Add database recovery for FileSystemOriginDatabase

webkit/fileapi/file_system_directory_database.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webkit/fileapi/file_system_directory_database.h"
 
 #include <math.h>
 
+#include "base/file_util.h"
 #include "base/location.h"
 #include "base/pickle.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
 #include "base/sys_string_conversions.h"
 #include "third_party/leveldatabase/src/include/leveldb/iterator.h"
+#include "third_party/leveldatabase/src/include/leveldb/status.h"
 #include "third_party/leveldatabase/src/include/leveldb/write_batch.h"
 #include "webkit/fileapi/file_system_util.h"
 
 namespace {
 
 bool PickleFromFileInfo(
     const fileapi::FileSystemDirectoryDatabase::FileInfo& info,
     Pickle* pickle) {
   DCHECK(pickle);
   std::string data_path;
@@ skipping 38 matching lines @@
     info->data_path = FilePath(base::SysUTF8ToWide(data_path));
     info->name = base::SysUTF8ToWide(name);
 #endif
     info->modification_time = base::Time::FromInternalValue(internal_time);
     return true;
   }
   LOG(ERROR) << "Pickle could not be digested!";
   return false;
 }
 
+const FilePath::CharType kDirectoryDatabaseName[] = FILE_PATH_LITERAL("Paths");
 const char kChildLookupPrefix[] = "CHILD_OF:";
 const char kChildLookupSeparator[] = ":";
 const char kLastFileIdKey[] = "LAST_FILE_ID";
 const char kLastIntegerKey[] = "LAST_INTEGER";
 
 std::string GetChildLookupKey(
     fileapi::FileSystemDirectoryDatabase::FileId parent_id,
     const FilePath::StringType& child_name) {
   std::string name;
 #if defined(OS_POSIX)
@@ skipping 27 matching lines @@
 }  // namespace
 
 namespace fileapi {
 
 FileSystemDirectoryDatabase::FileInfo::FileInfo() : parent_id(0) {
 }
 
 FileSystemDirectoryDatabase::FileInfo::~FileInfo() {
 }
 
-FileSystemDirectoryDatabase::FileSystemDirectoryDatabase(const FilePath& path) {
-#if defined(OS_POSIX)
-  path_ = path.value();
-#elif defined(OS_WIN)
-  path_ = base::SysWideToUTF8(path.value());
-#endif
+FileSystemDirectoryDatabase::FileSystemDirectoryDatabase(
+    const FilePath& sandbox_directory)
+    : sandbox_directory_(sandbox_directory) {
 }
 
 FileSystemDirectoryDatabase::~FileSystemDirectoryDatabase() {
 }
 
 bool FileSystemDirectoryDatabase::GetChildWithName(
     FileId parent_id, const FilePath::StringType& name, FileId* child_id) {
-  if (!Init())
+  if (!Init(FAIL_ON_CORRUPTION))
     return false;
   DCHECK(child_id);
   std::string child_key = GetChildLookupKey(parent_id, name);
   std::string child_id_string;
   leveldb::Status status =
       db_->Get(leveldb::ReadOptions(), child_key, &child_id_string);
   if (status.IsNotFound())
     return false;
   if (status.ok()) {
     if (!base::StringToInt64(child_id_string, child_id)) {
@@ skipping 20 matching lines @@
     if (!GetChildWithName(local_id, name, &local_id))
       return false;
   }
   *file_id = local_id;
   return true;
 }
 
 bool FileSystemDirectoryDatabase::ListChildren(
     FileId parent_id, std::vector<FileId>* children) {
   // Check to add later: fail if parent is a file, at least in debug builds.
-  if (!Init())
+  if (!Init(FAIL_ON_CORRUPTION))
     return false;
   DCHECK(children);
   std::string child_key_prefix = GetChildListingKeyPrefix(parent_id);
 
   scoped_ptr<leveldb::Iterator> iter(db_->NewIterator(leveldb::ReadOptions()));
   iter->Seek(child_key_prefix);
   children->clear();
   while (iter->Valid() &&
       StartsWithASCII(iter->key().ToString(), child_key_prefix, true)) {
     std::string child_id_string = iter->value().ToString();
     FileId child_id;
     if (!base::StringToInt64(child_id_string, &child_id)) {
       LOG(ERROR) << "Hit database corruption!";
       return false;
     }
     children->push_back(child_id);
     iter->Next();
   }
   return true;
 }
 
 bool FileSystemDirectoryDatabase::GetFileInfo(FileId file_id, FileInfo* info) {
-  if (!Init())
+  if (!Init(FAIL_ON_CORRUPTION))
     return false;
   DCHECK(info);
   std::string file_key = GetFileLookupKey(file_id);
   std::string file_data_string;
   leveldb::Status status =
       db_->Get(leveldb::ReadOptions(), file_key, &file_data_string);
   if (status.ok()) {
     return FileInfoFromPickle(
         Pickle(file_data_string.data(), file_data_string.length()), info);
   }
   // Special-case the root, for databases that haven't been initialized yet.
   // Without this, a query for the root's file info, made before creating the
   // first file in the database, will fail and confuse callers.
   if (status.IsNotFound() && !file_id) {
     info->name = FilePath::StringType();
     info->data_path = FilePath();
     info->modification_time = base::Time::Now();
     info->parent_id = 0;
     return true;
   }
   HandleError(FROM_HERE, status);
   return false;
 }
 
 bool FileSystemDirectoryDatabase::AddFileInfo(
     const FileInfo& info, FileId* file_id) {
-  if (!Init())
+  if (!Init(FAIL_ON_CORRUPTION))
     return false;
   DCHECK(file_id);
   std::string child_key = GetChildLookupKey(info.parent_id, info.name);
   std::string child_id_string;
   leveldb::Status status =
       db_->Get(leveldb::ReadOptions(), child_key, &child_id_string);
   if (status.ok()) {
     LOG(ERROR) << "File exists already!";
     return false;
   }
@@ skipping 21 matching lines @@
   status = db_->Write(leveldb::WriteOptions(), &batch);
   if (!status.ok()) {
     HandleError(FROM_HERE, status);
     return false;
   }
   *file_id = temp_id;
   return true;
 }
 
 bool FileSystemDirectoryDatabase::RemoveFileInfo(FileId file_id) {
-  if (!Init())
+  if (!Init(FAIL_ON_CORRUPTION))
     return false;
   leveldb::WriteBatch batch;
   if (!RemoveFileInfoHelper(file_id, &batch))
     return false;
   leveldb::Status status = db_->Write(leveldb::WriteOptions(), &batch);
   if (!status.ok()) {
     HandleError(FROM_HERE, status);
     return false;
   }
   return true;
 }
 
 bool FileSystemDirectoryDatabase::UpdateFileInfo(
     FileId file_id, const FileInfo& new_info) {
   // TODO: We should also check to see that this doesn't create a loop, but
   // perhaps only in a debug build.
-  if (!Init())
+  if (!Init(FAIL_ON_CORRUPTION))
     return false;
   DCHECK(file_id);  // You can't remove the root, ever.  Just delete the DB.
   FileInfo old_info;
   if (!GetFileInfo(file_id, &old_info))
     return false;
   if (old_info.parent_id != new_info.parent_id &&
       !VerifyIsDirectory(new_info.parent_id))
     return false;
   if (old_info.parent_id != new_info.parent_id ||
       old_info.name != new_info.name) {
@@ skipping 63 matching lines @@
                      pickle.size()));
   leveldb::Status status = db_->Write(leveldb::WriteOptions(), &batch);
   if (!status.ok()) {
     HandleError(FROM_HERE, status);
     return false;
   }
   return true;
 }
 
 bool FileSystemDirectoryDatabase::GetNextInteger(int64* next) {
-  if (!Init())
+  if (!Init(FAIL_ON_CORRUPTION))
     return false;
   DCHECK(next);
   std::string int_string;
   leveldb::Status status =
       db_->Get(leveldb::ReadOptions(), LastIntegerKey(), &int_string);
   if (status.ok()) {
     int64 temp;
     if (!base::StringToInt64(int_string, &temp)) {
       LOG(ERROR) << "Hit database corruption!";
       return false;
@@ skipping 28 matching lines @@
   name = base::SysWideToUTF8(path.value());
 #endif
   leveldb::Status status = leveldb::DestroyDB(name, leveldb::Options());
   if (status.ok())
     return true;
   LOG(WARNING) << "Failed to destroy a database with status " <<
       status.ToString();
   return false;
 }
 
-bool FileSystemDirectoryDatabase::Init() {
- if (db_.get())
-   return true;
+bool FileSystemDirectoryDatabase::Init(RecoveryOption recovery_option) {
+  if (db_.get())
+    return true;
 
- leveldb::Options options;
- options.create_if_missing = true;
- leveldb::DB* db;
- leveldb::Status status = leveldb::DB::Open(options, path_, &db);
- if (status.ok()) {
-   db_.reset(db);
-   return true;
- }
- HandleError(FROM_HERE, status);
- return false;
+  std::string path;
+#if defined(OS_POSIX)
+  path = sandbox_directory_.Append(kDirectoryDatabaseName).value();
+#elif defined(OS_WIN)
+  path = base::SysWideToUTF8(
+      sandbox_directory_.Append(kDirectoryDatabaseName).value());

[kinuko, 2012/03/23 04:01:33]

Can we use AsUTF8Unsafe() and remove ifdefs?

[kinuko, 2012/03/23 06:27:21]

(We chatted offline) ok this does something slightly different from what we do
here (especially for POSIX case), and we use another pair of path conversion
methods in leveldatabase/env_chromium.cc, i.e. UTF8ToUTF16 and UTF16ToUTF8.
(Since recent windows almost always use UTF16 it should be ok I believe)

We should use the same method pair in both places, but for now please feel free
to keep it as is (or add some neat common method somewhere else) but with an
appropriate TODO.

[tzik, 2012/03/23 07:09:00]

On linux, it calls SysNativeMBToWide() and WideToUTF8(), and there is no way to
convert back.
How about go along with third_party/leveldb/env_chromium.cc?
That calls UTF16ToUTF8 in Windows and do nothing in POSIX.

+#else
+  NOTREACHED()
+#endif
+
+  leveldb::Options options;
+  options.create_if_missing = true;
+  leveldb::DB* db;
+  leveldb::Status status = leveldb::DB::Open(options, path, &db);
+  // TODO(tzik): Collect status metrics here.
+  if (status.ok()) {
+    db_.reset(db);
+    return true;
+  }
+  HandleError(FROM_HERE, status);
+
+  if (recovery_option == FAIL_ON_CORRUPTION)
+    return false;
+
+  DCHECK_EQ(FAIL_ON_CORRUPTION, recovery_option);

[kinuko, 2012/03/23 04:01:33]

DELETE_ON_CORRUPTION?

[tzik, 2012/03/23 07:09:00]

Done.

+  if (!file_util::Delete(sandbox_directory_, true))
+    return false;
+  if (!file_util::CreateDirectory(sandbox_directory_))
+    return false;
+  return Init(FAIL_ON_CORRUPTION);
 }
 
 bool FileSystemDirectoryDatabase::StoreDefaultValues() {
   // Verify that this is a totally new database, and initialize it.
   scoped_ptr<leveldb::Iterator> iter(db_->NewIterator(leveldb::ReadOptions()));
   iter->SeekToFirst();
   if (iter->Valid()) {  // DB was not empty--we shouldn't have been called.
     LOG(ERROR) << "File system origin database is corrupt!";
     return false;
   }
   // This is always the first write into the database.  If we ever add a
   // version number, it should go in this transaction too.
   FileInfo root;
   root.parent_id = 0;
   root.modification_time = base::Time::Now();
   leveldb::WriteBatch batch;
   if (!AddFileInfoHelper(root, 0, &batch))
     return false;
   batch.Put(LastFileIdKey(), base::Int64ToString(0));
   batch.Put(LastIntegerKey(), base::Int64ToString(-1));
   leveldb::Status status = db_->Write(leveldb::WriteOptions(), &batch);
   if (!status.ok()) {
     HandleError(FROM_HERE, status);
     return false;
   }
   return true;
 }
 
 bool FileSystemDirectoryDatabase::GetLastFileId(FileId* file_id) {
-  if (!Init())
+  if (!Init(FAIL_ON_CORRUPTION))
     return false;
   DCHECK(file_id);
   std::string id_string;
   leveldb::Status status =
       db_->Get(leveldb::ReadOptions(), LastFileIdKey(), &id_string);
   if (status.ok()) {
     if (!base::StringToInt64(id_string, file_id)) {
       LOG(ERROR) << "Hit database corruption!";
       return false;
     }
@@ skipping 69 matching lines @@
 
 void FileSystemDirectoryDatabase::HandleError(
     const tracked_objects::Location& from_here,
     leveldb::Status status) {
   LOG(ERROR) << "FileSystemDirectoryDatabase failed at: "
              << from_here.ToString() << " with error: " << status.ToString();
   db_.reset();
 }
 
 }  // namespace fileapi