Begin adding the failsafe() macro. (CVS 5383)

FossilOrigin-Name: 8aae4fe7e702b7636fba1fd609a0ca22fdcc3371

manifest

@@ -1,5 +1,5 @@
-C Coverage\stesting\sfor\sbalance_quick()\sand\sbalance_deeper().\s(CVS\s5382)
-D 2008-07-09T11:49:47
+C Begin\sadding\sthe\sfailsafe()\smacro.\s(CVS\s5383)
+D 2008-07-09T13:28:54
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in a03f7cb4f7ad50bc53a788c6c544430e81f95de4
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -114,7 +114,7 @@ F src/insert.c e8efc17d037346e4a4a6949e72aab850befe3d5d
 F src/journal.c cffd2cd214e58c0e99c3ff632b3bee6c7cbb260e
 F src/legacy.c 3626c71fb70912abec9a4312beba753a9ce800df
 F src/loadext.c ae0eed9fa96d74172d2a90ee63b5bc36d284295c
-F src/main.c 47b781b6752eef3ee36ed8269b6f0d48625e82a8
+F src/main.c 62ed446133985350b94d16f986862bcdf108bbf2
 F src/malloc.c 226a532e9e371d1bb3de2553bdd1f9b600ef099c
 F src/md5.c 008216bbb5d34c6fbab5357aa68575ad8a31516a
 F src/mem1.c 8340fa5f969e9f9b9bdeb54106457a2003456d2b
@@ -142,11 +142,11 @@ F src/printf.c 0e4bd1413226e8aaeadec251ffcee93448400417
 F src/random.c 5c754319d38abdd6acd74601ee0105504adc508a
 F src/select.c e6edf11f024a5207e34683a25f33a700a2f1b43b
 F src/shell.c 484e7297e066f22830f9c15d7abbcdd2acb097b0
-F src/sqlite.h.in 22c32cedf7e435d5b3bb8564ce0a640c40dbbfb1
+F src/sqlite.h.in 8a00ed8707a16ee724e9e500b07e9af3a6fcc9be
 F src/sqlite3ext.h 1e3887c9bd3ae66cb599e922824b04cd0d0f2c3e
-F src/sqliteInt.h 5f820a35b12bedad6f20395f4947b97f645ed243
+F src/sqliteInt.h ebf2eab46462b926fdb60277741b4b8659091bee
 F src/sqliteLimit.h f435e728c6b620ef7312814d660a81f9356eb5c8
-F src/status.c 6cb10377992505bd69f1ca1d75c1240a65f25a58
+F src/status.c b8d7b1f6b518e71986dfa65058de7a714efd61be
 F src/table.c 22744786199c9195720c15a7a42cb97b2e2728d8
 F src/tclsqlite.c 4dd9ee4cb44846ad9bcc4d0da8088c1e7d4b33d9
 F src/test1.c 30bdb22f911efd492c4f49565eae014330231ece
@@ -166,7 +166,7 @@ F src/test_devsym.c 6012cb8e3acf812513511025a4fa5d626e0ba19b
 F src/test_func.c ade4f0117cc96c5a05682e1ef38b84320a866ad9
 F src/test_hexio.c 2f1122aa3f012fa0142ee3c36ce5c902a70cd12f
 F src/test_loadext.c df8ab3a6481ddebbdf0d28ebac5d9e0790f7860f
-F src/test_malloc.c 62296810d3ee914fc3e05f2a8a69d8f8f42c32e1
+F src/test_malloc.c e762a634a858417eee7225203fc2a5c564b9db20
 F src/test_md5.c 28209a4e2068711b5443c33104fe41f21d160071
 F src/test_mutex.c 64c88ef9fed47c896fe470af03bffcd0f6f058f2
 F src/test_onefile.c 243157b10275251c5dc2d6619aee2ff9ae22379c
@@ -179,7 +179,7 @@ F src/tokenize.c b5fdc79fb7e00077b9c02af7a0da3b89c9f3398e
 F src/trigger.c bdb56bb9db1a7b18f8505484051221ab5123f21d
 F src/update.c 945242ccc4fa09799333632baf6b47c657f43cbc
 F src/utf.c 8d52f620a7153d90b058502124fe51d821fcdf57
-F src/util.c e202291456d34f8e2cf1c0a6f7e2538a77587445
+F src/util.c fbfb7fe4344e93245d8fc2ef975c6d2340f81388
 F src/vacuum.c ef342828002debc97514617af3424aea8ef8522c
 F src/vdbe.c 4b3c7d0c7f68ec241bebe075c26a46a1618a32cb
 F src/vdbe.h c46155c221418bea29ee3a749d5950fcf85a70e2
@@ -190,7 +190,7 @@ F src/vdbeblob.c 9345f6dcd675fdcfdb537d2d2f487542d9ea136a
 F src/vdbefifo.c c46dae1194e4277bf007144d7e5b0c0b1c24f136
 F src/vdbemem.c 3a27b04a25e933a46e9609356426f802fd1ef945
 F src/vtab.c 2096c03ec5540a43c8c73a8f43407dfd3549a982
-F src/where.c e8a241aab7dc7b43be697de30f2469046d1eca69
+F src/where.c 3324f8273a9c40d4b04b65cdef0a8c4954c1cce6
 F tclinstaller.tcl 4356d9d94d2b5ed5e68f9f0c80c4df3048dd7617
 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2
 F test/all.test ed6849e7a425620d5d4388409f3b15901b5bc2e7
@@ -600,7 +600,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 1dbced29de5f59ba2ebf877edcadf171540374d1
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P c6cf08477cc4d622a05ad6706cb9418cf7eea432
-R 229bd421824f3bb6fb90dfe5637660e4
-U danielk1977
-Z 426328c9a228ac588ec10fbe5f06c5ef
+P 491f8f9613d2b886acad2ab8f631a4ec61ad698d
+R 9b50c0a5ab517d89c7b6337d6fb1deb0
+U drh
+Z c0317483209a7eadce22571dfcdb9040

manifest.uuid

@@ -1 +1 @@
-491f8f9613d2b886acad2ab8f631a4ec61ad698d
+8aae4fe7e702b7636fba1fd609a0ca22fdcc3371

src/main.c

@@ -14,7 +14,7 @@
 ** other files are for internal use by SQLite and should not be
 ** accessed by users of the library.
 **
-** $Id: main.c,v 1.472 2008/07/08 19:34:07 drh Exp $
+** $Id: main.c,v 1.473 2008/07/09 13:28:54 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -579,7 +579,8 @@ static int sqliteDefaultBusyCallback(
 */
 int sqlite3InvokeBusyHandler(BusyHandler *p){
   int rc;
-  if( p==0 || p->xFunc==0 || p->nBusy<0 ) return 0;
+  failsafe( p==0, 0x912aaf8d, {return 0;})
+  if( p->xFunc==0 || p->nBusy<0 ) return 0;
   rc = p->xFunc(p->pArg, p->nBusy);
   if( rc==0 ){
     p->nBusy = -1;

src/sqlite.h.in

@@ -30,7 +30,7 @@
 ** the version number) and changes its name to "sqlite3.h" as
 ** part of the build process.
 **
-** @(#) $Id: sqlite.h.in,v 1.364 2008/07/07 19:52:10 drh Exp $
+** @(#) $Id: sqlite.h.in,v 1.365 2008/07/09 13:28:54 drh Exp $
 */
 #ifndef _SQLITE3_H_
 #define _SQLITE3_H_
@@ -6120,6 +6120,7 @@ int sqlite3_status(int op, int *pCurrent, int *pHighwater, int resetFlag);
 #define SQLITE_STATUS_SCRATCH_USED         3
 #define SQLITE_STATUS_SCRATCH_OVERFLOW     4
 #define SQLITE_STATUS_MALLOC_SIZE          5
+#define SQLITE_STATUS_FAILSAFE             6
 
 
 /*

src/sqliteInt.h

@@ -11,7 +11,7 @@
 *************************************************************************
 ** Internal interface definitions for SQLite.
 **
-** @(#) $Id: sqliteInt.h,v 1.738 2008/07/08 23:40:20 drh Exp $
+** @(#) $Id: sqliteInt.h,v 1.739 2008/07/09 13:28:54 drh Exp $
 */
 #ifndef _SQLITEINT_H_
 #define _SQLITEINT_H_
@@ -62,6 +62,26 @@
 # define testcase(X)
 #endif
 
+/*
+** The failsafe() macro is used to test for error conditions that
+** should never occur.  This is similar to assert() except that with
+** failsafe() the application attempts to recover gracefully rather
+** than abort.  If a error condition is detected, a global flag is
+** set to the "Id" prior to recovery in order to alert the application 
+** to the error condition.
+**
+** The Id should be a random integer.  The idea behind the Id is that
+** failsafe() faults in the field can be mapped back to specific failsafe()
+** macros, even if line numbers and filenames have changed.
+**
+** The test condition is argument Cond.  The recovery action is
+** argument Action.
+*/
+#ifdef SQLITE_COVERAGE_TEST
+# define failsafe(Cond,Id,Action)
+#else
+# define failsafe(Cond,Id,Action)  if( Cond ){ sqlite3Failsafe(Id); Action; }
+#endif
 
 /*
 ** The macro unlikely() is a hint that surrounds a boolean
@@ -1756,6 +1776,7 @@ struct Sqlite3Config {
   int bCoreMutex;                   /* True to enable core mutexing */
   int bFullMutex;                   /* True to enable full mutexing */
   int mxStrlen;                     /* Maximum string length */
+  int iFailsafe;                    /* Id of failed failsafe() */
   sqlite3_mem_methods m;            /* Low-level memory allocation interface */
   sqlite3_mutex_methods mutex;      /* Low-level mutex interface */
   void *pHeap;                      /* Heap storage space */
@@ -1791,10 +1812,8 @@ struct Sqlite3Config {
 #ifdef SQLITE_DEBUG
   int sqlite3Corrupt(void);
 # define SQLITE_CORRUPT_BKPT sqlite3Corrupt()
-# define DEBUGONLY(X)        X
 #else
 # define SQLITE_CORRUPT_BKPT SQLITE_CORRUPT
-# define DEBUGONLY(X)
 #endif
 
 /*
@@ -2001,6 +2020,7 @@ void sqlite3RegisterDateTimeFunctions(sqlite3*);
 #endif
 int sqlite3SafetyCheckOk(sqlite3*);
 int sqlite3SafetyCheckSickOrOk(sqlite3*);
+void sqlite3Failsafe(int);
 void sqlite3ChangeCookie(Parse*, int);
 void sqlite3MaterializeView(Parse*, Select*, Expr*, int);
 

src/status.c

@@ -13,7 +13,7 @@
 ** This module implements the sqlite3_status() interface and related
 ** functionality.
 **
-** $Id: status.c,v 1.1 2008/06/19 13:20:02 drh Exp $
+** $Id: status.c,v 1.2 2008/07/09 13:28:54 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -73,6 +73,11 @@ void sqlite3StatusSet(int op, int X){
 ** then this routine is not threadsafe.
 */
 int sqlite3_status(int op, int *pCurrent, int *pHighwater, int resetFlag){
+  if( op==SQLITE_STATUS_FAILSAFE ){
+    *pCurrent = *pHighwater = sqlite3Config.iFailsafe;
+    if( resetFlag ) sqlite3Config.iFailsafe = 0;
+    return SQLITE_OK;
+  }
   if( op<0 || op>=ArraySize(sqlite3Stat.nowValue) ){
     return SQLITE_MISUSE;
   }

src/test_malloc.c

@@ -13,7 +13,7 @@
 ** This file contains code used to implement test interfaces to the
 ** memory allocation subsystem.
 **
-** $Id: test_malloc.c,v 1.33 2008/06/27 14:05:25 danielk1977 Exp $
+** $Id: test_malloc.c,v 1.34 2008/07/09 13:28:54 drh Exp $
 */
 #include "sqliteInt.h"
 #include "tcl.h"
@@ -1043,6 +1043,7 @@ static int test_status(
     { "SQLITE_STATUS_SCRATCH_USED",        SQLITE_STATUS_SCRATCH_USED        },
     { "SQLITE_STATUS_SCRATCH_OVERFLOW",    SQLITE_STATUS_SCRATCH_OVERFLOW    },
     { "SQLITE_STATUS_MALLOC_SIZE",         SQLITE_STATUS_MALLOC_SIZE         },
+    { "SQLITE_STATUS_FAILSAFE",            SQLITE_STATUS_FAILSAFE            },
   };
   Tcl_Obj *pResult;
   if( objc!=3 ){

src/util.c

@@ -14,7 +14,7 @@
 ** This file contains functions for allocating memory, comparing
 ** strings, and stuff like that.
 **
-** $Id: util.c,v 1.234 2008/07/08 14:52:10 drh Exp $
+** $Id: util.c,v 1.235 2008/07/09 13:28:54 drh Exp $
 */
 #include "sqliteInt.h"
 #include <stdarg.h>
@@ -936,3 +936,17 @@ int sqlite3SafetyCheckSickOrOk(sqlite3 *db){
       magic!=SQLITE_MAGIC_BUSY ) return 0;
   return 1;
 }
+
+/*
+** Report a failsafe() macro failure
+*/
+void sqlite3Failsafe(int iCode){
+  sqlite3Config.iFailsafe = iCode;
+
+  /* The following assert is always false.  When assert() is enabled,
+  ** the following causes a failsafe() failure to work like an assert()
+  ** failure.  Normal operating mode for SQLite is for assert() to be
+  ** disabled, however, so the following is normally a no-op.
+  */
+  assert( iCode==0 );   /* Always fails if assert() is enabled */
+}

src/where.c

@@ -16,7 +16,7 @@
 ** so is applicable.  Because this module is responsible for selecting
 ** indices, you might also think of this module as the "query optimizer".
 **
-** $Id: where.c,v 1.314 2008/07/08 22:28:49 shane Exp $
+** $Id: where.c,v 1.315 2008/07/09 13:28:54 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -450,13 +450,14 @@ static WhereTerm *findTerm(
 ){
   WhereTerm *pTerm;
   int k;
+  assert( iCur>=0 );
   for(pTerm=pWC->a, k=pWC->nTerm; k; k--, pTerm++){
     if( pTerm->leftCursor==iCur
        && (pTerm->prereqRight & notReady)==0
        && pTerm->leftColumn==iColumn
        && (pTerm->eOperator & op)!=0
     ){
-      if( iCur>=0 && pIdx && pTerm->eOperator!=WO_ISNULL ){
+      if( pIdx && pTerm->eOperator!=WO_ISNULL ){
         Expr *pX = pTerm->pExpr;
         CollSeq *pColl;
         char idxaff;
@@ -476,8 +477,9 @@ static WhereTerm *findTerm(
           pColl = pParse->db->pDfltColl;
         }
 
-        for(j=0; j<pIdx->nColumn && pIdx->aiColumn[j]!=iColumn; j++){}
-        assert( j<pIdx->nColumn );
+        for(j=0; pIdx->aiColumn[j]!=iColumn; j++){
+          failsafe( j>=pIdx->nColumn, 0x0128fc98, {return 0;});
+        }
         if( sqlite3StrICmp(pColl->zName, pIdx->azColl[j]) ) continue;
       }
       return pTerm;
@@ -866,7 +868,7 @@ static void exprAnalyze(
       ExprList *pList = 0;
       Expr *pNew, *pDup;
       Expr *pLeft = 0;
-      for(i=sOr.nTerm-1, pOrTerm=sOr.a; i>=0 && ok; i--, pOrTerm++){
+      for(i=sOr.nTerm-1, pOrTerm=sOr.a; i>=0; i--, pOrTerm++){
         if( (pOrTerm->flags & TERM_OR_OK)==0 ) continue;
         pDup = sqlite3ExprDup(db, pOrTerm->pExpr->pRight);
         pList = sqlite3ExprListAppend(pWC->pParse, pList, pDup, 0);
@@ -1606,7 +1608,8 @@ static double bestIndex(
         flags |= WHERE_COLUMN_IN;
         if( pExpr->pSelect!=0 ){
           inMultiplier *= 25;
-        }else if( pExpr->pList!=0 ){
+        }else{
+          failsafe( pExpr->pList==0, 0x16b91d0f, continue);
           inMultiplier *= pExpr->pList->nExpr + 1;
         }
       }
@@ -1722,9 +1725,9 @@ static double bestIndex(
 */
 static void disableTerm(WhereLevel *pLevel, WhereTerm *pTerm){
   if( pTerm
-      && (pTerm->flags & TERM_CODED)==0
       && (pLevel->iLeftJoin==0 || ExprHasProperty(pTerm->pExpr, EP_FromJoin))
   ){
+    failsafe( (pTerm->flags & TERM_CODED)!=0, 0x641154a4, /* no-op */ );
     pTerm->flags |= TERM_CODED;
     if( pTerm->iParent>=0 ){
       WhereTerm *pOther = &pTerm->pWC->a[pTerm->iParent];
@@ -1870,7 +1873,7 @@ static int codeAllEqualityTerms(
     int r1;
     int k = pIdx->aiColumn[j];
     pTerm = findTerm(pWC, iCur, k, notReady, pLevel->flags, pIdx);
-    if( pTerm==0 ) break;
+    failsafe( pTerm==0, 0x7592494c, break );
     assert( (pTerm->flags & TERM_CODED)==0 );
     r1 = codeEqualityTerm(pParse, pTerm, pLevel, regBase+j);
     if( r1!=regBase+j ){