OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef SQL_RECOVERY_H_ | 5 #ifndef SQL_RECOVERY_H_ |
6 #define SQL_RECOVERY_H_ | 6 #define SQL_RECOVERY_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 | 9 |
10 #include "base/macros.h" | 10 #include "base/macros.h" |
11 #include "sql/connection.h" | 11 #include "sql/connection.h" |
12 | 12 |
13 namespace base { | 13 namespace base { |
14 class FilePath; | 14 class FilePath; |
15 } | 15 } |
16 | 16 |
17 namespace sql { | 17 namespace sql { |
18 | 18 |
19 // Recovery module for sql/. The basic idea is to create a fresh | 19 // Recovery module for sql/. The basic idea is to create a fresh |
Mark P
2016/04/07 23:09:44
As a new function you introduced does almost exact
Scott Hess - ex-Googler
2016/04/15 00:38:15
I rephrased it to put RecoverDatabaseOrRaze() firs
| |
20 // database and populate it with the recovered contents of the | 20 // database and populate it with the recovered contents of the |
21 // original database. If recovery is successful, the recovered | 21 // original database. If recovery is successful, the recovered |
22 // database is backed up over the original database. If recovery is | 22 // database is backed up over the original database. If recovery is |
23 // not successful, the original database is razed. In either case, | 23 // not successful, the original database is razed. In either case, |
24 // the original handle is poisoned so that operations on the stack do | 24 // the original handle is poisoned so that operations on the stack do |
25 // not accidentally disrupt the restored data. | 25 // not accidentally disrupt the restored data. |
26 // | 26 // |
27 // { | 27 // { |
28 // scoped_ptr<sql::Recovery> r = | 28 // scoped_ptr<sql::Recovery> r = |
29 // sql::Recovery::Begin(orig_db, orig_db_path); | 29 // sql::Recovery::Begin(orig_db, orig_db_path); |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
142 // table as needed. | 142 // table as needed. |
143 bool SetupMeta(); | 143 bool SetupMeta(); |
144 | 144 |
145 // Fetch the version number from temp.recover_meta. Returns false | 145 // Fetch the version number from temp.recover_meta. Returns false |
146 // if the query fails, or if there is no version row. Otherwise | 146 // if the query fails, or if there is no version row. Otherwise |
147 // returns true, with the version in |*version_number|. | 147 // returns true, with the version in |*version_number|. |
148 // | 148 // |
149 // Only valid to call after successful SetupMeta(). | 149 // Only valid to call after successful SetupMeta(). |
150 bool GetMetaVersionNumber(int* version_number); | 150 bool GetMetaVersionNumber(int* version_number); |
151 | 151 |
152 // Attempt to recover the database by creating a new database with schema from | |
153 // |db|, then copying over as much data as possible. If the database is | |
154 // entirely unreadable, the new database will be empty. After this call, the | |
155 // |db| handle will be poisoned so that future calls will return errors until | |
156 // the handle is re-opened. | |
157 // | |
158 // The "OrRaze" portion means that if recovery fails due to errors, the | |
159 // database can be razed or deleted. The goal is for this function to make | |
Mark P
2016/04/07 23:09:44
Uh, did you mean "will be", not "can be"? And wil
Scott Hess - ex-Googler
2016/04/15 00:38:15
I'm not sure how to answer!
Right now, it only ap
| |
160 // every possible effort to leave behind a correctly operating database file. | |
161 static void RecoverDatabaseOrRaze(Connection* db, | |
162 const base::FilePath& db_path); | |
163 | |
164 // Returns true if the SQLite |extended_error| is one which can plausibly be | |
165 // recovered, or which cannot possibly be recovered. | |
166 // | |
Mark P
2016/04/07 23:09:44
Please provide an transition sentence here. It ap
Scott Hess - ex-Googler
2016/04/15 00:38:15
Moved cases into the implementation file.
I'm not
| |
167 // SQLITE_CANTOPEN is associated with an entirely broken file (for instance a | |
168 // symlink to a non-existent path, or the file is a directory). The best fix | |
169 // is probably to delete the file and start over. | |
Mark P
2016/04/07 23:09:44
probably?
When this is not the best fix?
(consider
Scott Hess - ex-Googler
2016/04/15 00:38:15
I guess this is expressing my certainty level. SQ
| |
170 // | |
171 // SQLITE_NOTADB can happen if the SQLite header is broken. In earlier | |
172 // versions of SQLite, this was returned if the header size information did | |
173 // not match the OS file size information (now that causes SQLITE_CORRUPT). | |
174 // In that case much of the data can be recovered. In other cases, the best | |
175 // fix is probably to delete the file and start over. | |
Mark P
2016/04/07 23:09:44
This last sentence is confusing. Did you mean tha
Scott Hess - ex-Googler
2016/04/15 00:38:15
When the recovery code was first written, there wa
| |
176 // | |
177 // SQLITE_CORRUPT means that the database is readable, but the contents have | |
178 // an inconsistency. In the worst case, this could be isolated garbage in a | |
179 // page, but generally it means that pages which are separately valid do not | |
180 // make sense when taken together. For instance if an index refers to a row | |
181 // which is no longer in the table. | |
Mark P
2016/04/07 23:09:44
Again, this explanation doesn't state what this fu
Scott Hess - ex-Googler
2016/04/15 00:38:15
Revised in implementation.
| |
182 // | |
183 // TODO(shess): Possible future options for automated fixing: | |
184 // - SQLITE_PERM - permissions could be fixed. | |
185 // - SQLITE_READONLY - permissions could be fixed. | |
186 // - SQLITE_IOERR - rewrite using new blocks. | |
187 // - SQLITE_FULL - recover in memory and rewrite subset of data. | |
188 static bool ShouldRecoverOrRaze(int extended_error); | |
Mark P
2016/04/07 23:09:44
nit: given your explanation of what this does, I t
Scott Hess - ex-Googler
2016/04/15 00:38:15
Hmm. None of the first three work with me - there
| |
189 | |
152 private: | 190 private: |
153 explicit Recovery(Connection* connection); | 191 explicit Recovery(Connection* connection); |
154 | 192 |
155 // Setup the recovery database handle for Begin(). Returns false in | 193 // Setup the recovery database handle for Begin(). Returns false in |
156 // case anything failed. | 194 // case anything failed. |
157 bool Init(const base::FilePath& db_path) WARN_UNUSED_RESULT; | 195 bool Init(const base::FilePath& db_path) WARN_UNUSED_RESULT; |
158 | 196 |
159 // Copy the recovered database over the original database. | 197 // Copy the recovered database over the original database. |
160 bool Backup() WARN_UNUSED_RESULT; | 198 bool Backup() WARN_UNUSED_RESULT; |
161 | 199 |
162 // Close the recovery database, and poison the original handle. | 200 // Close the recovery database, and poison the original handle. |
163 // |raze| controls whether the original database is razed or just | 201 // |raze| controls whether the original database is razed or just |
164 // poisoned. | 202 // poisoned. |
165 enum Disposition { | 203 enum Disposition { |
166 RAZE_AND_POISON, | 204 RAZE_AND_POISON, |
167 POISON, | 205 POISON, |
168 }; | 206 }; |
169 void Shutdown(Disposition raze); | 207 void Shutdown(Disposition raze); |
170 | 208 |
171 Connection* db_; // Original database connection. | 209 Connection* db_; // Original database connection. |
172 Connection recover_db_; // Recovery connection. | 210 Connection recover_db_; // Recovery connection. |
173 | 211 |
174 DISALLOW_COPY_AND_ASSIGN(Recovery); | 212 DISALLOW_COPY_AND_ASSIGN(Recovery); |
175 }; | 213 }; |
176 | 214 |
177 } // namespace sql | 215 } // namespace sql |
178 | 216 |
179 #endif // SQL_RECOVERY_H_ | 217 #endif // SQL_RECOVERY_H_ |
OLD | NEW |