Merge from Chromium at DEPS revision 237746

This commit was generated by merge_to_master.py.

Change-Id: I8997af4cddfeb09a7c26f7e8e672c712cab461ea

13 files changed, 796 insertions, 48 deletions

diff --git a/sql/connection.cc b/sql/connection.cc
index 0f40779d12..6ca60ef0ec 100644
--- a/sql/connection.cc
+++ b/sql/connection.cc
@@ -881,9 +881,9 @@ bool Connection::OpenInternal(const std::string& file_name,
     int mode = 0;
     // TODO(shess): Arguably, failure to retrieve and change
     // permissions should be fatal if the file exists.
-    if (file_util::GetPosixFilePermissions(file_path, &mode)) {
-      mode &= file_util::FILE_PERMISSION_USER_MASK;
-      file_util::SetPosixFilePermissions(file_path, mode);
+    if (base::GetPosixFilePermissions(file_path, &mode)) {
+      mode &= base::FILE_PERMISSION_USER_MASK;
+      base::SetPosixFilePermissions(file_path, mode);
 
       // SQLite sets the permissions on these files from the main
       // database on create.  Set them here in case they already exist
@@ -891,8 +891,8 @@ bool Connection::OpenInternal(const std::string& file_name,
       // be fatal unless the file doesn't exist.
       base::FilePath journal_path(file_name + FILE_PATH_LITERAL("-journal"));
       base::FilePath wal_path(file_name + FILE_PATH_LITERAL("-wal"));
-      file_util::SetPosixFilePermissions(journal_path, mode);
-      file_util::SetPosixFilePermissions(wal_path, mode);
+      base::SetPosixFilePermissions(journal_path, mode);
+      base::SetPosixFilePermissions(wal_path, mode);
     }
   }
 #endif  // defined(OS_POSIX)
diff --git a/sql/connection_unittest.cc b/sql/connection_unittest.cc
index 445db3459b..c6811b4dc5 100644
--- a/sql/connection_unittest.cc
+++ b/sql/connection_unittest.cc
@@ -11,6 +11,7 @@
 #include "sql/statement.h"
 #include "sql/test/error_callback_support.h"
 #include "sql/test/scoped_error_ignorer.h"
+#include "sql/test/test_helpers.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/sqlite/sqlite3.h"
 
@@ -502,32 +503,14 @@ TEST_F(SQLConnectionTest, RazeNOTADB2) {
 // essential for cases where the Open() can fail entirely, so the
 // Raze() cannot happen later.  Additionally test that when the
 // callback does this during Open(), the open is retried and succeeds.
-//
-// Most corruptions seen in the wild seem to happen when two pages in
-// the database were not written transactionally (the transaction
-// changed both, but one wasn't successfully written for some reason).
-// A special case of that is when the header indicates that the
-// database contains more pages than are in the file.  This breaks
-// things at a very basic level, verify that Raze() can handle it.
 TEST_F(SQLConnectionTest, RazeCallbackReopen) {
   const char* kCreateSql = "CREATE TABLE foo (id INTEGER PRIMARY KEY, value)";
   ASSERT_TRUE(db().Execute(kCreateSql));
   ASSERT_EQ(1, SqliteMasterCount(&db()));
-  int page_size = 0;
-  {
-    sql::Statement s(db().GetUniqueStatement("PRAGMA page_size"));
-    ASSERT_TRUE(s.Step());
-    page_size = s.ColumnInt(0);
-  }
   db().Close();
 
-  // Trim a single page from the end of the file.
-  {
-    file_util::ScopedFILE file(file_util::OpenFile(db_path(), "rb+"));
-    ASSERT_TRUE(file.get() != NULL);
-    ASSERT_EQ(0, fseek(file.get(), -page_size, SEEK_END));
-    ASSERT_TRUE(file_util::TruncateFile(file.get()));
-  }
+  // Corrupt the database so that nothing works, including PRAGMAs.
+  ASSERT_TRUE(sql::test::CorruptSizeInHeader(db_path()));
 
   // Open() will succeed, even though the PRAGMA calls within will
   // fail with SQLITE_CORRUPT, as will this PRAGMA.
@@ -706,12 +689,12 @@ TEST_F(SQLConnectionTest, UserPermission) {
   // read access for the database and journal.
   ASSERT_TRUE(base::PathExists(db_path()));
   ASSERT_TRUE(base::PathExists(journal));
-  mode = file_util::FILE_PERMISSION_MASK;
-  EXPECT_TRUE(file_util::GetPosixFilePermissions(db_path(), &mode));
-  ASSERT_NE((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
-  mode = file_util::FILE_PERMISSION_MASK;
-  EXPECT_TRUE(file_util::GetPosixFilePermissions(journal, &mode));
-  ASSERT_NE((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
+  mode = base::FILE_PERMISSION_MASK;
+  EXPECT_TRUE(base::GetPosixFilePermissions(db_path(), &mode));
+  ASSERT_NE((mode & base::FILE_PERMISSION_USER_MASK), mode);
+  mode = base::FILE_PERMISSION_MASK;
+  EXPECT_TRUE(base::GetPosixFilePermissions(journal, &mode));
+  ASSERT_NE((mode & base::FILE_PERMISSION_USER_MASK), mode);
 
   // Re-open with restricted permissions and verify that the modes
   // changed for both the main database and the journal.
@@ -720,12 +703,12 @@ TEST_F(SQLConnectionTest, UserPermission) {
   ASSERT_TRUE(db().Open(db_path()));
   ASSERT_TRUE(base::PathExists(db_path()));
   ASSERT_TRUE(base::PathExists(journal));
-  mode = file_util::FILE_PERMISSION_MASK;
-  EXPECT_TRUE(file_util::GetPosixFilePermissions(db_path(), &mode));
-  ASSERT_EQ((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
-  mode = file_util::FILE_PERMISSION_MASK;
-  EXPECT_TRUE(file_util::GetPosixFilePermissions(journal, &mode));
-  ASSERT_EQ((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
+  mode = base::FILE_PERMISSION_MASK;
+  EXPECT_TRUE(base::GetPosixFilePermissions(db_path(), &mode));
+  ASSERT_EQ((mode & base::FILE_PERMISSION_USER_MASK), mode);
+  mode = base::FILE_PERMISSION_MASK;
+  EXPECT_TRUE(base::GetPosixFilePermissions(journal, &mode));
+  ASSERT_EQ((mode & base::FILE_PERMISSION_USER_MASK), mode);
 
   // Delete and re-create the database, the restriction should still apply.
   db().Close();
@@ -733,16 +716,16 @@ TEST_F(SQLConnectionTest, UserPermission) {
   ASSERT_TRUE(db().Open(db_path()));
   ASSERT_TRUE(base::PathExists(db_path()));
   ASSERT_FALSE(base::PathExists(journal));
-  mode = file_util::FILE_PERMISSION_MASK;
-  EXPECT_TRUE(file_util::GetPosixFilePermissions(db_path(), &mode));
-  ASSERT_EQ((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
+  mode = base::FILE_PERMISSION_MASK;
+  EXPECT_TRUE(base::GetPosixFilePermissions(db_path(), &mode));
+  ASSERT_EQ((mode & base::FILE_PERMISSION_USER_MASK), mode);
 
   // Verify that journal creation inherits the restriction.
   EXPECT_TRUE(db().Execute("CREATE TABLE x (x)"));
   ASSERT_TRUE(base::PathExists(journal));
-  mode = file_util::FILE_PERMISSION_MASK;
-  EXPECT_TRUE(file_util::GetPosixFilePermissions(journal, &mode));
-  ASSERT_EQ((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
+  mode = base::FILE_PERMISSION_MASK;
+  EXPECT_TRUE(base::GetPosixFilePermissions(journal, &mode));
+  ASSERT_EQ((mode & base::FILE_PERMISSION_USER_MASK), mode);
 }
 #endif  // defined(OS_POSIX)
 
diff --git a/sql/recovery.cc b/sql/recovery.cc
index c750fd01c3..89abbc952b 100644
--- a/sql/recovery.cc
+++ b/sql/recovery.cc
@@ -5,13 +5,93 @@
 #include "sql/recovery.h"
 
 #include "base/files/file_path.h"
+#include "base/format_macros.h"
 #include "base/logging.h"
+#include "base/metrics/histogram.h"
 #include "base/metrics/sparse_histogram.h"
+#include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
 #include "sql/connection.h"
+#include "sql/statement.h"
 #include "third_party/sqlite/sqlite3.h"
 
 namespace sql {
 
+namespace {
+
+enum RecoveryEventType {
+  // Init() completed successfully.
+  RECOVERY_SUCCESS_INIT = 0,
+
+  // Failed to open temporary database to recover into.
+  RECOVERY_FAILED_OPEN_TEMPORARY,
+
+  // Failed to initialize recover vtable system.
+  RECOVERY_FAILED_VIRTUAL_TABLE_INIT,
+
+  // System SQLite doesn't support vtable.
+  RECOVERY_FAILED_VIRTUAL_TABLE_SYSTEM_SQLITE,
+
+  // Failed attempting to enable writable_schema.
+  RECOVERY_FAILED_WRITABLE_SCHEMA,
+
+  // Failed to attach the corrupt database to the temporary database.
+  RECOVERY_FAILED_ATTACH,
+
+  // Backup() successfully completed.
+  RECOVERY_SUCCESS_BACKUP,
+
+  // Failed sqlite3_backup_init().  Error code in Sqlite.RecoveryHandle.
+  RECOVERY_FAILED_BACKUP_INIT,
+
+  // Failed sqlite3_backup_step().  Error code in Sqlite.RecoveryStep.
+  RECOVERY_FAILED_BACKUP_STEP,
+
+  // AutoRecoverTable() successfully completed.
+  RECOVERY_SUCCESS_AUTORECOVER,
+
+  // The target table contained a type which the code is not equipped
+  // to handle.  This should only happen if things are fubar.
+  RECOVERY_FAILED_AUTORECOVER_UNRECOGNIZED_TYPE,
+
+  // The target table does not exist.
+  RECOVERY_FAILED_AUTORECOVER_MISSING_TABLE,
+
+  // The recovery virtual table creation failed.
+  RECOVERY_FAILED_AUTORECOVER_CREATE,
+
+  // Copying data from the recovery table to the target table failed.
+  RECOVERY_FAILED_AUTORECOVER_INSERT,
+
+  // Dropping the recovery virtual table failed.
+  RECOVERY_FAILED_AUTORECOVER_DROP,
+
+  // SetupMeta() successfully completed.
+  RECOVERY_SUCCESS_SETUP_META,
+
+  // Failure creating recovery meta table.
+  RECOVERY_FAILED_META_CREATE,
+
+  // GetMetaVersionNumber() successfully completed.
+  RECOVERY_SUCCESS_META_VERSION,
+
+  // Failed in querying recovery meta table.
+  RECOVERY_FAILED_META_QUERY,
+
+  // No version key in recovery meta table.
+  RECOVERY_FAILED_META_NO_VERSION,
+
+  // Always keep this at the end.
+  RECOVERY_EVENT_MAX,
+};
+
+void RecordRecoveryEvent(RecoveryEventType recovery_event) {
+  UMA_HISTOGRAM_ENUMERATION("Sqlite.RecoveryEvents",
+                            recovery_event, RECOVERY_EVENT_MAX);
+}
+
+}  // namespace
+
 // static
 bool Recovery::FullRecoverySupported() {
   // TODO(shess): See comment in Init().
@@ -98,8 +178,14 @@ bool Recovery::Init(const base::FilePath& db_path) {
   ignore_result(db_->Execute("PRAGMA locking_mode=NORMAL"));
   ignore_result(db_->Execute("SELECT COUNT(*) FROM sqlite_master"));
 
-  if (!recover_db_.OpenTemporary())
+  // TODO(shess): If this is a common failure case, it might be
+  // possible to fall back to a memory database.  But it probably
+  // implies that the SQLite tmpdir logic is busted, which could cause
+  // a variety of other random issues in our code.
+  if (!recover_db_.OpenTemporary()) {
+    RecordRecoveryEvent(RECOVERY_FAILED_OPEN_TEMPORARY);
     return false;
+  }
 
   // TODO(shess): Figure out a story for USE_SYSTEM_SQLITE.  The
   // virtual table implementation relies on SQLite internals for some
@@ -113,20 +199,29 @@ bool Recovery::Init(const base::FilePath& db_path) {
 #if !defined(USE_SYSTEM_SQLITE)
   int rc = recoverVtableInit(recover_db_.db_);
   if (rc != SQLITE_OK) {
+    RecordRecoveryEvent(RECOVERY_FAILED_VIRTUAL_TABLE_INIT);
     LOG(ERROR) << "Failed to initialize recover module: "
                << recover_db_.GetErrorMessage();
     return false;
   }
+#else
+  // If this is infrequent enough, just wire it to Raze().
+  RecordRecoveryEvent(RECOVERY_FAILED_VIRTUAL_TABLE_SYSTEM_SQLITE);
 #endif
 
   // Turn on |SQLITE_RecoveryMode| for the handle, which allows
   // reading certain broken databases.
-  if (!recover_db_.Execute("PRAGMA writable_schema=1"))
+  if (!recover_db_.Execute("PRAGMA writable_schema=1")) {
+    RecordRecoveryEvent(RECOVERY_FAILED_WRITABLE_SCHEMA);
     return false;
+  }
 
-  if (!recover_db_.AttachDatabase(db_path, "corrupt"))
+  if (!recover_db_.AttachDatabase(db_path, "corrupt")) {
+    RecordRecoveryEvent(RECOVERY_FAILED_ATTACH);
     return false;
+  }
 
+  RecordRecoveryEvent(RECOVERY_SUCCESS_INIT);
   return true;
 }
 
@@ -169,11 +264,14 @@ bool Recovery::Backup() {
   sqlite3_backup* backup = sqlite3_backup_init(db_->db_, kMain,
                                                recover_db_.db_, kMain);
   if (!backup) {
+    RecordRecoveryEvent(RECOVERY_FAILED_BACKUP_INIT);
+
     // Error code is in the destination database handle.
-    int err = sqlite3_errcode(db_->db_);
+    int err = sqlite3_extended_errcode(db_->db_);
     UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.RecoveryHandle", err);
     LOG(ERROR) << "sqlite3_backup_init() failed: "
                << sqlite3_errmsg(db_->db_);
+
     return false;
   }
 
@@ -188,6 +286,7 @@ bool Recovery::Backup() {
   DCHECK_GT(pages, 0);
 
   if (rc != SQLITE_DONE) {
+    RecordRecoveryEvent(RECOVERY_FAILED_BACKUP_STEP);
     UMA_HISTOGRAM_SPARSE_SLOWLY("Sqlite.RecoveryStep", rc);
     LOG(ERROR) << "sqlite3_backup_step() failed: "
                << sqlite3_errmsg(db_->db_);
@@ -216,6 +315,7 @@ bool Recovery::Backup() {
 
   // Clean up the recovery db, and terminate the main database
   // connection.
+  RecordRecoveryEvent(RECOVERY_SUCCESS_BACKUP);
   Shutdown(POISON);
   return true;
 }
@@ -233,4 +333,197 @@ void Recovery::Shutdown(Recovery::Disposition raze) {
   db_ = NULL;
 }
 
+bool Recovery::AutoRecoverTable(const char* table_name,
+                                size_t extend_columns,
+                                size_t* rows_recovered) {
+  // Query the info for the recovered table in database [main].
+  std::string query(
+      base::StringPrintf("PRAGMA main.table_info(%s)", table_name));
+  Statement s(db()->GetUniqueStatement(query.c_str()));
+
+  // The columns of the recover virtual table.
+  std::vector<std::string> create_column_decls;
+
+  // The columns to select from the recover virtual table when copying
+  // to the recovered table.
+  std::vector<std::string> insert_columns;
+
+  // If PRIMARY KEY is a single INTEGER column, then it is an alias
+  // for ROWID.  The primary key can be compound, so this can only be
+  // determined after processing all column data and tracking what is
+  // seen.  |pk_column_count| counts the columns in the primary key.
+  // |rowid_decl| stores the ROWID version of the last INTEGER column
+  // seen, which is at |rowid_ofs| in |create_column_decls|.
+  size_t pk_column_count = 0;
+  size_t rowid_ofs;  // Only valid if rowid_decl is set.
+  std::string rowid_decl;  // ROWID version of column |rowid_ofs|.
+
+  while (s.Step()) {
+    const std::string column_name(s.ColumnString(1));
+    const std::string column_type(s.ColumnString(2));
+    const bool not_null = s.ColumnBool(3);
+    const int default_type = s.ColumnType(4);
+    const bool default_is_null = (default_type == COLUMN_TYPE_NULL);
+    const int pk_column = s.ColumnInt(5);
+
+    if (pk_column > 0) {
+      // TODO(shess): http://www.sqlite.org/pragma.html#pragma_table_info
+      // documents column 5 as the index of the column in the primary key
+      // (zero for not in primary key).  I find that it is always 1 for
+      // columns in the primary key.  Since this code is very dependent on
+      // that pragma, review if the implementation changes.
+      DCHECK_EQ(pk_column, 1);
+      ++pk_column_count;
+    }
+
+    // Construct column declaration as "name type [optional constraint]".
+    std::string column_decl = column_name;
+
+    // SQLite's affinity detection is documented at:
+    // http://www.sqlite.org/datatype3.html#affname
+    // The gist of it is that CHAR, TEXT, and INT use substring matches.
+    if (column_type.find("INT") != std::string::npos) {
+      if (pk_column == 1) {
+        rowid_ofs = create_column_decls.size();
+        rowid_decl = column_name + " ROWID";
+      }
+      column_decl += " INTEGER";
+    } else if (column_type.find("CHAR") != std::string::npos ||
+               column_type.find("TEXT") != std::string::npos) {
+      column_decl += " TEXT";
+    } else if (column_type == "BLOB") {
+      column_decl += " BLOB";
+    } else {
+      // TODO(shess): AFAICT, there remain:
+      // - contains("CLOB") -> TEXT
+      // - contains("REAL") -> REAL
+      // - contains("FLOA") -> REAL
+      // - contains("DOUB") -> REAL
+      // - other -> "NUMERIC"
+      // Just code those in as they come up.
+      NOTREACHED() << " Unsupported type " << column_type;
+      RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVER_UNRECOGNIZED_TYPE);
+      return false;
+    }
+
+    // If column has constraint "NOT NULL", then inserting NULL into
+    // that column will fail.  If the column has a non-NULL DEFAULT
+    // specified, the INSERT will handle it (see below).  If the
+    // DEFAULT is also NULL, the row must be filtered out.
+    // TODO(shess): The above scenario applies to INSERT OR REPLACE,
+    // whereas INSERT OR IGNORE drops such rows.
+    // http://www.sqlite.org/lang_conflict.html
+    if (not_null && default_is_null)
+      column_decl += " NOT NULL";
+
+    create_column_decls.push_back(column_decl);
+
+    // Per the NOTE in the header file, convert NULL values to the
+    // DEFAULT.  All columns could be IFNULL(column_name,default), but
+    // the NULL case would require special handling either way.
+    if (default_is_null) {
+      insert_columns.push_back(column_name);
+    } else {
+      // The default value appears to be pre-quoted, as if it is
+      // literally from the sqlite_master CREATE statement.
+      std::string default_value = s.ColumnString(4);
+      insert_columns.push_back(base::StringPrintf(
+          "IFNULL(%s,%s)", column_name.c_str(), default_value.c_str()));
+    }
+  }
+
+  // Receiving no column information implies that the table doesn't exist.
+  if (create_column_decls.empty()) {
+    RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVER_MISSING_TABLE);
+    return false;
+  }
+
+  // If the PRIMARY KEY was a single INTEGER column, convert it to ROWID.
+  if (pk_column_count == 1 && !rowid_decl.empty())
+    create_column_decls[rowid_ofs] = rowid_decl;
+
+  // Additional columns accept anything.
+  // TODO(shess): ignoreN isn't well namespaced.  But it will fail to
+  // execute in case of conflicts.
+  for (size_t i = 0; i < extend_columns; ++i) {
+    create_column_decls.push_back(
+        base::StringPrintf("ignore%" PRIuS " ANY", i));
+  }
+
+  std::string recover_create(base::StringPrintf(
+      "CREATE VIRTUAL TABLE temp.recover_%s USING recover(corrupt.%s, %s)",
+      table_name,
+      table_name,
+      JoinString(create_column_decls, ',').c_str()));
+
+  std::string recover_insert(base::StringPrintf(
+      "INSERT OR REPLACE INTO main.%s SELECT %s FROM temp.recover_%s",
+      table_name,
+      JoinString(insert_columns, ',').c_str(),
+      table_name));
+
+  std::string recover_drop(base::StringPrintf(
+      "DROP TABLE temp.recover_%s", table_name));
+
+  if (!db()->Execute(recover_create.c_str())) {
+    RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVER_CREATE);
+    return false;
+  }
+
+  if (!db()->Execute(recover_insert.c_str())) {
+    RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVER_INSERT);
+    ignore_result(db()->Execute(recover_drop.c_str()));
+    return false;
+  }
+
+  *rows_recovered = db()->GetLastChangeCount();
+
+  // TODO(shess): Is leaving the recover table around a breaker?
+  if (!db()->Execute(recover_drop.c_str())) {
+    RecordRecoveryEvent(RECOVERY_FAILED_AUTORECOVER_DROP);
+    return false;
+  }
+  RecordRecoveryEvent(RECOVERY_SUCCESS_AUTORECOVER);
+  return true;
+}
+
+bool Recovery::SetupMeta() {
+  const char kCreateSql[] =
+      "CREATE VIRTUAL TABLE temp.recover_meta USING recover"
+      "("
+      "corrupt.meta,"
+      "key TEXT NOT NULL,"
+      "value ANY"  // Whatever is stored.
+      ")";
+  if (!db()->Execute(kCreateSql)) {
+    RecordRecoveryEvent(RECOVERY_FAILED_META_CREATE);
+    return false;
+  }
+  RecordRecoveryEvent(RECOVERY_SUCCESS_SETUP_META);
+  return true;
+}
+
+bool Recovery::GetMetaVersionNumber(int* version) {
+  DCHECK(version);
+  // TODO(shess): DCHECK(db()->DoesTableExist("temp.recover_meta"));
+  // Unfortunately, DoesTableExist() queries sqlite_master, not
+  // sqlite_temp_master.
+
+  const char kVersionSql[] =
+      "SELECT value FROM temp.recover_meta WHERE key = 'version'";
+  sql::Statement recovery_version(db()->GetUniqueStatement(kVersionSql));
+  if (!recovery_version.Step()) {
+    if (!recovery_version.Succeeded()) {
+      RecordRecoveryEvent(RECOVERY_FAILED_META_QUERY);
+    } else {
+      RecordRecoveryEvent(RECOVERY_FAILED_META_NO_VERSION);
+    }
+    return false;
+  }
+
+  RecordRecoveryEvent(RECOVERY_SUCCESS_META_VERSION);
+  *version = recovery_version.ColumnInt(0);
+  return true;
+}
+
 }  // namespace sql
diff --git a/sql/recovery.h b/sql/recovery.h
index be23e97a76..2475b0f89f 100644
--- a/sql/recovery.h
+++ b/sql/recovery.h
@@ -93,6 +93,46 @@ class SQL_EXPORT Recovery {
   // Handle to the temporary recovery database.
   sql::Connection* db() { return &recover_db_; }
 
+  // Attempt to recover the named table from the corrupt database into
+  // the recovery database using a temporary recover virtual table.
+  // The virtual table schema is derived from the named table's schema
+  // in database [main].  Data is copied using INSERT OR REPLACE, so
+  // duplicates overwrite each other.
+  //
+  // |extend_columns| allows recovering tables which have excess
+  // columns relative to the target schema.  The recover virtual table
+  // treats more data than specified as a sign of corruption.
+  //
+  // Returns true if all operations succeeded, with the number of rows
+  // recovered in |*rows_recovered|.
+  //
+  // NOTE(shess): Due to a flaw in the recovery virtual table, at this
+  // time this code injects the DEFAULT value of the target table in
+  // locations where the recovery table returns NULL.  This is not
+  // entirely correct, because it happens both when there is a short
+  // row (correct) but also where there is an actual NULL value
+  // (incorrect).
+  //
+  // TODO(shess): Flag for INSERT OR REPLACE vs IGNORE.
+  // TODO(shess): Handle extended table names.
+  bool AutoRecoverTable(const char* table_name,
+                        size_t extend_columns,
+                        size_t* rows_recovered);
+
+  // Setup a recover virtual table at temp.recover_meta, reading from
+  // corrupt.meta.  Returns true if created.
+  // TODO(shess): Perhaps integrate into Begin().
+  // TODO(shess): Add helpers to fetch additional items from the meta
+  // table as needed.
+  bool SetupMeta();
+
+  // Fetch the version number from temp.recover_meta.  Returns false
+  // if the query fails, or if there is no version row.  Otherwise
+  // returns true, with the version in |*version_number|.
+  //
+  // Only valid to call after successful SetupMeta().
+  bool GetMetaVersionNumber(int* version_number);
+
  private:
   explicit Recovery(Connection* connection);
 
diff --git a/sql/recovery_unittest.cc b/sql/recovery_unittest.cc
index fc7c2f2dc5..e9e77cf81f 100644
--- a/sql/recovery_unittest.cc
+++ b/sql/recovery_unittest.cc
@@ -6,6 +6,7 @@
 #include "base/file_util.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/logging.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/stringprintf.h"
 #include "sql/connection.h"
 #include "sql/meta_table.h"
@@ -32,7 +33,15 @@ std::string ExecuteWithResults(sql::Connection* db,
     for (int i = 0; i < s.ColumnCount(); ++i) {
       if (i > 0)
         ret += column_sep;
-      ret += s.ColumnString(i);
+      if (s.ColumnType(i) == sql::COLUMN_TYPE_NULL) {
+        ret += "<null>";
+      } else if (s.ColumnType(i) == sql::COLUMN_TYPE_BLOB) {
+        ret += "<x'";
+        ret += base::HexEncode(s.ColumnBlob(i), s.ColumnByteLength(i));
+        ret += "'>";
+      } else {
+        ret += s.ColumnString(i);
+      }
     }
   }
   return ret;
@@ -48,6 +57,7 @@ std::string GetSchema(sql::Connection* db) {
   return ExecuteWithResults(db, kSql, "|", "\n");
 }
 
+#if !defined(USE_SYSTEM_SQLITE)
 int GetPageSize(sql::Connection* db) {
   sql::Statement s(db->GetUniqueStatement("PRAGMA page_size"));
   EXPECT_TRUE(s.Step());
@@ -90,6 +100,7 @@ bool WritePage(const base::FilePath& path, size_t page_no,
     return false;
   return true;
 }
+#endif  // !defined(USE_SYSTEM_SQLITE)
 
 class SQLRecoveryTest : public testing::Test {
  public:
@@ -420,6 +431,327 @@ TEST_F(SQLRecoveryTest, RecoverCorruptTable) {
   const char kSelectSql[] = "SELECT v FROM x WHERE id = 0";
   EXPECT_EQ("100", ExecuteWithResults(&db(), kSelectSql, "|", ","));
 }
+
+TEST_F(SQLRecoveryTest, Meta) {
+  const int kVersion = 3;
+  const int kCompatibleVersion = 2;
+
+  {
+    sql::MetaTable meta;
+    EXPECT_TRUE(meta.Init(&db(), kVersion, kCompatibleVersion));
+    EXPECT_EQ(kVersion, meta.GetVersionNumber());
+  }
+
+  // Test expected case where everything works.
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    EXPECT_TRUE(recovery->SetupMeta());
+    int version = 0;
+    EXPECT_TRUE(recovery->GetMetaVersionNumber(&version));
+    EXPECT_EQ(kVersion, version);
+
+    sql::Recovery::Rollback(recovery.Pass());
+  }
+  ASSERT_TRUE(Reopen());  // Handle was poisoned.
+
+  // Test version row missing.
+  EXPECT_TRUE(db().Execute("DELETE FROM meta WHERE key = 'version'"));
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    EXPECT_TRUE(recovery->SetupMeta());
+    int version = 0;
+    EXPECT_FALSE(recovery->GetMetaVersionNumber(&version));
+    EXPECT_EQ(0, version);
+
+    sql::Recovery::Rollback(recovery.Pass());
+  }
+  ASSERT_TRUE(Reopen());  // Handle was poisoned.
+
+  // Test meta table missing.
+  EXPECT_TRUE(db().Execute("DROP TABLE meta"));
+  {
+    sql::ScopedErrorIgnorer ignore_errors;
+    ignore_errors.IgnoreError(SQLITE_CORRUPT);  // From virtual table.
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    EXPECT_FALSE(recovery->SetupMeta());
+    ASSERT_TRUE(ignore_errors.CheckIgnoredErrors());
+  }
+}
+
+// Baseline AutoRecoverTable() test.
+TEST_F(SQLRecoveryTest, AutoRecoverTable) {
+  // BIGINT and VARCHAR to test type affinity.
+  const char kCreateSql[] = "CREATE TABLE x (id BIGINT, t TEXT, v VARCHAR)";
+  ASSERT_TRUE(db().Execute(kCreateSql));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (11, 'This is', 'a test')"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (5, 'That was', 'a test')"));
+
+  // Save aside a copy of the original schema and data.
+  const std::string orig_schema(GetSchema(&db()));
+  const char kXSql[] = "SELECT * FROM x ORDER BY 1";
+  const std::string orig_data(ExecuteWithResults(&db(), kXSql, "|", "\n"));
+
+  // Create a lame-duck table which will not be propagated by recovery to
+  // detect that the recovery code actually ran.
+  ASSERT_TRUE(db().Execute("CREATE TABLE y (c TEXT)"));
+  ASSERT_NE(orig_schema, GetSchema(&db()));
+
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    ASSERT_TRUE(recovery->db()->Execute(kCreateSql));
+
+    // Save a copy of the temp db's schema before recovering the table.
+    const char kTempSchemaSql[] = "SELECT name, sql FROM sqlite_temp_master";
+    const std::string temp_schema(
+        ExecuteWithResults(recovery->db(), kTempSchemaSql, "|", "\n"));
+
+    size_t rows = 0;
+    EXPECT_TRUE(recovery->AutoRecoverTable("x", 0, &rows));
+    EXPECT_EQ(2u, rows);
+
+    // Test that any additional temp tables were cleaned up.
+    EXPECT_EQ(temp_schema,
+              ExecuteWithResults(recovery->db(), kTempSchemaSql, "|", "\n"));
+
+    ASSERT_TRUE(sql::Recovery::Recovered(recovery.Pass()));
+  }
+
+  // Since the database was not corrupt, the entire schema and all
+  // data should be recovered.
+  ASSERT_TRUE(Reopen());
+  ASSERT_EQ(orig_schema, GetSchema(&db()));
+  ASSERT_EQ(orig_data, ExecuteWithResults(&db(), kXSql, "|", "\n"));
+
+  // Recovery fails if the target table doesn't exist.
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    ASSERT_TRUE(recovery->db()->Execute(kCreateSql));
+
+    // TODO(shess): Should this failure implicitly lead to Raze()?
+    size_t rows = 0;
+    EXPECT_FALSE(recovery->AutoRecoverTable("y", 0, &rows));
+
+    sql::Recovery::Unrecoverable(recovery.Pass());
+  }
+}
+
+// Test that default values correctly replace nulls.  The recovery
+// virtual table reads directly from the database, so DEFAULT is not
+// interpretted at that level.
+TEST_F(SQLRecoveryTest, AutoRecoverTableWithDefault) {
+  ASSERT_TRUE(db().Execute("CREATE TABLE x (id INTEGER)"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (5)"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (15)"));
+
+  // ALTER effectively leaves the new columns NULL in the first two
+  // rows.  The row with 17 will get the default injected at insert
+  // time, while the row with 42 will get the actual value provided.
+  // Embedded "'" to make sure default-handling continues to be quoted
+  // correctly.
+  ASSERT_TRUE(db().Execute("ALTER TABLE x ADD COLUMN t TEXT DEFAULT 'a''a'"));
+  ASSERT_TRUE(db().Execute("ALTER TABLE x ADD COLUMN b BLOB DEFAULT x'AA55'"));
+  ASSERT_TRUE(db().Execute("ALTER TABLE x ADD COLUMN i INT DEFAULT 93"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x (id) VALUES (17)"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (42, 'b', x'1234', 12)"));
+
+  // Save aside a copy of the original schema and data.
+  const std::string orig_schema(GetSchema(&db()));
+  const char kXSql[] = "SELECT * FROM x ORDER BY 1";
+  const std::string orig_data(ExecuteWithResults(&db(), kXSql, "|", "\n"));
+
+  // Create a lame-duck table which will not be propagated by recovery to
+  // detect that the recovery code actually ran.
+  ASSERT_TRUE(db().Execute("CREATE TABLE y (c TEXT)"));
+  ASSERT_NE(orig_schema, GetSchema(&db()));
+
+  // Mechanically adjust the stored schema and data to allow detecting
+  // where the default value is coming from.  The target table is just
+  // like the original with the default for [t] changed, to signal
+  // defaults coming from the recovery system.  The two %5 rows should
+  // get the target-table default for [t], while the others should get
+  // the source-table default.
+  std::string final_schema(orig_schema);
+  std::string final_data(orig_data);
+  size_t pos;
+  while ((pos = final_schema.find("'a''a'")) != std::string::npos) {
+    final_schema.replace(pos, 6, "'c''c'");
+  }
+  while ((pos = final_data.find("5|a'a")) != std::string::npos) {
+    final_data.replace(pos, 5, "5|c'c");
+  }
+
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    // Different default to detect which table provides the default.
+    ASSERT_TRUE(recovery->db()->Execute(final_schema.c_str()));
+
+    size_t rows = 0;
+    EXPECT_TRUE(recovery->AutoRecoverTable("x", 0, &rows));
+    EXPECT_EQ(4u, rows);
+
+    ASSERT_TRUE(sql::Recovery::Recovered(recovery.Pass()));
+  }
+
+  // Since the database was not corrupt, the entire schema and all
+  // data should be recovered.
+  ASSERT_TRUE(Reopen());
+  ASSERT_EQ(final_schema, GetSchema(&db()));
+  ASSERT_EQ(final_data, ExecuteWithResults(&db(), kXSql, "|", "\n"));
+}
+
+// Test that rows with NULL in a NOT NULL column are filtered
+// correctly.  In the wild, this would probably happen due to
+// corruption, but here it is simulated by recovering a table which
+// allowed nulls into a table which does not.
+TEST_F(SQLRecoveryTest, AutoRecoverTableNullFilter) {
+  const char kOrigSchema[] = "CREATE TABLE x (id INTEGER, t TEXT)";
+  const char kFinalSchema[] = "CREATE TABLE x (id INTEGER, t TEXT NOT NULL)";
+
+  ASSERT_TRUE(db().Execute(kOrigSchema));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (5, null)"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (15, 'this is a test')"));
+
+  // Create a lame-duck table which will not be propagated by recovery to
+  // detect that the recovery code actually ran.
+  ASSERT_EQ(kOrigSchema, GetSchema(&db()));
+  ASSERT_TRUE(db().Execute("CREATE TABLE y (c TEXT)"));
+  ASSERT_NE(kOrigSchema, GetSchema(&db()));
+
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    ASSERT_TRUE(recovery->db()->Execute(kFinalSchema));
+
+    size_t rows = 0;
+    EXPECT_TRUE(recovery->AutoRecoverTable("x", 0, &rows));
+    EXPECT_EQ(1u, rows);
+
+    ASSERT_TRUE(sql::Recovery::Recovered(recovery.Pass()));
+  }
+
+  // The schema should be the same, but only one row of data should
+  // have been recovered.
+  ASSERT_TRUE(Reopen());
+  ASSERT_EQ(kFinalSchema, GetSchema(&db()));
+  const char kXSql[] = "SELECT * FROM x ORDER BY 1";
+  ASSERT_EQ("15|this is a test", ExecuteWithResults(&db(), kXSql, "|", "\n"));
+}
+
+// Test AutoRecoverTable with a ROWID alias.
+TEST_F(SQLRecoveryTest, AutoRecoverTableWithRowid) {
+  // The rowid alias is almost always the first column, intentionally
+  // put it later.
+  const char kCreateSql[] =
+      "CREATE TABLE x (t TEXT, id INTEGER PRIMARY KEY NOT NULL)";
+  ASSERT_TRUE(db().Execute(kCreateSql));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES ('This is a test', null)"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES ('That was a test', null)"));
+
+  // Save aside a copy of the original schema and data.
+  const std::string orig_schema(GetSchema(&db()));
+  const char kXSql[] = "SELECT * FROM x ORDER BY 1";
+  const std::string orig_data(ExecuteWithResults(&db(), kXSql, "|", "\n"));
+
+  // Create a lame-duck table which will not be propagated by recovery to
+  // detect that the recovery code actually ran.
+  ASSERT_TRUE(db().Execute("CREATE TABLE y (c TEXT)"));
+  ASSERT_NE(orig_schema, GetSchema(&db()));
+
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    ASSERT_TRUE(recovery->db()->Execute(kCreateSql));
+
+    size_t rows = 0;
+    EXPECT_TRUE(recovery->AutoRecoverTable("x", 0, &rows));
+    EXPECT_EQ(2u, rows);
+
+    ASSERT_TRUE(sql::Recovery::Recovered(recovery.Pass()));
+  }
+
+  // Since the database was not corrupt, the entire schema and all
+  // data should be recovered.
+  ASSERT_TRUE(Reopen());
+  ASSERT_EQ(orig_schema, GetSchema(&db()));
+  ASSERT_EQ(orig_data, ExecuteWithResults(&db(), kXSql, "|", "\n"));
+}
+
+// Test that a compound primary key doesn't fire the ROWID code.
+TEST_F(SQLRecoveryTest, AutoRecoverTableWithCompoundKey) {
+  const char kCreateSql[] =
+      "CREATE TABLE x ("
+      "id INTEGER NOT NULL,"
+      "id2 TEXT NOT NULL,"
+      "t TEXT,"
+      "PRIMARY KEY (id, id2)"
+      ")";
+  ASSERT_TRUE(db().Execute(kCreateSql));
+
+  // NOTE(shess): Do not accidentally use [id] 1, 2, 3, as those will
+  // be the ROWID values.
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (1, 'a', 'This is a test')"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (1, 'b', 'That was a test')"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (2, 'a', 'Another test')"));
+
+  // Save aside a copy of the original schema and data.
+  const std::string orig_schema(GetSchema(&db()));
+  const char kXSql[] = "SELECT * FROM x ORDER BY 1";
+  const std::string orig_data(ExecuteWithResults(&db(), kXSql, "|", "\n"));
+
+  // Create a lame-duck table which will not be propagated by recovery to
+  // detect that the recovery code actually ran.
+  ASSERT_TRUE(db().Execute("CREATE TABLE y (c TEXT)"));
+  ASSERT_NE(orig_schema, GetSchema(&db()));
+
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    ASSERT_TRUE(recovery->db()->Execute(kCreateSql));
+
+    size_t rows = 0;
+    EXPECT_TRUE(recovery->AutoRecoverTable("x", 0, &rows));
+    EXPECT_EQ(3u, rows);
+
+    ASSERT_TRUE(sql::Recovery::Recovered(recovery.Pass()));
+  }
+
+  // Since the database was not corrupt, the entire schema and all
+  // data should be recovered.
+  ASSERT_TRUE(Reopen());
+  ASSERT_EQ(orig_schema, GetSchema(&db()));
+  ASSERT_EQ(orig_data, ExecuteWithResults(&db(), kXSql, "|", "\n"));
+}
+
+// Test |extend_columns| support.
+TEST_F(SQLRecoveryTest, AutoRecoverTableExtendColumns) {
+  const char kCreateSql[] = "CREATE TABLE x (id INTEGER PRIMARY KEY, t0 TEXT)";
+  ASSERT_TRUE(db().Execute(kCreateSql));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (1, 'This is')"));
+  ASSERT_TRUE(db().Execute("INSERT INTO x VALUES (2, 'That was')"));
+
+  // Save aside a copy of the original schema and data.
+  const std::string orig_schema(GetSchema(&db()));
+  const char kXSql[] = "SELECT * FROM x ORDER BY 1";
+  const std::string orig_data(ExecuteWithResults(&db(), kXSql, "|", "\n"));
+
+  // Modify the table to add a column, and add data to that column.
+  ASSERT_TRUE(db().Execute("ALTER TABLE x ADD COLUMN t1 TEXT"));
+  ASSERT_TRUE(db().Execute("UPDATE x SET t1 = 'a test'"));
+  ASSERT_NE(orig_schema, GetSchema(&db()));
+  ASSERT_NE(orig_data, ExecuteWithResults(&db(), kXSql, "|", "\n"));
+
+  {
+    scoped_ptr<sql::Recovery> recovery = sql::Recovery::Begin(&db(), db_path());
+    ASSERT_TRUE(recovery->db()->Execute(kCreateSql));
+    size_t rows = 0;
+    EXPECT_TRUE(recovery->AutoRecoverTable("x", 1, &rows));
+    EXPECT_EQ(2u, rows);
+    ASSERT_TRUE(sql::Recovery::Recovered(recovery.Pass()));
+  }
+
+  // Since the database was not corrupt, the entire schema and all
+  // data should be recovered.
+  ASSERT_TRUE(Reopen());
+  ASSERT_EQ(orig_schema, GetSchema(&db()));
+  ASSERT_EQ(orig_data, ExecuteWithResults(&db(), kXSql, "|", "\n"));
+}
 #endif  // !defined(USE_SYSTEM_SQLITE)
 
 }  // namespace
diff --git a/sql/sql.target.darwin-arm.mk b/sql/sql.target.darwin-arm.mk
index 0f0bade985..b3310004b1 100644
--- a/sql/sql.target.darwin-arm.mk
+++ b/sql/sql.target.darwin-arm.mk
@@ -78,6 +78,7 @@ MY_DEFS_Debug := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
@@ -162,6 +163,7 @@ MY_DEFS_Release := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
diff --git a/sql/sql.target.darwin-mips.mk b/sql/sql.target.darwin-mips.mk
index f20383b88c..4dfda7f8da 100644
--- a/sql/sql.target.darwin-mips.mk
+++ b/sql/sql.target.darwin-mips.mk
@@ -77,6 +77,7 @@ MY_DEFS_Debug := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
@@ -160,6 +161,7 @@ MY_DEFS_Release := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
diff --git a/sql/sql.target.darwin-x86.mk b/sql/sql.target.darwin-x86.mk
index 249a9cacb9..549022c71e 100644
--- a/sql/sql.target.darwin-x86.mk
+++ b/sql/sql.target.darwin-x86.mk
@@ -80,6 +80,7 @@ MY_DEFS_Debug := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
@@ -167,6 +168,7 @@ MY_DEFS_Release := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
diff --git a/sql/sql.target.linux-arm.mk b/sql/sql.target.linux-arm.mk
index 0f0bade985..b3310004b1 100644
--- a/sql/sql.target.linux-arm.mk
+++ b/sql/sql.target.linux-arm.mk
@@ -78,6 +78,7 @@ MY_DEFS_Debug := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
@@ -162,6 +163,7 @@ MY_DEFS_Release := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
diff --git a/sql/sql.target.linux-mips.mk b/sql/sql.target.linux-mips.mk
index f20383b88c..4dfda7f8da 100644
--- a/sql/sql.target.linux-mips.mk
+++ b/sql/sql.target.linux-mips.mk
@@ -77,6 +77,7 @@ MY_DEFS_Debug := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
@@ -160,6 +161,7 @@ MY_DEFS_Release := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
diff --git a/sql/sql.target.linux-x86.mk b/sql/sql.target.linux-x86.mk
index 249a9cacb9..549022c71e 100644
--- a/sql/sql.target.linux-x86.mk
+++ b/sql/sql.target.linux-x86.mk
@@ -80,6 +80,7 @@ MY_DEFS_Debug := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
@@ -167,6 +168,7 @@ MY_DEFS_Release := \
 	'-DUSE_OPENSSL=1' \
 	'-DENABLE_EGLIMAGE=1' \
 	'-DCLD_VERSION=1' \
+	'-DENABLE_MANAGED_USERS=1' \
 	'-DSQL_IMPLEMENTATION' \
 	'-D__STDC_CONSTANT_MACROS' \
 	'-D__STDC_FORMAT_MACROS' \
diff --git a/sql/test/test_helpers.cc b/sql/test/test_helpers.cc
index de3e8f8e0e..5438bd654b 100644
--- a/sql/test/test_helpers.cc
+++ b/sql/test/test_helpers.cc
@@ -21,11 +21,73 @@ size_t CountSQLItemsOfType(sql::Connection* db, const char* type) {
   return s.ColumnInt(0);
 }
 
+// Helper for reading a number from the SQLite header.
+// See net/base/big_endian.h.
+unsigned ReadBigEndian(unsigned char* buf, size_t bytes) {
+  unsigned r = buf[0];
+  for (size_t i = 1; i < bytes; i++) {
+    r <<= 8;
+    r |= buf[i];
+  }
+  return r;
+}
+
+// Helper for writing a number to the SQLite header.
+void WriteBigEndian(unsigned val, unsigned char* buf, size_t bytes) {
+  for (size_t i = 0; i < bytes; i++) {
+    buf[bytes - i - 1] = (val & 0xFF);
+    val >>= 8;
+  }
+}
+
 }  // namespace
 
 namespace sql {
 namespace test {
 
+bool CorruptSizeInHeader(const base::FilePath& db_path) {
+  // See http://www.sqlite.org/fileformat.html#database_header
+  const size_t kHeaderSize = 100;
+  const size_t kPageSizeOffset = 16;
+  const size_t kFileChangeCountOffset = 24;
+  const size_t kPageCountOffset = 28;
+  const size_t kVersionValidForOffset = 92;  // duplicate kFileChangeCountOffset
+
+  unsigned char header[kHeaderSize];
+
+  file_util::ScopedFILE file(file_util::OpenFile(db_path, "rb+"));
+  if (!file.get())
+    return false;
+
+  if (0 != fseek(file.get(), 0, SEEK_SET))
+    return false;
+  if (1u != fread(header, sizeof(header), 1, file.get()))
+    return false;
+
+  int64 db_size = 0;
+  if (!file_util::GetFileSize(db_path, &db_size))
+    return false;
+
+  const unsigned page_size = ReadBigEndian(header + kPageSizeOffset, 2);
+
+  // One larger than the expected size.
+  const unsigned page_count = (db_size + page_size) / page_size;
+  WriteBigEndian(page_count, header + kPageCountOffset, 4);
+
+  // Update change count so outstanding readers know the info changed.
+  // Both spots must match for the page count to be considered valid.
+  unsigned change_count = ReadBigEndian(header + kFileChangeCountOffset, 4);
+  WriteBigEndian(change_count + 1, header + kFileChangeCountOffset, 4);
+  WriteBigEndian(change_count + 1, header + kVersionValidForOffset, 4);
+
+  if (0 != fseek(file.get(), 0, SEEK_SET))
+    return false;
+  if (1u != fwrite(header, sizeof(header), 1, file.get()))
+    return false;
+
+  return true;
+}
+
 size_t CountSQLTables(sql::Connection* db) {
   return CountSQLItemsOfType(db, "table");
 }
@@ -91,5 +153,14 @@ bool CreateDatabaseFromSQL(const base::FilePath& db_path,
   return db.Execute(sql.c_str());
 }
 
+std::string IntegrityCheck(sql::Connection* db) {
+  sql::Statement statement(db->GetUniqueStatement("PRAGMA integrity_check"));
+
+  // SQLite should always return a row of data.
+  EXPECT_TRUE(statement.Step());
+
+  return statement.ColumnString(0);
+}
+
 }  // namespace test
 }  // namespace sql
diff --git a/sql/test/test_helpers.h b/sql/test/test_helpers.h
index 330f59a25f..b9d5e9b980 100644
--- a/sql/test/test_helpers.h
+++ b/sql/test/test_helpers.h
@@ -5,6 +5,8 @@
 #ifndef SQL_TEST_TEST_HELPERS_H_
 #define SQL_TEST_TEST_HELPERS_H_
 
+#include <string>
+
 #include "base/basictypes.h"
 #include "base/compiler_specific.h"
 
@@ -21,6 +23,16 @@ class Connection;
 namespace sql {
 namespace test {
 
+// SQLite stores the database size in the header, and if the actual
+// OS-derived size is smaller, the database is considered corrupt.
+// [This case is actually a common form of corruption in the wild.]
+// This helper sets the in-header size to one page larger than the
+// actual file size.  The resulting file will return SQLITE_CORRUPT
+// for most operations unless PRAGMA writable_schema is turned ON.
+//
+// Returns false if any error occurs accessing the file.
+bool CorruptSizeInHeader(const base::FilePath& db_path) WARN_UNUSED_RESULT;
+
 // Return the number of tables in sqlite_master.
 size_t CountSQLTables(sql::Connection* db) WARN_UNUSED_RESULT;
 
@@ -43,6 +55,11 @@ bool CountTableRows(sql::Connection* db, const char* table, size_t* count);
 bool CreateDatabaseFromSQL(const base::FilePath& db_path,
                            const base::FilePath& sql_path) WARN_UNUSED_RESULT;
 
+// Return the results of running "PRAGMA integrity_check" on |db|.
+// TODO(shess): sql::Connection::IntegrityCheck() is basically the
+// same, but not as convenient for testing.  Maybe combine.
+std::string IntegrityCheck(sql::Connection* db) WARN_UNUSED_RESULT;
+
 }  // namespace test
 }  // namespace sql