crash-6.* - test that a DROP TABLE operation sl@0: # is correctly rolled back in the event of a crash while the database file sl@0: # is being written. This is mainly to test that all pages are written to the sl@0: # journal file before truncation in an auto-vacuum database. sl@0: # sl@0: do_test crash-6.1 { sl@0: crashsql -delay 1 -file test.db { sl@0: DROP TABLE abc; sl@0: } sl@0: } {1 {child process exited abnormally}} sl@0: do_test crash-6.2 { sl@0: signature sl@0: } $sig sl@0: sl@0: #-------------------------------------------------------------------------- sl@0: # These test cases test the case where the master journal file name is sl@0: # corrupted slightly so that the corruption has to be detected by the sl@0: # checksum. sl@0: do_test crash-7.1 { sl@0: crashsql -delay 1 -file test.db { sl@0: ATTACH 'test2.db' AS aux; sl@0: BEGIN; sl@0: INSERT INTO abc VALUES(randstr(1500,1500), 0, 0); sl@0: INSERT INTO abc2 VALUES(randstr(1500,1500), 0, 0); sl@0: COMMIT; sl@0: } sl@0: sl@0: # Change the checksum value for the master journal name. sl@0: set f [open test.db-journal a] sl@0: fconfigure $f -encoding binary sl@0: seek $f [expr [file size test.db-journal] - 12] sl@0: puts -nonewline $f "\00\00\00\00" sl@0: close $f sl@0: } {} sl@0: do_test crash-7.2 { sl@0: signature sl@0: } $sig sl@0: sl@0: finish_test