ic-sqlite-vfs 0.2.2

SQLite VFS backed directly by Internet Computer stable memory
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

use ic_sqlite_vfs::stable::memory_manager::{MemoryId, MemoryManager};
use ic_sqlite_vfs::stable::raw_memory::{DefaultMemoryImpl, Memory};

const MAGIC: &[u8; 3] = b"MGR";
const LAYOUT_VERSION: u8 = 1;
const MAX_NUM_MEMORIES: usize = 255;
const MAX_NUM_BUCKETS: usize = 32_768;
const UNALLOCATED_BUCKET_MARKER: u8 = MAX_NUM_MEMORIES as u8;
const HEADER_RESERVED_BYTES: usize = 32;
const HEADER_SIZE: usize = 3 + 1 + 2 + 2 + HEADER_RESERVED_BYTES + MAX_NUM_MEMORIES * 8;

#[test]
#[should_panic(expected = "unallocated bucket has owner")]
fn rejects_committed_header_with_all_zero_allocation_table() {
    let backing = corrupt_backing(0, 1, &[], None);

    let _manager = MemoryManager::init(backing);
}

#[test]
#[should_panic(expected = "unallocated bucket has owner")]
fn rejects_owner_byte_when_allocated_bucket_count_is_zero() {
    let backing = corrupt_backing(0, 1, &[], Some(vec![(0, 0)]));

    let _manager = MemoryManager::init(backing);
}

#[test]
#[should_panic(expected = "unallocated bucket has owner")]
fn rejects_owner_byte_after_allocated_bucket_range() {
    let backing = corrupt_backing(1, 1, &[(0, 1)], Some(vec![(0, 0), (10, 0)]));

    let _manager = MemoryManager::init(backing);
}

#[test]
#[should_panic(expected = "unallocated bucket has owner")]
fn rejects_partial_grow_state_with_table_updated_before_header() {
    // Header still commits one bucket, but grow already wrote the next owner.
    let backing = corrupt_backing(1, 1, &[(0, 1)], Some(vec![(0, 0), (1, 0)]));

    let _manager = MemoryManager::init(backing);
}

#[test]
#[should_panic(expected = "bucket size is zero")]
fn rejects_zero_bucket_size_in_header() {
    let backing = corrupt_backing(0, 0, &[], Some(Vec::new()));

    let _manager = MemoryManager::init(backing);
}

#[test]
#[should_panic(expected = "allocated buckets exceeds maximum")]
fn rejects_allocated_bucket_count_above_maximum() {
    let backing = corrupt_backing((MAX_NUM_BUCKETS + 1) as u16, 1, &[], Some(Vec::new()));

    let _manager = MemoryManager::init(backing);
}

#[test]
#[should_panic(expected = "size and buckets mismatch")]
fn rejects_memory_size_and_bucket_count_mismatch() {
    let backing = corrupt_backing(1, 1, &[(0, 2)], Some(vec![(0, 0)]));

    let _manager = MemoryManager::init(backing);
}

#[test]
#[should_panic(expected = "size overflows bytes")]
fn rejects_memory_size_that_overflows_byte_capacity() {
    let backing = corrupt_backing(0, 1, &[(0, u64::MAX)], Some(Vec::new()));

    let _manager = MemoryManager::init(backing);
}

#[test]
#[should_panic(expected = "backing memory truncated")]
fn rejects_valid_table_with_truncated_bucket_storage() {
    let backing = corrupt_backing(1, 1, &[(0, 1)], Some(vec![(0, 0)]));

    let _manager = MemoryManager::init(backing);
}

#[test]
fn reloads_valid_layout_after_hardening() {
    let backing = DefaultMemoryImpl::default();
    let manager = MemoryManager::init_with_bucket_size(backing.clone(), 1);
    let memory = manager.get(MemoryId::new(7));

    assert_eq!(memory.grow(1), 0);
    memory.write(0, &[42]);

    let reloaded = MemoryManager::init(backing);
    let memory = reloaded.get(MemoryId::new(7));
    let mut byte = [0_u8; 1];
    memory.read(0, &mut byte);

    assert_eq!(byte, [42]);
}

#[test]
fn grow_overflow_returns_minus_one() {
    let backing = DefaultMemoryImpl::default();
    let manager = MemoryManager::init_with_bucket_size(backing, 1);
    let first = manager.get(MemoryId::new(0));
    let second = manager.get(MemoryId::new(1));

    assert_eq!(first.grow(1), 0);
    assert_eq!(second.grow(u64::MAX), -1);
}

fn corrupt_backing(
    allocated_buckets: u16,
    bucket_size_in_pages: u16,
    memory_sizes: &[(u8, u64)],
    allocation_table: Option<Vec<(usize, u8)>>,
) -> DefaultMemoryImpl {
    let backing = DefaultMemoryImpl::default();
    assert_eq!(Memory::grow(&backing, 1), 0);
    backing.write(
        0,
        &header(allocated_buckets, bucket_size_in_pages, memory_sizes),
    );

    if let Some(owners) = allocation_table {
        let mut table = vec![UNALLOCATED_BUCKET_MARKER; MAX_NUM_BUCKETS];
        for (bucket, owner) in owners {
            table[bucket] = owner;
        }
        backing.write(HEADER_SIZE as u64, &table);
    }

    backing
}

fn header(
    allocated_buckets: u16,
    bucket_size_in_pages: u16,
    memory_sizes: &[(u8, u64)],
) -> [u8; HEADER_SIZE] {
    let mut header = [0_u8; HEADER_SIZE];
    header[0..3].copy_from_slice(MAGIC);
    header[3] = LAYOUT_VERSION;
    header[4..6].copy_from_slice(&allocated_buckets.to_le_bytes());
    header[6..8].copy_from_slice(&bucket_size_in_pages.to_le_bytes());

    for (id, size) in memory_sizes {
        let offset = 3 + 1 + 2 + 2 + HEADER_RESERVED_BYTES + usize::from(*id) * 8;
        header[offset..offset + 8].copy_from_slice(&size.to_le_bytes());
    }

    header
}