Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(132)

Issue 10520010: Not for review: Support sync init with missing or corrupt store (Closed)

Created:
8 years, 6 months ago by rlarocque
Modified:
8 years, 4 months ago
CC:
chromium-reviews, Raghu Simha, ncarter (slow), akalin, tim (not reviewing)
Visibility:
Public.

Description

NOTE: This patch can be rolled into some of Nicolas' configuration refactoring work. I'll keep it around so we can use it as a reference, but it's unlikely that it will ever be committed. =============== Support sync init with missing or corrupt store Although the sync code did already support this, the solution came with a big TODO comment and the potential for some nasty side-effects. That's a big part of the reason why we did not try to recover from database corruption; it was safer to just sign out the user to avoid creating even worse problems (ie. DCHECK violation or crash). The old code assumed that information in the prefs store was in sync with the data in the sync database. This assumption would not be verified until the configure step that follows ProfileSyncService::OnBackendInitialized(), leaving sync in an inconsistent during and immediately following backend initialization. This patch will return information about the list of types found in the database during the first step of backend initialization. This allows the backend to know its own state. SyncBackendRegistrar's type information will be in sync with the contents of the sync database. When the configure following OnBackendInitialize does occur, the database will be configured to match the preferred types. The backend does not require any special code to handle the case where the database does not already match the user's preferences. Because we can now trust the sync initialization process to behave correctly even if it does unexpectedly receive an empty database, it is now safe to delete a corrupt directory and replace it with a new one. The user's data will need to be re-downloaded, but there's not much we coud do to avoid that. BUG=129825, 109668 TEST=Manual: - Delete 'Sync Data/SyncData.sqlite3' from profile directory. Verify that the client re-downloads its synced state on startup. - Corrupt the sync database with sqlite. For example, use the command 'DELETE FROM metas WHERE metahandle = 1'. Restart the client and verify that the corruption is detected, the database is deleted and the sync data re-downloaded into a new database.

Patch Set 1 #

Patch Set 2 : Documentation #

Total comments: 5
Unified diffs Side-by-side diffs Delta from patch set Stats (+177 lines, -264 lines) Patch
M chrome/browser/sync/glue/sync_backend_host.h View 6 chunks +33 lines, -31 lines 1 comment Download
M chrome/browser/sync/glue/sync_backend_host.cc View 10 chunks +14 lines, -42 lines 0 comments Download
M chrome/browser/sync/glue/sync_backend_host_unittest.cc View 1 chunk +0 lines, -1 line 0 comments Download
M chrome/browser/sync/glue/sync_backend_registrar.h View 1 2 chunks +8 lines, -6 lines 1 comment Download
M chrome/browser/sync/glue/sync_backend_registrar.cc View 1 3 chunks +23 lines, -18 lines 1 comment Download
M chrome/browser/sync/glue/sync_backend_registrar_unittest.cc View 5 chunks +10 lines, -5 lines 0 comments Download
M chrome/browser/sync/profile_sync_service.cc View 3 chunks +3 lines, -15 lines 0 comments Download
M chrome/browser/sync/profile_sync_service_startup_unittest.cc View 1 chunk +1 line, -1 line 0 comments Download
M chrome/browser/sync/profile_sync_service_unittest.cc View 1 chunk +0 lines, -23 lines 1 comment Download
M chrome/browser/sync/test_profile_sync_service.h View 4 chunks +4 lines, -11 lines 0 comments Download
M chrome/browser/sync/test_profile_sync_service.cc View 6 chunks +12 lines, -26 lines 0 comments Download
M sync/engine/sync_scheduler_unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M sync/engine/sync_scheduler_whitebox_unittest.cc View 1 chunk +1 line, -1 line 0 comments Download
M sync/engine/syncer_unittest.cc View 1 chunk +2 lines, -1 line 0 comments Download
M sync/internal_api/debug_info_event_listener.h View 1 chunk +1 line, -1 line 0 comments Download
M sync/internal_api/debug_info_event_listener.cc View 1 chunk +1 line, -1 line 0 comments Download
M sync/internal_api/js_sync_manager_observer.h View 1 chunk +2 lines, -1 line 0 comments Download
M sync/internal_api/js_sync_manager_observer.cc View 1 chunk +6 lines, -2 lines 0 comments Download
M sync/internal_api/js_sync_manager_observer_unittest.cc View 3 chunks +16 lines, -5 lines 0 comments Download
M sync/internal_api/sync_manager.h View 3 chunks +6 lines, -7 lines 0 comments Download
M sync/internal_api/sync_manager.cc View 13 chunks +16 lines, -28 lines 0 comments Download
M sync/internal_api/syncapi_unittest.cc View 3 chunks +5 lines, -4 lines 0 comments Download
M sync/sessions/sync_session_context.h View 1 chunk +0 lines, -1 line 0 comments Download
M sync/sessions/sync_session_context.cc View 2 chunks +0 lines, -2 lines 0 comments Download
M sync/sessions/sync_session_unittest.cc View 2 chunks +10 lines, -10 lines 0 comments Download
M sync/syncable/directory_backing_store_unittest.cc View 1 chunk +0 lines, -19 lines 1 comment Download
M sync/test/engine/syncer_command_test.h View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 1 (0 generated)
rlarocque
8 years, 6 months ago (2012-06-04 20:07:09 UTC) #1
Here is the long-awaited directory corruption handling patch.  Please review.

It's a big diff, but a lot of it is either noise generated by changing function
signatures, or changes to the unit tests.  The most interesting parts are in
SyncBackendRegistrar, SyncBackendHost and SyncManager (especially
SyncManager::SyncInternal::OpenDirectory()).

I'm not very happy with the way the test functions worked out, but I think our
coverage is still fairly good.  Hopefully we can improve our coverage as we
start to clean up the TestProfileSyncService.

http://codereview.chromium.org/10520010/diff/2001/chrome/browser/sync/glue/sy...
File chrome/browser/sync/glue/sync_backend_host.h (right):

http://codereview.chromium.org/10520010/diff/2001/chrome/browser/sync/glue/sy...
chrome/browser/sync/glue/sync_backend_host.h:370:
scoped_ptr<PendingConfigureDataTypesState> pending_download_state_;
The moves in this file were necessary to make pending_download_state_ and
pending_config_mode_state_ protected instead of private, so they could be
accessed by the unit tests.

http://codereview.chromium.org/10520010/diff/2001/chrome/browser/sync/glue/sy...
File chrome/browser/sync/glue/sync_backend_registrar.cc (right):

http://codereview.chromium.org/10520010/diff/2001/chrome/browser/sync/glue/sy...
chrome/browser/sync/glue/sync_backend_registrar.cc:91: // Set our initial state
to reflect the current status of the sync directory.
I could use a flag and some DCHECKs to ensure that this function is called only
once and is called before any other public method.  I'm not convinced that would
be a good idea, though.  Thoughts?

http://codereview.chromium.org/10520010/diff/2001/chrome/browser/sync/glue/sy...
File chrome/browser/sync/glue/sync_backend_registrar.h (right):

http://codereview.chromium.org/10520010/diff/2001/chrome/browser/sync/glue/sy...
chrome/browser/sync/glue/sync_backend_registrar.h:59: void
SetInitialTypes(syncable::ModelTypeSet initial_types);
I'm not a fan of this two-stage init.  It may be possible to split this class in
two in order to avoid this, but I haven't tried.  

On the plus side, this is much simpler and safer than the other schemes I tried.
 There's no need for extra inter-thread communication with this approach.  That
does a lot to reduce the amount of new code and error-handling required.

http://codereview.chromium.org/10520010/diff/2001/chrome/browser/sync/profile...
File chrome/browser/sync/profile_sync_service_unittest.cc (left):

http://codereview.chromium.org/10520010/diff/2001/chrome/browser/sync/profile...
chrome/browser/sync/profile_sync_service_unittest.cc:366:
TEST_F(ProfileSyncServiceTest, DISABLED_CorruptDatabase) {
Our test framework actually makes this really hard to test.  Even if I could
generate an error, there are flags in SyncManager used to ignored errors in the
SignIn() function when the SM is in "test mode".  We're a long way away from
being able to unit test this error path.

http://codereview.chromium.org/10520010/diff/2001/sync/syncable/directory_bac...
File sync/syncable/directory_backing_store_unittest.cc (left):

http://codereview.chromium.org/10520010/diff/2001/sync/syncable/directory_bac...
sync/syncable/directory_backing_store_unittest.cc:2089:
TEST_F(DirectoryBackingStoreTest, DISABLED_Corruption) {
I've given up on testing this.  I simply can't find a way to trigger the right
kind of failure.  All my attempts are either unable to trigger an error, or
cause a CHECK failure in the SQL code.

Powered by Google App Engine
This is Rietveld 408576698