1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "sql/connection.h" 6 7 #include <string.h> 8 9 #include "base/files/file_path.h" 10 #include "base/files/file_util.h" 11 #include "base/lazy_instance.h" 12 #include "base/logging.h" 13 #include "base/metrics/histogram.h" 14 #include "base/metrics/sparse_histogram.h" 15 #include "base/strings/string_split.h" 16 #include "base/strings/string_util.h" 17 #include "base/strings/stringprintf.h" 18 #include "base/strings/utf_string_conversions.h" 19 #include "base/synchronization/lock.h" 20 #include "sql/statement.h" 21 #include "third_party/sqlite/sqlite3.h" 22 23 #if defined(OS_IOS) && defined(USE_SYSTEM_SQLITE) 24 #include "third_party/sqlite/src/ext/icu/sqliteicu.h" 25 #endif 26 27 namespace { 28 29 // Spin for up to a second waiting for the lock to clear when setting 30 // up the database. 31 // TODO(shess): Better story on this. http://crbug.com/56559 32 const int kBusyTimeoutSeconds = 1; 33 34 class ScopedBusyTimeout { 35 public: 36 explicit ScopedBusyTimeout(sqlite3* db) 37 : db_(db) { 38 } 39 ~ScopedBusyTimeout() { 40 sqlite3_busy_timeout(db_, 0); 41 } 42 43 int SetTimeout(base::TimeDelta timeout) { 44 DCHECK_LT(timeout.InMilliseconds(), INT_MAX); 45 return sqlite3_busy_timeout(db_, 46 static_cast<int>(timeout.InMilliseconds())); 47 } 48 49 private: 50 sqlite3* db_; 51 }; 52 53 // Helper to "safely" enable writable_schema. No error checking 54 // because it is reasonable to just forge ahead in case of an error. 55 // If turning it on fails, then most likely nothing will work, whereas 56 // if turning it off fails, it only matters if some code attempts to 57 // continue working with the database and tries to modify the 58 // sqlite_master table (none of our code does this). 59 class ScopedWritableSchema { 60 public: 61 explicit ScopedWritableSchema(sqlite3* db) 62 : db_(db) { 63 sqlite3_exec(db_, "PRAGMA writable_schema=1", NULL, NULL, NULL); 64 } 65 ~ScopedWritableSchema() { 66 sqlite3_exec(db_, "PRAGMA writable_schema=0", NULL, NULL, NULL); 67 } 68 69 private: 70 sqlite3* db_; 71 }; 72 73 // Helper to wrap the sqlite3_backup_*() step of Raze(). Return 74 // SQLite error code from running the backup step. 75 int BackupDatabase(sqlite3* src, sqlite3* dst, const char* db_name) { 76 DCHECK_NE(src, dst); 77 sqlite3_backup* backup = sqlite3_backup_init(dst, db_name, src, db_name); 78 if (!backup) { 79 // Since this call only sets things up, this indicates a gross 80 // error in SQLite. 81 DLOG(FATAL) << "Unable to start sqlite3_backup(): " << sqlite3_errmsg(dst); 82 return sqlite3_errcode(dst); 83 } 84 85 // -1 backs up the entire database. 86 int rc = sqlite3_backup_step(backup, -1); 87 int pages = sqlite3_backup_pagecount(backup); 88 sqlite3_backup_finish(backup); 89 90 // If successful, exactly one page should have been backed up. If 91 // this breaks, check this function to make sure assumptions aren't 92 // being broken. 93 if (rc == SQLITE_DONE) 94 DCHECK_EQ(pages, 1); 95 96 return rc; 97 } 98 99 // Be very strict on attachment point. SQLite can handle a much wider 100 // character set with appropriate quoting, but Chromium code should 101 // just use clean names to start with. 102 bool ValidAttachmentPoint(const char* attachment_point) { 103 for (size_t i = 0; attachment_point[i]; ++i) { 104 if (!((attachment_point[i] >= '0' && attachment_point[i] <= '9') || 105 (attachment_point[i] >= 'a' && attachment_point[i] <= 'z') || 106 (attachment_point[i] >= 'A' && attachment_point[i] <= 'Z') || 107 attachment_point[i] == '_')) { 108 return false; 109 } 110 } 111 return true; 112 } 113 114 // SQLite automatically calls sqlite3_initialize() lazily, but 115 // sqlite3_initialize() uses double-checked locking and thus can have 116 // data races. 117 // 118 // TODO(shess): Another alternative would be to have 119 // sqlite3_initialize() called as part of process bring-up. If this 120 // is changed, remove the dynamic_annotations dependency in sql.gyp. 121 base::LazyInstance<base::Lock>::Leaky 122 g_sqlite_init_lock = LAZY_INSTANCE_INITIALIZER; 123 void InitializeSqlite() { 124 base::AutoLock lock(g_sqlite_init_lock.Get()); 125 sqlite3_initialize(); 126 } 127 128 // Helper to get the sqlite3_file* associated with the "main" database. 129 int GetSqlite3File(sqlite3* db, sqlite3_file** file) { 130 *file = NULL; 131 int rc = sqlite3_file_control(db, NULL, SQLITE_FCNTL_FILE_POINTER, file); 132 if (rc != SQLITE_OK) 133 return rc; 134 135 // TODO(shess): NULL in file->pMethods has been observed on android_dbg 136 // content_unittests, even though it should not be possible. 137 // http://crbug.com/329982 138 if (!*file || !(*file)->pMethods) 139 return SQLITE_ERROR; 140 141 return rc; 142 } 143 144 } // namespace 145 146 namespace sql { 147 148 // static 149 Connection::ErrorIgnorerCallback* Connection::current_ignorer_cb_ = NULL; 150 151 // static 152 bool Connection::ShouldIgnoreSqliteError(int error) { 153 if (!current_ignorer_cb_) 154 return false; 155 return current_ignorer_cb_->Run(error); 156 } 157 158 // static 159 void Connection::SetErrorIgnorer(Connection::ErrorIgnorerCallback* cb) { 160 CHECK(current_ignorer_cb_ == NULL); 161 current_ignorer_cb_ = cb; 162 } 163 164 // static 165 void Connection::ResetErrorIgnorer() { 166 CHECK(current_ignorer_cb_); 167 current_ignorer_cb_ = NULL; 168 } 169 170 bool StatementID::operator<(const StatementID& other) const { 171 if (number_ != other.number_) 172 return number_ < other.number_; 173 return strcmp(str_, other.str_) < 0; 174 } 175 176 Connection::StatementRef::StatementRef(Connection* connection, 177 sqlite3_stmt* stmt, 178 bool was_valid) 179 : connection_(connection), 180 stmt_(stmt), 181 was_valid_(was_valid) { 182 if (connection) 183 connection_->StatementRefCreated(this); 184 } 185 186 Connection::StatementRef::~StatementRef() { 187 if (connection_) 188 connection_->StatementRefDeleted(this); 189 Close(false); 190 } 191 192 void Connection::StatementRef::Close(bool forced) { 193 if (stmt_) { 194 // Call to AssertIOAllowed() cannot go at the beginning of the function 195 // because Close() is called unconditionally from destructor to clean 196 // connection_. And if this is inactive statement this won't cause any 197 // disk access and destructor most probably will be called on thread 198 // not allowing disk access. 199 // TODO(paivanof (at) gmail.com): This should move to the beginning 200 // of the function. http://crbug.com/136655. 201 AssertIOAllowed(); 202 sqlite3_finalize(stmt_); 203 stmt_ = NULL; 204 } 205 connection_ = NULL; // The connection may be getting deleted. 206 207 // Forced close is expected to happen from a statement error 208 // handler. In that case maintain the sense of |was_valid_| which 209 // previously held for this ref. 210 was_valid_ = was_valid_ && forced; 211 } 212 213 Connection::Connection() 214 : db_(NULL), 215 page_size_(0), 216 cache_size_(0), 217 exclusive_locking_(false), 218 restrict_to_user_(false), 219 transaction_nesting_(0), 220 needs_rollback_(false), 221 in_memory_(false), 222 poisoned_(false) { 223 } 224 225 Connection::~Connection() { 226 Close(); 227 } 228 229 bool Connection::Open(const base::FilePath& path) { 230 if (!histogram_tag_.empty()) { 231 int64 size_64 = 0; 232 if (base::GetFileSize(path, &size_64)) { 233 size_t sample = static_cast<size_t>(size_64 / 1024); 234 std::string full_histogram_name = "Sqlite.SizeKB." + histogram_tag_; 235 base::HistogramBase* histogram = 236 base::Histogram::FactoryGet( 237 full_histogram_name, 1, 1000000, 50, 238 base::HistogramBase::kUmaTargetedHistogramFlag); 239 if (histogram) 240 histogram->Add(sample); 241 } 242 } 243 244 #if defined(OS_WIN) 245 return OpenInternal(base::WideToUTF8(path.value()), RETRY_ON_POISON); 246 #elif defined(OS_POSIX) 247 return OpenInternal(path.value(), RETRY_ON_POISON); 248 #endif 249 } 250 251 bool Connection::OpenInMemory() { 252 in_memory_ = true; 253 return OpenInternal(":memory:", NO_RETRY); 254 } 255 256 bool Connection::OpenTemporary() { 257 return OpenInternal("", NO_RETRY); 258 } 259 260 void Connection::CloseInternal(bool forced) { 261 // TODO(shess): Calling "PRAGMA journal_mode = DELETE" at this point 262 // will delete the -journal file. For ChromiumOS or other more 263 // embedded systems, this is probably not appropriate, whereas on 264 // desktop it might make some sense. 265 266 // sqlite3_close() needs all prepared statements to be finalized. 267 268 // Release cached statements. 269 statement_cache_.clear(); 270 271 // With cached statements released, in-use statements will remain. 272 // Closing the database while statements are in use is an API 273 // violation, except for forced close (which happens from within a 274 // statement's error handler). 275 DCHECK(forced || open_statements_.empty()); 276 277 // Deactivate any outstanding statements so sqlite3_close() works. 278 for (StatementRefSet::iterator i = open_statements_.begin(); 279 i != open_statements_.end(); ++i) 280 (*i)->Close(forced); 281 open_statements_.clear(); 282 283 if (db_) { 284 // Call to AssertIOAllowed() cannot go at the beginning of the function 285 // because Close() must be called from destructor to clean 286 // statement_cache_, it won't cause any disk access and it most probably 287 // will happen on thread not allowing disk access. 288 // TODO(paivanof (at) gmail.com): This should move to the beginning 289 // of the function. http://crbug.com/136655. 290 AssertIOAllowed(); 291 292 int rc = sqlite3_close(db_); 293 if (rc != SQLITE_OK) { 294 UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.CloseFailure", rc); 295 DLOG(FATAL) << "sqlite3_close failed: " << GetErrorMessage(); 296 } 297 } 298 db_ = NULL; 299 } 300 301 void Connection::Close() { 302 // If the database was already closed by RazeAndClose(), then no 303 // need to close again. Clear the |poisoned_| bit so that incorrect 304 // API calls are caught. 305 if (poisoned_) { 306 poisoned_ = false; 307 return; 308 } 309 310 CloseInternal(false); 311 } 312 313 void Connection::Preload() { 314 AssertIOAllowed(); 315 316 if (!db_) { 317 DLOG_IF(FATAL, !poisoned_) << "Cannot preload null db"; 318 return; 319 } 320 321 // Use local settings if provided, otherwise use documented defaults. The 322 // actual results could be fetching via PRAGMA calls. 323 const int page_size = page_size_ ? page_size_ : 1024; 324 sqlite3_int64 preload_size = page_size * (cache_size_ ? cache_size_ : 2000); 325 if (preload_size < 1) 326 return; 327 328 sqlite3_file* file = NULL; 329 int rc = GetSqlite3File(db_, &file); 330 if (rc != SQLITE_OK) 331 return; 332 333 sqlite3_int64 file_size = 0; 334 rc = file->pMethods->xFileSize(file, &file_size); 335 if (rc != SQLITE_OK) 336 return; 337 338 // Don't preload more than the file contains. 339 if (preload_size > file_size) 340 preload_size = file_size; 341 342 scoped_ptr<char[]> buf(new char[page_size]); 343 for (sqlite3_int64 pos = 0; pos < file_size; pos += page_size) { 344 rc = file->pMethods->xRead(file, buf.get(), page_size, pos); 345 if (rc != SQLITE_OK) 346 return; 347 } 348 } 349 350 void Connection::TrimMemory(bool aggressively) { 351 if (!db_) 352 return; 353 354 // TODO(shess): investigate using sqlite3_db_release_memory() when possible. 355 int original_cache_size; 356 { 357 Statement sql_get_original(GetUniqueStatement("PRAGMA cache_size")); 358 if (!sql_get_original.Step()) { 359 DLOG(WARNING) << "Could not get cache size " << GetErrorMessage(); 360 return; 361 } 362 original_cache_size = sql_get_original.ColumnInt(0); 363 } 364 int shrink_cache_size = aggressively ? 1 : (original_cache_size / 2); 365 366 // Force sqlite to try to reduce page cache usage. 367 const std::string sql_shrink = 368 base::StringPrintf("PRAGMA cache_size=%d", shrink_cache_size); 369 if (!Execute(sql_shrink.c_str())) 370 DLOG(WARNING) << "Could not shrink cache size: " << GetErrorMessage(); 371 372 // Restore cache size. 373 const std::string sql_restore = 374 base::StringPrintf("PRAGMA cache_size=%d", original_cache_size); 375 if (!Execute(sql_restore.c_str())) 376 DLOG(WARNING) << "Could not restore cache size: " << GetErrorMessage(); 377 } 378 379 // Create an in-memory database with the existing database's page 380 // size, then backup that database over the existing database. 381 bool Connection::Raze() { 382 AssertIOAllowed(); 383 384 if (!db_) { 385 DLOG_IF(FATAL, !poisoned_) << "Cannot raze null db"; 386 return false; 387 } 388 389 if (transaction_nesting_ > 0) { 390 DLOG(FATAL) << "Cannot raze within a transaction"; 391 return false; 392 } 393 394 sql::Connection null_db; 395 if (!null_db.OpenInMemory()) { 396 DLOG(FATAL) << "Unable to open in-memory database."; 397 return false; 398 } 399 400 if (page_size_) { 401 // Enforce SQLite restrictions on |page_size_|. 402 DCHECK(!(page_size_ & (page_size_ - 1))) 403 << " page_size_ " << page_size_ << " is not a power of two."; 404 const int kSqliteMaxPageSize = 32768; // from sqliteLimit.h 405 DCHECK_LE(page_size_, kSqliteMaxPageSize); 406 const std::string sql = 407 base::StringPrintf("PRAGMA page_size=%d", page_size_); 408 if (!null_db.Execute(sql.c_str())) 409 return false; 410 } 411 412 #if defined(OS_ANDROID) 413 // Android compiles with SQLITE_DEFAULT_AUTOVACUUM. Unfortunately, 414 // in-memory databases do not respect this define. 415 // TODO(shess): Figure out a way to set this without using platform 416 // specific code. AFAICT from sqlite3.c, the only way to do it 417 // would be to create an actual filesystem database, which is 418 // unfortunate. 419 if (!null_db.Execute("PRAGMA auto_vacuum = 1")) 420 return false; 421 #endif 422 423 // The page size doesn't take effect until a database has pages, and 424 // at this point the null database has none. Changing the schema 425 // version will create the first page. This will not affect the 426 // schema version in the resulting database, as SQLite's backup 427 // implementation propagates the schema version from the original 428 // connection to the new version of the database, incremented by one 429 // so that other readers see the schema change and act accordingly. 430 if (!null_db.Execute("PRAGMA schema_version = 1")) 431 return false; 432 433 // SQLite tracks the expected number of database pages in the first 434 // page, and if it does not match the total retrieved from a 435 // filesystem call, treats the database as corrupt. This situation 436 // breaks almost all SQLite calls. "PRAGMA writable_schema" can be 437 // used to hint to SQLite to soldier on in that case, specifically 438 // for purposes of recovery. [See SQLITE_CORRUPT_BKPT case in 439 // sqlite3.c lockBtree().] 440 // TODO(shess): With this, "PRAGMA auto_vacuum" and "PRAGMA 441 // page_size" can be used to query such a database. 442 ScopedWritableSchema writable_schema(db_); 443 444 const char* kMain = "main"; 445 int rc = BackupDatabase(null_db.db_, db_, kMain); 446 UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.RazeDatabase",rc); 447 448 // The destination database was locked. 449 if (rc == SQLITE_BUSY) { 450 return false; 451 } 452 453 // SQLITE_NOTADB can happen if page 1 of db_ exists, but is not 454 // formatted correctly. SQLITE_IOERR_SHORT_READ can happen if db_ 455 // isn't even big enough for one page. Either way, reach in and 456 // truncate it before trying again. 457 // TODO(shess): Maybe it would be worthwhile to just truncate from 458 // the get-go? 459 if (rc == SQLITE_NOTADB || rc == SQLITE_IOERR_SHORT_READ) { 460 sqlite3_file* file = NULL; 461 rc = GetSqlite3File(db_, &file); 462 if (rc != SQLITE_OK) { 463 DLOG(FATAL) << "Failure getting file handle."; 464 return false; 465 } 466 467 rc = file->pMethods->xTruncate(file, 0); 468 if (rc != SQLITE_OK) { 469 UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.RazeDatabaseTruncate",rc); 470 DLOG(FATAL) << "Failed to truncate file."; 471 return false; 472 } 473 474 rc = BackupDatabase(null_db.db_, db_, kMain); 475 UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.RazeDatabase2",rc); 476 477 if (rc != SQLITE_DONE) { 478 DLOG(FATAL) << "Failed retrying Raze()."; 479 } 480 } 481 482 // The entire database should have been backed up. 483 if (rc != SQLITE_DONE) { 484 // TODO(shess): Figure out which other cases can happen. 485 DLOG(FATAL) << "Unable to copy entire null database."; 486 return false; 487 } 488 489 return true; 490 } 491 492 bool Connection::RazeWithTimout(base::TimeDelta timeout) { 493 if (!db_) { 494 DLOG_IF(FATAL, !poisoned_) << "Cannot raze null db"; 495 return false; 496 } 497 498 ScopedBusyTimeout busy_timeout(db_); 499 busy_timeout.SetTimeout(timeout); 500 return Raze(); 501 } 502 503 bool Connection::RazeAndClose() { 504 if (!db_) { 505 DLOG_IF(FATAL, !poisoned_) << "Cannot raze null db"; 506 return false; 507 } 508 509 // Raze() cannot run in a transaction. 510 RollbackAllTransactions(); 511 512 bool result = Raze(); 513 514 CloseInternal(true); 515 516 // Mark the database so that future API calls fail appropriately, 517 // but don't DCHECK (because after calling this function they are 518 // expected to fail). 519 poisoned_ = true; 520 521 return result; 522 } 523 524 void Connection::Poison() { 525 if (!db_) { 526 DLOG_IF(FATAL, !poisoned_) << "Cannot poison null db"; 527 return; 528 } 529 530 RollbackAllTransactions(); 531 CloseInternal(true); 532 533 // Mark the database so that future API calls fail appropriately, 534 // but don't DCHECK (because after calling this function they are 535 // expected to fail). 536 poisoned_ = true; 537 } 538 539 // TODO(shess): To the extent possible, figure out the optimal 540 // ordering for these deletes which will prevent other connections 541 // from seeing odd behavior. For instance, it may be necessary to 542 // manually lock the main database file in a SQLite-compatible fashion 543 // (to prevent other processes from opening it), then delete the 544 // journal files, then delete the main database file. Another option 545 // might be to lock the main database file and poison the header with 546 // junk to prevent other processes from opening it successfully (like 547 // Gears "SQLite poison 3" trick). 548 // 549 // static 550 bool Connection::Delete(const base::FilePath& path) { 551 base::ThreadRestrictions::AssertIOAllowed(); 552 553 base::FilePath journal_path(path.value() + FILE_PATH_LITERAL("-journal")); 554 base::FilePath wal_path(path.value() + FILE_PATH_LITERAL("-wal")); 555 556 base::DeleteFile(journal_path, false); 557 base::DeleteFile(wal_path, false); 558 base::DeleteFile(path, false); 559 560 return !base::PathExists(journal_path) && 561 !base::PathExists(wal_path) && 562 !base::PathExists(path); 563 } 564 565 bool Connection::BeginTransaction() { 566 if (needs_rollback_) { 567 DCHECK_GT(transaction_nesting_, 0); 568 569 // When we're going to rollback, fail on this begin and don't actually 570 // mark us as entering the nested transaction. 571 return false; 572 } 573 574 bool success = true; 575 if (!transaction_nesting_) { 576 needs_rollback_ = false; 577 578 Statement begin(GetCachedStatement(SQL_FROM_HERE, "BEGIN TRANSACTION")); 579 if (!begin.Run()) 580 return false; 581 } 582 transaction_nesting_++; 583 return success; 584 } 585 586 void Connection::RollbackTransaction() { 587 if (!transaction_nesting_) { 588 DLOG_IF(FATAL, !poisoned_) << "Rolling back a nonexistent transaction"; 589 return; 590 } 591 592 transaction_nesting_--; 593 594 if (transaction_nesting_ > 0) { 595 // Mark the outermost transaction as needing rollback. 596 needs_rollback_ = true; 597 return; 598 } 599 600 DoRollback(); 601 } 602 603 bool Connection::CommitTransaction() { 604 if (!transaction_nesting_) { 605 DLOG_IF(FATAL, !poisoned_) << "Rolling back a nonexistent transaction"; 606 return false; 607 } 608 transaction_nesting_--; 609 610 if (transaction_nesting_ > 0) { 611 // Mark any nested transactions as failing after we've already got one. 612 return !needs_rollback_; 613 } 614 615 if (needs_rollback_) { 616 DoRollback(); 617 return false; 618 } 619 620 Statement commit(GetCachedStatement(SQL_FROM_HERE, "COMMIT")); 621 return commit.Run(); 622 } 623 624 void Connection::RollbackAllTransactions() { 625 if (transaction_nesting_ > 0) { 626 transaction_nesting_ = 0; 627 DoRollback(); 628 } 629 } 630 631 bool Connection::AttachDatabase(const base::FilePath& other_db_path, 632 const char* attachment_point) { 633 DCHECK(ValidAttachmentPoint(attachment_point)); 634 635 Statement s(GetUniqueStatement("ATTACH DATABASE ? AS ?")); 636 #if OS_WIN 637 s.BindString16(0, other_db_path.value()); 638 #else 639 s.BindString(0, other_db_path.value()); 640 #endif 641 s.BindString(1, attachment_point); 642 return s.Run(); 643 } 644 645 bool Connection::DetachDatabase(const char* attachment_point) { 646 DCHECK(ValidAttachmentPoint(attachment_point)); 647 648 Statement s(GetUniqueStatement("DETACH DATABASE ?")); 649 s.BindString(0, attachment_point); 650 return s.Run(); 651 } 652 653 int Connection::ExecuteAndReturnErrorCode(const char* sql) { 654 AssertIOAllowed(); 655 if (!db_) { 656 DLOG_IF(FATAL, !poisoned_) << "Illegal use of connection without a db"; 657 return SQLITE_ERROR; 658 } 659 return sqlite3_exec(db_, sql, NULL, NULL, NULL); 660 } 661 662 bool Connection::Execute(const char* sql) { 663 if (!db_) { 664 DLOG_IF(FATAL, !poisoned_) << "Illegal use of connection without a db"; 665 return false; 666 } 667 668 int error = ExecuteAndReturnErrorCode(sql); 669 if (error != SQLITE_OK) 670 error = OnSqliteError(error, NULL, sql); 671 672 // This needs to be a FATAL log because the error case of arriving here is 673 // that there's a malformed SQL statement. This can arise in development if 674 // a change alters the schema but not all queries adjust. This can happen 675 // in production if the schema is corrupted. 676 if (error == SQLITE_ERROR) 677 DLOG(FATAL) << "SQL Error in " << sql << ", " << GetErrorMessage(); 678 return error == SQLITE_OK; 679 } 680 681 bool Connection::ExecuteWithTimeout(const char* sql, base::TimeDelta timeout) { 682 if (!db_) { 683 DLOG_IF(FATAL, !poisoned_) << "Illegal use of connection without a db"; 684 return false; 685 } 686 687 ScopedBusyTimeout busy_timeout(db_); 688 busy_timeout.SetTimeout(timeout); 689 return Execute(sql); 690 } 691 692 bool Connection::HasCachedStatement(const StatementID& id) const { 693 return statement_cache_.find(id) != statement_cache_.end(); 694 } 695 696 scoped_refptr<Connection::StatementRef> Connection::GetCachedStatement( 697 const StatementID& id, 698 const char* sql) { 699 CachedStatementMap::iterator i = statement_cache_.find(id); 700 if (i != statement_cache_.end()) { 701 // Statement is in the cache. It should still be active (we're the only 702 // one invalidating cached statements, and we'll remove it from the cache 703 // if we do that. Make sure we reset it before giving out the cached one in 704 // case it still has some stuff bound. 705 DCHECK(i->second->is_valid()); 706 sqlite3_reset(i->second->stmt()); 707 return i->second; 708 } 709 710 scoped_refptr<StatementRef> statement = GetUniqueStatement(sql); 711 if (statement->is_valid()) 712 statement_cache_[id] = statement; // Only cache valid statements. 713 return statement; 714 } 715 716 scoped_refptr<Connection::StatementRef> Connection::GetUniqueStatement( 717 const char* sql) { 718 AssertIOAllowed(); 719 720 // Return inactive statement. 721 if (!db_) 722 return new StatementRef(NULL, NULL, poisoned_); 723 724 sqlite3_stmt* stmt = NULL; 725 int rc = sqlite3_prepare_v2(db_, sql, -1, &stmt, NULL); 726 if (rc != SQLITE_OK) { 727 // This is evidence of a syntax error in the incoming SQL. 728 DLOG(FATAL) << "SQL compile error " << GetErrorMessage(); 729 730 // It could also be database corruption. 731 OnSqliteError(rc, NULL, sql); 732 return new StatementRef(NULL, NULL, false); 733 } 734 return new StatementRef(this, stmt, true); 735 } 736 737 scoped_refptr<Connection::StatementRef> Connection::GetUntrackedStatement( 738 const char* sql) const { 739 // Return inactive statement. 740 if (!db_) 741 return new StatementRef(NULL, NULL, poisoned_); 742 743 sqlite3_stmt* stmt = NULL; 744 int rc = sqlite3_prepare_v2(db_, sql, -1, &stmt, NULL); 745 if (rc != SQLITE_OK) { 746 // This is evidence of a syntax error in the incoming SQL. 747 DLOG(FATAL) << "SQL compile error " << GetErrorMessage(); 748 return new StatementRef(NULL, NULL, false); 749 } 750 return new StatementRef(NULL, stmt, true); 751 } 752 753 std::string Connection::GetSchema() const { 754 // The ORDER BY should not be necessary, but relying on organic 755 // order for something like this is questionable. 756 const char* kSql = 757 "SELECT type, name, tbl_name, sql " 758 "FROM sqlite_master ORDER BY 1, 2, 3, 4"; 759 Statement statement(GetUntrackedStatement(kSql)); 760 761 std::string schema; 762 while (statement.Step()) { 763 schema += statement.ColumnString(0); 764 schema += '|'; 765 schema += statement.ColumnString(1); 766 schema += '|'; 767 schema += statement.ColumnString(2); 768 schema += '|'; 769 schema += statement.ColumnString(3); 770 schema += '\n'; 771 } 772 773 return schema; 774 } 775 776 bool Connection::IsSQLValid(const char* sql) { 777 AssertIOAllowed(); 778 if (!db_) { 779 DLOG_IF(FATAL, !poisoned_) << "Illegal use of connection without a db"; 780 return false; 781 } 782 783 sqlite3_stmt* stmt = NULL; 784 if (sqlite3_prepare_v2(db_, sql, -1, &stmt, NULL) != SQLITE_OK) 785 return false; 786 787 sqlite3_finalize(stmt); 788 return true; 789 } 790 791 bool Connection::DoesTableExist(const char* table_name) const { 792 return DoesTableOrIndexExist(table_name, "table"); 793 } 794 795 bool Connection::DoesIndexExist(const char* index_name) const { 796 return DoesTableOrIndexExist(index_name, "index"); 797 } 798 799 bool Connection::DoesTableOrIndexExist( 800 const char* name, const char* type) const { 801 const char* kSql = "SELECT name FROM sqlite_master WHERE type=? AND name=?"; 802 Statement statement(GetUntrackedStatement(kSql)); 803 statement.BindString(0, type); 804 statement.BindString(1, name); 805 806 return statement.Step(); // Table exists if any row was returned. 807 } 808 809 bool Connection::DoesColumnExist(const char* table_name, 810 const char* column_name) const { 811 std::string sql("PRAGMA TABLE_INFO("); 812 sql.append(table_name); 813 sql.append(")"); 814 815 Statement statement(GetUntrackedStatement(sql.c_str())); 816 while (statement.Step()) { 817 if (!statement.ColumnString(1).compare(column_name)) 818 return true; 819 } 820 return false; 821 } 822 823 int64 Connection::GetLastInsertRowId() const { 824 if (!db_) { 825 DLOG_IF(FATAL, !poisoned_) << "Illegal use of connection without a db"; 826 return 0; 827 } 828 return sqlite3_last_insert_rowid(db_); 829 } 830 831 int Connection::GetLastChangeCount() const { 832 if (!db_) { 833 DLOG_IF(FATAL, !poisoned_) << "Illegal use of connection without a db"; 834 return 0; 835 } 836 return sqlite3_changes(db_); 837 } 838 839 int Connection::GetErrorCode() const { 840 if (!db_) 841 return SQLITE_ERROR; 842 return sqlite3_errcode(db_); 843 } 844 845 int Connection::GetLastErrno() const { 846 if (!db_) 847 return -1; 848 849 int err = 0; 850 if (SQLITE_OK != sqlite3_file_control(db_, NULL, SQLITE_LAST_ERRNO, &err)) 851 return -2; 852 853 return err; 854 } 855 856 const char* Connection::GetErrorMessage() const { 857 if (!db_) 858 return "sql::Connection has no connection."; 859 return sqlite3_errmsg(db_); 860 } 861 862 bool Connection::OpenInternal(const std::string& file_name, 863 Connection::Retry retry_flag) { 864 AssertIOAllowed(); 865 866 if (db_) { 867 DLOG(FATAL) << "sql::Connection is already open."; 868 return false; 869 } 870 871 // Make sure sqlite3_initialize() is called before anything else. 872 InitializeSqlite(); 873 874 // If |poisoned_| is set, it means an error handler called 875 // RazeAndClose(). Until regular Close() is called, the caller 876 // should be treating the database as open, but is_open() currently 877 // only considers the sqlite3 handle's state. 878 // TODO(shess): Revise is_open() to consider poisoned_, and review 879 // to see if any non-testing code even depends on it. 880 DLOG_IF(FATAL, poisoned_) << "sql::Connection is already open."; 881 poisoned_ = false; 882 883 int err = sqlite3_open(file_name.c_str(), &db_); 884 if (err != SQLITE_OK) { 885 // Extended error codes cannot be enabled until a handle is 886 // available, fetch manually. 887 err = sqlite3_extended_errcode(db_); 888 889 // Histogram failures specific to initial open for debugging 890 // purposes. 891 UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.OpenFailure", err); 892 893 OnSqliteError(err, NULL, "-- sqlite3_open()"); 894 bool was_poisoned = poisoned_; 895 Close(); 896 897 if (was_poisoned && retry_flag == RETRY_ON_POISON) 898 return OpenInternal(file_name, NO_RETRY); 899 return false; 900 } 901 902 // TODO(shess): OS_WIN support? 903 #if defined(OS_POSIX) 904 if (restrict_to_user_) { 905 DCHECK_NE(file_name, std::string(":memory")); 906 base::FilePath file_path(file_name); 907 int mode = 0; 908 // TODO(shess): Arguably, failure to retrieve and change 909 // permissions should be fatal if the file exists. 910 if (base::GetPosixFilePermissions(file_path, &mode)) { 911 mode &= base::FILE_PERMISSION_USER_MASK; 912 base::SetPosixFilePermissions(file_path, mode); 913 914 // SQLite sets the permissions on these files from the main 915 // database on create. Set them here in case they already exist 916 // at this point. Failure to set these permissions should not 917 // be fatal unless the file doesn't exist. 918 base::FilePath journal_path(file_name + FILE_PATH_LITERAL("-journal")); 919 base::FilePath wal_path(file_name + FILE_PATH_LITERAL("-wal")); 920 base::SetPosixFilePermissions(journal_path, mode); 921 base::SetPosixFilePermissions(wal_path, mode); 922 } 923 } 924 #endif // defined(OS_POSIX) 925 926 // SQLite uses a lookaside buffer to improve performance of small mallocs. 927 // Chromium already depends on small mallocs being efficient, so we disable 928 // this to avoid the extra memory overhead. 929 // This must be called immediatly after opening the database before any SQL 930 // statements are run. 931 sqlite3_db_config(db_, SQLITE_DBCONFIG_LOOKASIDE, NULL, 0, 0); 932 933 // Enable extended result codes to provide more color on I/O errors. 934 // Not having extended result codes is not a fatal problem, as 935 // Chromium code does not attempt to handle I/O errors anyhow. The 936 // current implementation always returns SQLITE_OK, the DCHECK is to 937 // quickly notify someone if SQLite changes. 938 err = sqlite3_extended_result_codes(db_, 1); 939 DCHECK_EQ(err, SQLITE_OK) << "Could not enable extended result codes"; 940 941 // sqlite3_open() does not actually read the database file (unless a 942 // hot journal is found). Successfully executing this pragma on an 943 // existing database requires a valid header on page 1. 944 // TODO(shess): For now, just probing to see what the lay of the 945 // land is. If it's mostly SQLITE_NOTADB, then the database should 946 // be razed. 947 err = ExecuteAndReturnErrorCode("PRAGMA auto_vacuum"); 948 if (err != SQLITE_OK) 949 UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.OpenProbeFailure", err); 950 951 #if defined(OS_IOS) && defined(USE_SYSTEM_SQLITE) 952 // The version of SQLite shipped with iOS doesn't enable ICU, which includes 953 // REGEXP support. Add it in dynamically. 954 err = sqlite3IcuInit(db_); 955 DCHECK_EQ(err, SQLITE_OK) << "Could not enable ICU support"; 956 #endif // OS_IOS && USE_SYSTEM_SQLITE 957 958 // If indicated, lock up the database before doing anything else, so 959 // that the following code doesn't have to deal with locking. 960 // TODO(shess): This code is brittle. Find the cases where code 961 // doesn't request |exclusive_locking_| and audit that it does the 962 // right thing with SQLITE_BUSY, and that it doesn't make 963 // assumptions about who might change things in the database. 964 // http://crbug.com/56559 965 if (exclusive_locking_) { 966 // TODO(shess): This should probably be a failure. Code which 967 // requests exclusive locking but doesn't get it is almost certain 968 // to be ill-tested. 969 ignore_result(Execute("PRAGMA locking_mode=EXCLUSIVE")); 970 } 971 972 // http://www.sqlite.org/pragma.html#pragma_journal_mode 973 // DELETE (default) - delete -journal file to commit. 974 // TRUNCATE - truncate -journal file to commit. 975 // PERSIST - zero out header of -journal file to commit. 976 // journal_size_limit provides size to trim to in PERSIST. 977 // TODO(shess): Figure out if PERSIST and journal_size_limit really 978 // matter. In theory, it keeps pages pre-allocated, so if 979 // transactions usually fit, it should be faster. 980 ignore_result(Execute("PRAGMA journal_mode = PERSIST")); 981 ignore_result(Execute("PRAGMA journal_size_limit = 16384")); 982 983 const base::TimeDelta kBusyTimeout = 984 base::TimeDelta::FromSeconds(kBusyTimeoutSeconds); 985 986 if (page_size_ != 0) { 987 // Enforce SQLite restrictions on |page_size_|. 988 DCHECK(!(page_size_ & (page_size_ - 1))) 989 << " page_size_ " << page_size_ << " is not a power of two."; 990 const int kSqliteMaxPageSize = 32768; // from sqliteLimit.h 991 DCHECK_LE(page_size_, kSqliteMaxPageSize); 992 const std::string sql = 993 base::StringPrintf("PRAGMA page_size=%d", page_size_); 994 ignore_result(ExecuteWithTimeout(sql.c_str(), kBusyTimeout)); 995 } 996 997 if (cache_size_ != 0) { 998 const std::string sql = 999 base::StringPrintf("PRAGMA cache_size=%d", cache_size_); 1000 ignore_result(ExecuteWithTimeout(sql.c_str(), kBusyTimeout)); 1001 } 1002 1003 if (!ExecuteWithTimeout("PRAGMA secure_delete=ON", kBusyTimeout)) { 1004 bool was_poisoned = poisoned_; 1005 Close(); 1006 if (was_poisoned && retry_flag == RETRY_ON_POISON) 1007 return OpenInternal(file_name, NO_RETRY); 1008 return false; 1009 } 1010 1011 return true; 1012 } 1013 1014 void Connection::DoRollback() { 1015 Statement rollback(GetCachedStatement(SQL_FROM_HERE, "ROLLBACK")); 1016 rollback.Run(); 1017 needs_rollback_ = false; 1018 } 1019 1020 void Connection::StatementRefCreated(StatementRef* ref) { 1021 DCHECK(open_statements_.find(ref) == open_statements_.end()); 1022 open_statements_.insert(ref); 1023 } 1024 1025 void Connection::StatementRefDeleted(StatementRef* ref) { 1026 StatementRefSet::iterator i = open_statements_.find(ref); 1027 if (i == open_statements_.end()) 1028 DLOG(FATAL) << "Could not find statement"; 1029 else 1030 open_statements_.erase(i); 1031 } 1032 1033 void Connection::AddTaggedHistogram(const std::string& name, 1034 size_t sample) const { 1035 if (histogram_tag_.empty()) 1036 return; 1037 1038 // TODO(shess): The histogram macros create a bit of static storage 1039 // for caching the histogram object. This code shouldn't execute 1040 // often enough for such caching to be crucial. If it becomes an 1041 // issue, the object could be cached alongside histogram_prefix_. 1042 std::string full_histogram_name = name + "." + histogram_tag_; 1043 base::HistogramBase* histogram = 1044 base::SparseHistogram::FactoryGet( 1045 full_histogram_name, 1046 base::HistogramBase::kUmaTargetedHistogramFlag); 1047 if (histogram) 1048 histogram->Add(sample); 1049 } 1050 1051 int Connection::OnSqliteError(int err, sql::Statement *stmt, const char* sql) { 1052 UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.Error", err); 1053 AddTaggedHistogram("Sqlite.Error", err); 1054 1055 // Always log the error. 1056 if (!sql && stmt) 1057 sql = stmt->GetSQLStatement(); 1058 if (!sql) 1059 sql = "-- unknown"; 1060 LOG(ERROR) << histogram_tag_ << " sqlite error " << err 1061 << ", errno " << GetLastErrno() 1062 << ": " << GetErrorMessage() 1063 << ", sql: " << sql; 1064 1065 if (!error_callback_.is_null()) { 1066 // Fire from a copy of the callback in case of reentry into 1067 // re/set_error_callback(). 1068 // TODO(shess): <http://crbug.com/254584> 1069 ErrorCallback(error_callback_).Run(err, stmt); 1070 return err; 1071 } 1072 1073 // The default handling is to assert on debug and to ignore on release. 1074 if (!ShouldIgnoreSqliteError(err)) 1075 DLOG(FATAL) << GetErrorMessage(); 1076 return err; 1077 } 1078 1079 bool Connection::FullIntegrityCheck(std::vector<std::string>* messages) { 1080 return IntegrityCheckHelper("PRAGMA integrity_check", messages); 1081 } 1082 1083 bool Connection::QuickIntegrityCheck() { 1084 std::vector<std::string> messages; 1085 if (!IntegrityCheckHelper("PRAGMA quick_check", &messages)) 1086 return false; 1087 return messages.size() == 1 && messages[0] == "ok"; 1088 } 1089 1090 // TODO(shess): Allow specifying maximum results (default 100 lines). 1091 bool Connection::IntegrityCheckHelper( 1092 const char* pragma_sql, 1093 std::vector<std::string>* messages) { 1094 messages->clear(); 1095 1096 // This has the side effect of setting SQLITE_RecoveryMode, which 1097 // allows SQLite to process through certain cases of corruption. 1098 // Failing to set this pragma probably means that the database is 1099 // beyond recovery. 1100 const char kWritableSchema[] = "PRAGMA writable_schema = ON"; 1101 if (!Execute(kWritableSchema)) 1102 return false; 1103 1104 bool ret = false; 1105 { 1106 sql::Statement stmt(GetUniqueStatement(pragma_sql)); 1107 1108 // The pragma appears to return all results (up to 100 by default) 1109 // as a single string. This doesn't appear to be an API contract, 1110 // it could return separate lines, so loop _and_ split. 1111 while (stmt.Step()) { 1112 std::string result(stmt.ColumnString(0)); 1113 base::SplitString(result, '\n', messages); 1114 } 1115 ret = stmt.Succeeded(); 1116 } 1117 1118 // Best effort to put things back as they were before. 1119 const char kNoWritableSchema[] = "PRAGMA writable_schema = OFF"; 1120 ignore_result(Execute(kNoWritableSchema)); 1121 1122 return ret; 1123 } 1124 1125 } // namespace sql 1126
