# 2001 September 15 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. # May you find forgiveness for yourself and forgive others. # May you share freely, never taking more than you give. # #*********************************************************************** # This file attempts to check the library in an out-of-memory situation. # When compiled with -DSQLITE_DEBUG=1, the SQLite library accepts a special # command (sqlite_malloc_fail N) which causes the N-th malloc to fail. This # special feature is used to see what happens in the library if a malloc # were to really fail due to an out-of-memory situation. # # $Id: malloc.test,v 1.32 2006/04/10 13:37:47 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl # Only run these tests if memory debugging is turned on. # if {[info command sqlite_malloc_stat]==""} { puts "Skipping malloc tests: not compiled with -DSQLITE_MEMDEBUG..." finish_test return } # Usage: do_malloc_test # # The first argument, , is an integer used to name the # tests executed by this proc. Options are as follows: # # -tclprep TCL script to run to prepare test. # -sqlprep SQL script to run to prepare test. # -tclbody TCL script to run with malloc failure simulation. # -sqlbody TCL script to run with malloc failure simulation. # -cleanup TCL script to run after the test. # # This command runs a series of tests to verify SQLite's ability # to handle an out-of-memory condition gracefully. It is assumed # that if this condition occurs a malloc() call will return a # NULL pointer. Linux, for example, doesn't do that by default. See # the "BUGS" section of malloc(3). # # Each iteration of a loop, the TCL commands in any argument passed # to the -tclbody switch, followed by the SQL commands in any argument # passed to the -sqlbody switch are executed. Each iteration the # Nth call to sqliteMalloc() is made to fail, where N is increased # each time the loop runs starting from 1. When all commands execute # successfully, the loop ends. # proc do_malloc_test {tn args} { array unset ::mallocopts array set ::mallocopts $args set ::go 1 for {set ::n 1} {$::go && $::n < 50000} {incr ::n} { do_test malloc-$tn.$::n { # Remove all traces of database files test.db and test2.db from the files # system. Then open (empty database) "test.db" with the handle [db]. # sqlite_malloc_fail 0 catch {db close} catch {file delete -force test.db} catch {file delete -force test.db-journal} catch {file delete -force test2.db} catch {file delete -force test2.db-journal} catch {sqlite3 db test.db} set ::DB [sqlite3_connection_pointer db] # Execute any -tclprep and -sqlprep scripts. # if {[info exists ::mallocopts(-tclprep)]} { eval $::mallocopts(-tclprep) } if {[info exists ::mallocopts(-sqlprep)]} { execsql $::mallocopts(-sqlprep) } # Now set the ${::n}th malloc() to fail and execute the -tclbody and # -sqlbody scripts. # sqlite_malloc_fail $::n set ::mallocbody {} if {[info exists ::mallocopts(-tclbody)]} { append ::mallocbody "$::mallocopts(-tclbody)\n" } if {[info exists ::mallocopts(-sqlbody)]} { append ::mallocbody "db eval {$::mallocopts(-sqlbody)}" } set v [catch $::mallocbody msg] # If the test fails (if $v!=0) and the database connection actually # exists, make sure the failure code is SQLITE_NOMEM. if {$v && [info command db]=="db" && [info exists ::mallocopts(-sqlbody)] && [db errorcode]!=7} { set v 999 } set leftover [lindex [sqlite_malloc_stat] 2] if {$leftover>0} { if {$leftover>1} {puts "\nLeftover: $leftover\nReturn=$v Message=$msg"} set ::go 0 if {$v} { puts "\nError message returned: $msg" } else { set v {1 1} } } else { set v2 [expr {$msg=="" || $msg=="out of memory"}] if {!$v2} {puts "\nError message returned: $msg"} lappend v $v2 } } {1 1} if {[info exists ::mallocopts(-cleanup)]} { catch [list uplevel #0 $::mallocopts(-cleanup)] msg } } unset ::mallocopts } do_malloc_test 1 -tclprep { db close } -tclbody { if {[catch {sqlite3 db test.db}]} { error "out of memory" } } -sqlbody { CREATE TABLE t1( a int, b float, c double, d text, e varchar(20), primary key(a,b,c) ); CREATE INDEX i1 ON t1(a,b); INSERT INTO t1 VALUES(1,2.3,4.5,'hi','there'); INSERT INTO t1 VALUES(6,7.0,0.8,'hello','out yonder'); SELECT * FROM t1; SELECT avg(b) FROM t1 GROUP BY a HAVING b>20.0; DELETE FROM t1 WHERE a IN (SELECT min(a) FROM t1); SELECT count(*) FROM t1; } # Ensure that no file descriptors were leaked. do_test malloc-1.X { catch {db close} set sqlite_open_file_count } {0} do_malloc_test 2 -sqlbody { CREATE TABLE t1(a int, b int default 'abc', c int default 1); CREATE INDEX i1 ON t1(a,b); INSERT INTO t1 VALUES(1,1,'99 abcdefghijklmnopqrstuvwxyz'); INSERT INTO t1 VALUES(2,4,'98 abcdefghijklmnopqrstuvwxyz'); INSERT INTO t1 VALUES(3,9,'97 abcdefghijklmnopqrstuvwxyz'); INSERT INTO t1 VALUES(4,16,'96 abcdefghijklmnopqrstuvwxyz'); INSERT INTO t1 VALUES(5,25,'95 abcdefghijklmnopqrstuvwxyz'); INSERT INTO t1 VALUES(6,36,'94 abcdefghijklmnopqrstuvwxyz'); SELECT 'stuff', count(*) as 'other stuff', max(a+10) FROM t1; UPDATE t1 SET b=b||b||b||b; UPDATE t1 SET b=a WHERE a in (10,12,22); INSERT INTO t1(c,b,a) VALUES(20,10,5); INSERT INTO t1 SELECT * FROM t1 WHERE a IN (SELECT a FROM t1 WHERE a<10); DELETE FROM t1 WHERE a>=10; DROP INDEX i1; DELETE FROM t1; } # Ensure that no file descriptors were leaked. do_test malloc-2.X { catch {db close} set sqlite_open_file_count } {0} do_malloc_test 3 -sqlbody { BEGIN TRANSACTION; CREATE TABLE t1(a int, b int, c int); CREATE INDEX i1 ON t1(a,b); INSERT INTO t1 VALUES(1,1,99); INSERT INTO t1 VALUES(2,4,98); INSERT INTO t1 VALUES(3,9,97); INSERT INTO t1 VALUES(4,16,96); INSERT INTO t1 VALUES(5,25,95); INSERT INTO t1 VALUES(6,36,94); INSERT INTO t1(c,b,a) VALUES(20,10,5); DELETE FROM t1 WHERE a>=10; DROP INDEX i1; DELETE FROM t1; ROLLBACK; } # Ensure that no file descriptors were leaked. do_test malloc-3.X { catch {db close} set sqlite_open_file_count } {0} do_malloc_test 4 -sqlbody { BEGIN TRANSACTION; CREATE TABLE t1(a int, b int, c int); CREATE INDEX i1 ON t1(a,b); INSERT INTO t1 VALUES(1,1,99); INSERT INTO t1 VALUES(2,4,98); INSERT INTO t1 VALUES(3,9,97); INSERT INTO t1 VALUES(4,16,96); INSERT INTO t1 VALUES(5,25,95); INSERT INTO t1 VALUES(6,36,94); UPDATE t1 SET b=a WHERE a in (10,12,22); INSERT INTO t1 SELECT * FROM t1 WHERE a IN (SELECT a FROM t1 WHERE a<10); DROP INDEX i1; DELETE FROM t1; COMMIT; } # Ensure that no file descriptors were leaked. do_test malloc-4.X { catch {db close} set sqlite_open_file_count } {0} do_malloc_test 5 -sqlbody { BEGIN TRANSACTION; CREATE TABLE t1(a,b); CREATE TABLE t2(x,y); CREATE TRIGGER r1 AFTER INSERT ON t1 BEGIN INSERT INTO t2(x,y) VALUES(new.rowid,1); END; INSERT INTO t1(a,b) VALUES(2,3); COMMIT; } # Ensure that no file descriptors were leaked. do_test malloc-5.X { catch {db close} set sqlite_open_file_count } {0} do_malloc_test 6 -sqlprep { BEGIN TRANSACTION; CREATE TABLE t1(a); INSERT INTO t1 VALUES(1); INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; INSERT INTO t1 SELECT a*2 FROM t1; DELETE FROM t1 where rowid%5 = 0; COMMIT; } -sqlbody { VACUUM; } do_malloc_test 7 -sqlprep { CREATE TABLE t1(a, b); INSERT INTO t1 VALUES(1, 2); INSERT INTO t1 VALUES(3, 4); INSERT INTO t1 VALUES(5, 6); INSERT INTO t1 VALUES(7, randstr(1200,1200)); } -sqlbody { SELECT min(a) FROM t1 WHERE a<6 GROUP BY b; SELECT a FROM t1 WHERE a<6 ORDER BY a; SELECT b FROM t1 WHERE a>6; } # This block is designed to test that some malloc failures that may # occur in vdbeapi.c. Specifically, if a malloc failure that occurs # when converting UTF-16 text to integers and real numbers is handled # correctly. # # This is done by retrieving a string from the database engine and # manipulating it using the sqlite3_column_*** APIs. This doesn't # actually return an error to the user when a malloc() fails.. That # could be viewed as a bug. # # These tests only run if UTF-16 support is compiled in. # if {$::sqlite_options(utf16)} { do_malloc_test 8 -tclprep { set sql "SELECT '[string repeat abc 20]', '[string repeat def 20]', ?" set ::STMT [sqlite3_prepare $::DB $sql -1 X] sqlite3_step $::STMT if { $::tcl_platform(byteOrder)=="littleEndian" } { set ::bomstr "\xFF\xFE" } else { set ::bomstr "\xFE\xFF" } append ::bomstr [encoding convertto unicode "123456789_123456789_12345678"] } -tclbody { sqlite3_column_text16 $::STMT 0 sqlite3_column_int $::STMT 0 sqlite3_column_text16 $::STMT 1 sqlite3_column_double $::STMT 1 sqlite3_reset $::STMT sqlite3_bind_text16 $::STMT 1 $::bomstr 60 catch {sqlite3_finalize $::STMT} if {[lindex [sqlite_malloc_stat] 2]<=0} { error "out of memory" } } -cleanup { sqlite3_finalize $::STMT } } # This block tests that malloc() failures that occur whilst commiting # a multi-file transaction are handled correctly. # do_malloc_test 9 -sqlprep { ATTACH 'test2.db' as test2; CREATE TABLE abc1(a, b, c); CREATE TABLE test2.abc2(a, b, c); } -sqlbody { BEGIN; INSERT INTO abc1 VALUES(1, 2, 3); INSERT INTO abc2 VALUES(1, 2, 3); COMMIT; } # This block tests malloc() failures that occur while opening a # connection to a database. do_malloc_test 10 -sqlprep { CREATE TABLE abc(a, b, c); } -tclbody { sqlite3 db2 test.db db2 eval {SELECT * FROM sqlite_master} db2 close } # This block tests malloc() failures that occur within calls to # sqlite3_create_function(). do_malloc_test 11 -tclbody { set rc [sqlite3_create_function $::DB] if {[string match $rc SQLITE_NOMEM]} { error "out of memory" } } do_malloc_test 12 -tclbody { set sql16 [encoding convertto unicode "SELECT * FROM sqlite_master"] append sql16 "\00\00" set ::STMT [sqlite3_prepare16 $::DB $sql16 -1 DUMMY] sqlite3_finalize $::STMT } # Test malloc errors when replaying two hot journals from a 2-file # transaction. ifcapable crashtest { do_malloc_test 13 -tclprep { set rc [crashsql 1 test2.db { ATTACH 'test2.db' as aux; PRAGMA cache_size = 10; BEGIN; CREATE TABLE aux.t2(a, b, c); CREATE TABLE t1(a, b, c); COMMIT; }] if {$rc!="1 {child process exited abnormally}"} { error "Wrong error message: $rc" } } -tclbody { db eval {ATTACH 'test2.db' as aux;} set rc [catch {db eval { SELECT * FROM t1; SELECT * FROM t2; }} err] if {$rc && $err!="no such table: t1"} { error $err } } } if {$tcl_platform(platform)!="windows"} { do_malloc_test 14 -tclprep { catch {db close} sqlite3 db2 test2.db db2 eval { PRAGMA synchronous = 0; CREATE TABLE t1(a, b); INSERT INTO t1 VALUES(1, 2); BEGIN; INSERT INTO t1 VALUES(3, 4); } copy_file test2.db test.db copy_file test2.db-journal test.db-journal db2 close } -tclbody { sqlite3 db test.db db eval { SELECT * FROM t1; } } } proc string_compare {a b} { return [string compare $a $b] } # Test for malloc() failures in sqlite3_create_collation() and # sqlite3_create_collation16(). # do_malloc_test 15 -tclbody { db collate string_compare string_compare if {[catch {add_test_collate $::DB 1 1 1} msg]} { if {$msg=="SQLITE_NOMEM"} {set msg "out of memory"} error $msg } db complete {SELECT "hello """||'world"' [microsoft], * FROM anicetable;} db complete {-- Useful comment} execsql { CREATE TABLE t1(a, b COLLATE string_compare); INSERT INTO t1 VALUES(10, 'string'); INSERT INTO t1 VALUES(10, 'string2'); } } # Also test sqlite3_complete(). There are (currently) no malloc() # calls in this function, but test anyway against future changes. # do_malloc_test 16 -tclbody { db complete {SELECT "hello """||'world"' [microsoft], * FROM anicetable;} db complete {-- Useful comment} db eval { SELECT * FROM sqlite_master; } } # Test handling of malloc() failures in sqlite3_open16(). # do_malloc_test 17 -tclbody { set DB2 0 set STMT 0 # open database using sqlite3_open16() set DB2 [sqlite3_open16 test.db -unused] if {0==$DB2} { error "out of memory" } # Prepare statement set rc [catch {sqlite3_prepare $DB2 {SELECT * FROM sqlite_master} -1 X} msg] if {$rc} { error [string range $msg 4 end] } set STMT $msg # Finalize statement set rc [sqlite3_finalize $STMT] if {$rc!="SQLITE_OK"} { error [sqlite3_errmsg $DB2] } set STMT 0 # Close database set rc [sqlite3_close $DB2] if {$rc!="SQLITE_OK"} { error [sqlite3_errmsg $DB2] } set DB2 0 } -cleanup { if {$STMT!="0"} { sqlite3_finalize $STMT } if {$DB2!="0"} { set rc [sqlite3_close $DB2] } } # Test handling of malloc() failures in sqlite3_errmsg16(). # do_malloc_test 18 -tclbody { catch { db eval "SELECT [string repeat longcolumnname 10] FROM sqlite_master" } msg if {$msg=="out of memory"} {error $msg} set utf16 [sqlite3_errmsg16 [sqlite3_connection_pointer db]] binary scan $utf16 c* bytes if {[llength $bytes]==0} { error "out of memory" } } # This test is aimed at coverage testing. Specificly, it is supposed to # cause a malloc() only used when converting between the two utf-16 # encodings to fail (i.e. little-endian->big-endian). It only actually # hits this malloc() on little-endian hosts. # set static_string "\x00h\x00e\x00l\x00l\x00o" for {set l 0} {$l<10} {incr l} { append static_string $static_string } append static_string "\x00\x00" do_malloc_test 19 -tclprep { execsql { PRAGMA encoding = "UTF16be"; CREATE TABLE abc(a, b, c); } } -tclbody { unset -nocomplain ::STMT set r [catch { set ::STMT [sqlite3_prepare $::DB {SELECT ?} -1 DUMMY] sqlite3_bind_text16 -static $::STMT 1 $static_string 112 } msg] if {$r} {error [string range $msg 4 end]} set msg } -cleanup { if {[info exists ::STMT]} { sqlite3_finalize $::STMT } } unset static_string # Make sure SQLITE_NOMEM is reported out on an ATTACH failure even # when the malloc failure occurs within the nested parse. # do_malloc_test 20 -tclprep { db close file delete -force test2.db test2.db-journal sqlite3 db test2.db db eval {CREATE TABLE t1(x);} db close } -tclbody { if {[catch {sqlite3 db test.db}]} { error "out of memory" } } -sqlbody { ATTACH DATABASE 'test2.db' AS t2; SELECT * FROM t1; DETACH DATABASE t2; } # Ensure that no file descriptors were leaked. do_test malloc-99.X { catch {db close} set sqlite_open_file_count } {0} sqlite_malloc_fail 0 finish_test