Scoped recovery module for sql/

sql/connection.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sql/connection.h"
 
 #include <string.h>
 
 #include "base/files/file_path.h"
 #include "base/file_util.h"
@@ skipping 157 matching lines @@
 #elif defined(OS_POSIX)
   return OpenInternal(path.value());
 #endif
 }
 
 bool Connection::OpenInMemory() {
   in_memory_ = true;
   return OpenInternal(":memory:");
 }
 
+bool Connection::OpenTemporary() {
+  return OpenInternal("");
+}
+
 void Connection::CloseInternal(bool forced) {
   // TODO(shess): Calling "PRAGMA journal_mode = DELETE" at this point
   // will delete the -journal file.  For ChromiumOS or other more
   // embedded systems, this is probably not appropriate, whereas on
   // desktop it might make some sense.
 
   // sqlite3_close() needs all prepared statements to be finalized.
 
   // Release cached statements.
   statement_cache_.clear();
@@ skipping 166 matching lines @@
   return Raze();
 }
 
 bool Connection::RazeAndClose() {
   if (!db_) {
     DLOG_IF(FATAL, !poisoned_) << "Cannot raze null db";
     return false;
   }
 
   // Raze() cannot run in a transaction.
-  while (transaction_nesting_) {
-    RollbackTransaction();
-  }
+  RollbackAllTransactions();
 
   bool result = Raze();
 
   CloseInternal(true);
 
   // Mark the database so that future API calls fail appropriately,
   // but don't DCHECK (because after calling this function they are
   // expected to fail).
   poisoned_ = true;
 
   return result;
 }
 
+void Connection::CloseAndPoison() {
+  if (!db_) {
+    DLOG_IF(FATAL, !poisoned_) << "Cannot poison null db";

[erikwright (departed), 2013/07/05 19:02:30]

is this different from DCHECK(poisoned) << "..";?

[Scott Hess - ex-Googler, 2013/07/08 21:41:51]

Once Upon A Time, in a refactor we had a big knock-down drag-out argument about
this.  I do not remember why things ended up with DLOG(FATAL) in this code, but
we did.  I don't think there was a functional difference involved, I think it
hinged on some abstract sense of rightness.

[I also don't think I agreed with using DLOG(FATAL), at some point I just
stopped caring.]

+    return;
+  }
+
+  RollbackAllTransactions();
+  CloseInternal(true);
+
+  // Mark the database so that future API calls fail appropriately,
+  // but don't DCHECK (because after calling this function they are
+  // expected to fail).
+  poisoned_ = true;
+}
+
 // TODO(shess): To the extent possible, figure out the optimal
 // ordering for these deletes which will prevent other connections
 // from seeing odd behavior.  For instance, it may be necessary to
 // manually lock the main database file in a SQLite-compatible fashion
 // (to prevent other processes from opening it), then delete the
 // journal files, then delete the main database file.  Another option
 // might be to lock the main database file and poison the header with
 // junk to prevent other processes from opening it successfully (like
 // Gears "SQLite poison 3" trick).
 //
@@ skipping 65 matching lines @@
 
   if (needs_rollback_) {
     DoRollback();
     return false;
   }
 
   Statement commit(GetCachedStatement(SQL_FROM_HERE, "COMMIT"));
   return commit.Run();
 }
 
+void Connection::RollbackAllTransactions() {
+  if (transaction_nesting_ > 0) {
+    transaction_nesting_ = 0;
+    DoRollback();
+  }
+}
+
 int Connection::ExecuteAndReturnErrorCode(const char* sql) {
   AssertIOAllowed();
   if (!db_) {
     DLOG_IF(FATAL, !poisoned_) << "Illegal use of connection without a db";
     return SQLITE_ERROR;
   }
   return sqlite3_exec(db_, sql, NULL, NULL, NULL);
 }
 
 bool Connection::Execute(const char* sql) {
@@ skipping 365 matching lines @@
   }
 
   // Best effort to put things back as they were before.
   const char kNoWritableSchema[] = "PRAGMA writable_schema = OFF";
   ignore_result(Execute(kNoWritableSchema));
 
   return ret;
 }
 
 }  // namespace sql