File: README.md

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (287 lines) | stat: -rw-r--r-- 10,649 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
 
# Chromium SQLite.
This is the top folder for Chromium's [SQLite](https://www.sqlite.org/). The
actual SQLite source is not in this repository, but instead cloned into the
`src` directory from https://chromium.googlesource.com/chromium/deps/sqlite.

The directory structure is as follows. Files common to all third_party projects
(ex. BUILD.GN, OWNERS, LICENSE) are omitted.

* `src/`     The Chromium fork of SQLite (cloned via top level DEPS file).
* `scripts/` Scripts that generate the files in the amalgamations in src/.
* `sqlite.h` The header used by the rest of Chromium to include SQLite. This
             forwards to src/amalgamation/sqlite3.h
* `fuzz/`    Google OSS-Fuzz (ClusterFuzz) testing for Chromium's SQLite build.

## Amalgamations

[SQLite amalgamations](https://www.sqlite.org/amalgamation.html) are committed
to the SQLite Chromium repository (in `src`), but are created by a script that
lives in the Chromium repository. This is because the configuration variables
for building and amalgamation generation are shared.

There are two amalgamations:
* //third_party/sqlite/src/amalgamation is shipped, tested, and Fuzzed by
  Chromium.
* //third_party/sqlite/src/amalgamation_dev is not distributed or tested by
  Chromium. It is used for some developer tools (either only for local
  development, or only on trusted input).

## [//third_party/sqlite/src](https://source.chromium.org/chromium/chromium/src/+/main:third_party/sqlite/src/) repository.

CLs in this repository cannot be submitted through the commit queue (ex. CQ+2),
because there is no commit queue / try bot support for this repository. Please
use the "Submit" button (in Gerrit's 3-dot menu on the top right) to submit CLs
in this repository instead.

# Playbook

## Upgrade to a new SQLite release.

SQLite should be upgraded as soon as possible whenever a new version is
available. This is because new versions often contain security and stability
improvements, and frequent upgrades allow Chromium to have minimal cherry-pick
diffs when requesting investigation for SQLite bugs discovered by Chromium
Fuzzers. New versions may be viewed [here](https://www.sqlite.org/changes.html),
and bugs for these upgrades may look like [this example](https://crbug.com/1161048).

Historically, Chromium fuzzers often find issues within 2 weeks after upgrading
to new SQLite versions. Avoid upgrading SQLite within 1-2 weeks of a Chromium
[branch point](https://chromiumdash.appspot.com/schedule) to allow fuzzers time
to run. However, if the new SQLite release contains known security or stability
fixes, upgrade once available and monitor fuzzers more closely.

SQLite version upgrades tend to be extremely large changes
([example](https://crrev.com/c/2601105)), for which the diffs are not possible
to thoroughly review.

**Note** SQLite tags all releases `version-<release number>`, e.g.
`version-3.40.0`. The Chromium project prefixes all tags/branches with
"chromium-", e.g.  `chromium-version-3.40.0`.

1. Create new release branch

   Request creation of a new release branch via a
   [Git Admin Request](https://issues.chromium.org/issues/new?component=1456263&template=1923295)
   with a message along the lines of: "Please create branch
   `chromium-version-3.50.0` in the `chromium/deps/sqlite` repo based on commit
   `refs/tags/upstream/version-3.50.0`." See
   [Gerrit/branches](https://chromium-review.googlesource.com/admin/repos/chromium/deps/sqlite,branches)
   to view existing branches.

2. Checkout the new Chromium release branch.

    Get the version from the [README.chromium](https://source.chromium.org/chromium/chromium/src/+/main:third_party/sqlite/README.chromium).

    ```sh
    cd third_party/sqlite/src  # from //chromium/src
    git fetch origin
    export VERSION=3.40.0
    git checkout -b chromium-version-$VERSION \
        --track origin/chromium-version-$VERSION
    ```

3. Generate and commit the SQLite amalgamations.

    ```sh
    ./../scripts/generate_amalgamation.py
    git add amalgamation amalgamation_dev
    git commit -m "Amalgamations for release $VERSION"
    ```

4. Run local tests.

    Follow steps in [Running Tests](#running-tests) below to execute all
    verifications and tests.

5. Upload the new release branch for review.

    ```sh
    git cl upload
    ```

6. Roll the Chromium DEPS file.

    Once review above has merged:

    1. Roll the `chromium/src/DEPS` file to reference that new commit hash.
        ```sh
        roll-dep src/third_party/sqlite/src --roll-to <git hash of merged CL>
        ```
    2. Update the version in //third_party/sqlite/README.chromium. Amend the
       commit created by roll-dep above.

## Cherry-pick unreleased commit from SQLite.

Sometimes **critical fixes** land in SQLite's master, but are not yet in a
release. This may occur when other SQLite embedders find critical security
or stability issues that SQLite authors then fix, but are often detected by
Chromium ClusterFuzz as well.

If you're triaging a ClusterFuzz bug, an internal playbook on how to triage
and fix ClusterFuzz bugs is available at
[go/sqlite-clusterfuzz-bug-process](https://goto.google.com/sqlite-clusterfuzz-bug-process).

If changes need to be brought into the current release branch, please do the
following:

1. Checkout the current release branch.

    Get the version from the [README.chromium](https://source.chromium.org/chromium/chromium/src/+/main:third_party/sqlite/README.chromium).

    ```sh
    export VERSION=3.40.0
    cd third_party/sqlite/src  # from //chromium/src
    git checkout -b chromium-version-$VERSION \
      --track origin/chromium-version-$VERSION
    ```

2. Cherry-pick the change

    Git _can_ be used to cherry pick upstream changes into a release branch but
    the sqlite_cherry_picker.py script is preferred. This script automates a
    few tasks such as:

    * Identifying the correct Git commit hash to use if given the Fossil commit
      hash.
    * Automatically calculating Fossil manifest hashes.
    * Skipping conflicted binary files.
    * Generating the amalgamations.

    Cherry-pick the commit:

    ```sh
    ../scripts/sqlite_cherry_picker.py <full git commit hash>
    ```

    If there is a conflict that the script cannot resolve then, like
    `git cherry-pick`, the script will exit and leave you to resolve the
    conflicts. Once resolved run the script a second time:

    ```sh
    ../scripts/sqlite_cherry_picker.py --continue
    ```

    If you have access to the SQLite fossil commit hash, and would like to map
    this to the corresponding git hash, you can use GitHub search. As SQLite's
    git repository's commits include the fossil hash, you can search for the
    fossil hash, using the following query with the fossil commit hash appended
    ([example search](https://github.com/sqlite/sqlite/search?type=commits&q=8c432642572c8c4b7251f413def0725b3b8e9e7fe10230aa0aabe86b58e5902d)):
    https://github.com/sqlite/sqlite/search?type=commits&q=

    If the cherry-picking script is unable to cherry-pick a commit, like in
    https://crbug.com/1162100, manually apply the change from a SQLite or git,
    in //third_party/sqlite/src's files modified in the SQLite tracker, like at
    https://sqlite.org/src/info/a0bf931bd712037e. From there, run
    `../scripts/generate_amalgamation.py` to propagate these changes over to
    the amalgamation files. sqlite_cherry_picker.py should generally be
    preferred, as it updates hashes and simplifies tracking.

3. Run local tests.

    Follow steps in [Running Tests](#running-tests) below to execute all
    verifications and tests.

4. Upload cherry-picked change (with amalgamations) for review.

  If the relevant bug is a security bug, make sure that the reviewers are cc'ed.
  Otherwise, they may not know what/why they're reviewing.

    ```sh
    git cl upload
    ```

5. Update the Chromium DEPS file.

    Once review above has merged, roll the `chromium/src/DEPS` file to
    reference that new commit hash.

    ```sh
    roll-dep src/third_party/sqlite/src --roll-to <git hash of merged CL>
    ```

## Running Tests

Build all desktop targets:

Check that `extract_sqlite_api.py` added "chrome_" to all exported symbols.
Only "_fini" and "_init" should be unprefixed, but are conditionally
exported by the linker and may be omitted.

```sh
autoninja -C out/Default
nm -B out/Default/libthird_party_sqlite_chromium_sqlite3.so | cut -c 18- | sort | grep '^T'
```

### Running unit tests

```sh
out/Default/sql_unittests
```

### Running SQLite's TCL test suite within the Chromium checkout.

This is one of the [SQLite test suites](https://www.sqlite.org/testing.html).
They take approximately 3 minutes to build and run on a fast workstation.

**Note**: Tests currently fail both locally and on Chromium release branches.
They fail on release branches because some tests rely on SQLite databases
(binary files) which are committed to the source and are likely not merged down
when cherry picked. It is safe to ignore these errors which should be
reasonably easy to identify based on the cherry picked upstream changes. Until
these tests are fixed, it is safe to ignore these tests when running SQLite test
suites.

```sh
cd third_party/sqlite  # from //chromium/src
./scripts/generate_amalgamation.py --testing
make --directory=src test | tee /tmp/test.log
```

Show tests with errors:

```sh
egrep 'errors out of' /tmp/test.log
```

Show broken tests:

```sh
egrep 'Failures on these tests:' /tmp/test.log
```

Broken tests will also show lines ending in "..." instead of "... Ok".

When done, clean up the SQLite repository:

```sh
cd src
make clean
git clean -i  # and delete everything
rm -rf testdir
git checkout amalgamation/sqlite3.c
git checkout amalgamation_dev/sqlite3.c
```

## Bisect SQLite

When diagnosing the cause of an issue found in a fuzzer issue or while bringing
up SQLite, you may want to bisect the SQLite repo.

To find the SQLite commit that introduced an issue the `scripts/repro_tool.py`
can be used in combination with `git bisect run`.

For example, given a good commit of `9e45bccab2b8`, a bad commit of
`c12b0d5b7135`, and a reproduction sql file `repro.sql`, running the following
will pinpoint the commit that introduced the failure:

```sh
cd src
git bisect start c12b0d5b7135 9e45bccab2b8
git bisect run ../scripts/repro_tool.py repro.sql
```

The reproduction file can be omitted if it is a build error. `--should_build`
can be passed to `repro_tool.py` if the issue is not a build error and we don't
want to continue bisecting if a build does fail.

See `scripts/repro_tool.py --help` for more information.