libsql-sqlite3: Make libsql_stmt_interrupt() abort an in-flight step (#2248)

penberg · web-flow · commit fe31b35839b4 · 2026-06-02T09:08:58.000+03:00
libsql_stmt_interrupt() set a per-statement isInterrupted flag, but the
VDBE execution loop only ever checked the connection-wide
db-&gt;u1.isInterrupted. A statement already executing inside
sqlite3_step()
therefore ran to completion regardless of the request; the flag was only
observed at the next step() entry.

Check p-&gt;isInterrupted alongside db-&gt;u1.isInterrupted at both VDBE
interrupt-check sites so an interrupt requested mid-execution aborts the
running statement promptly with SQLITE_INTERRUPT, without touching the
connection-wide interrupt state (other statements keep running). Set and
clear the flag atomically, mirroring sqlite3_interrupt(), since the
request may come from another thread.

Tests:
- test/interruptstmt.test: deterministic regression via a new
  sqlite_stmt_interrupt_count test hook, covering the in-loop check and
  the connection-flag-stays-clear property.
- test/interrupttest.c: standalone multi-threaded test of the real
  cross-thread case (interrupt a step() in flight) and statement-level
  granularity. Build and run with `make interrupttest`.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/libsql-ffi/bundled/SQLite3MultipleCiphers/src/sqlite3.c b/libsql-ffi/bundled/SQLite3MultipleCiphers/src/sqlite3.c
@@ -70,6 +70,7 @@
 **    src/sqlite3ext.h
 **    src/sqliteInt.h
 **    src/status.c
+**    src/test1.c
 **    src/test2.c
 **    src/test3.c
 **    src/test8.c
@@ -90201,7 +90202,7 @@ SQLITE_PRIVATE int sqlite3VdbeReset(Vdbe *p){
 #ifdef SQLITE_DEBUG
   p->nWrite = 0;
 #endif
-  p->isInterrupted = 0;
+  AtomicStore(&p->isInterrupted, 0);
 
   /* Save profiling information from this VDBE run.
   */
@@ -93043,7 +93044,9 @@ void libsql_stmt_interrupt(sqlite3_stmt *pStmt){
     (void)SQLITE_MISUSE_BKPT;
     return;
   }
-  v->isInterrupted = 1;
+  /* Set atomically: this may be called from a different thread than the one
+  ** executing the statement, mirroring sqlite3_interrupt(). */
+  AtomicStore(&v->isInterrupted, 1);
 }
 
 /*
@@ -93061,7 +93064,7 @@ SQLITE_API int sqlite3_step(sqlite3_stmt *pStmt){
     return SQLITE_MISUSE_BKPT;
   }
   db = v->db;
-  if( v->isInterrupted ){
+  if( AtomicLoad(&v->isInterrupted) ){
     rc = SQLITE_INTERRUPT;
     v->rc = rc;
     db->errCode = rc;
@@ -95105,6 +95108,12 @@ SQLITE_API int sqlite3_search_count = 0;
 */
 #ifdef SQLITE_TEST
 SQLITE_API int sqlite3_interrupt_count = 0;
+/*
+** As above, but simulates a statement-level interrupt
+** (libsql_stmt_interrupt()) on the statement that is currently executing,
+** rather than a connection-wide sqlite3_interrupt().
+*/
+SQLITE_API int sqlite3_stmt_interrupt_count = 0;
 #endif
 
 /*
@@ -95928,7 +95937,9 @@ SQLITE_PRIVATE int sqlite3VdbeExec(
   p->iCurrentTime = 0;
   assert( p->explain==0 );
   db->busyHandler.nBusy = 0;
-  if( AtomicLoad(&db->u1.isInterrupted) ) goto abort_due_to_interrupt;
+  if( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) ){
+    goto abort_due_to_interrupt;
+  }
   sqlite3VdbeIOTraceSql(p);
 #ifdef SQLITE_DEBUG
   sqlite3BeginBenignMalloc();
@@ -95997,6 +96008,12 @@ SQLITE_PRIVATE int sqlite3VdbeExec(
         sqlite3_interrupt(db);
       }
     }
+    if( sqlite3_stmt_interrupt_count>0 ){
+      sqlite3_stmt_interrupt_count--;
+      if( sqlite3_stmt_interrupt_count==0 ){
+        libsql_stmt_interrupt((sqlite3_stmt*)p);
+      }
+    }
 #endif
 
     /* Sanity checking on other operands */
@@ -96118,7 +96135,9 @@ case OP_Goto: {             /* jump */
   ** checks on every opcode.  This helps sqlite3_step() to run about 1.5%
   ** faster according to "valgrind --tool=cachegrind" */
 check_for_interrupt:
-  if( AtomicLoad(&db->u1.isInterrupted) ) goto abort_due_to_interrupt;
+  if( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) ){
+    goto abort_due_to_interrupt;
+  }
 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
   /* Call the progress callback if it is configured and the required number
   ** of VDBE ops have been executed (either since this invocation of
@@ -104463,7 +104482,7 @@ default: {          /* This is really OP_Noop, OP_Explain */
   ** flag.
   */
 abort_due_to_interrupt:
-  assert( AtomicLoad(&db->u1.isInterrupted) );
+  assert( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) );
   rc = SQLITE_INTERRUPT;
   goto abort_due_to_error;
 }
diff --git a/libsql-ffi/bundled/src/sqlite3.c b/libsql-ffi/bundled/src/sqlite3.c
@@ -70,6 +70,7 @@
 **    src/sqlite3ext.h
 **    src/sqliteInt.h
 **    src/status.c
+**    src/test1.c
 **    src/test2.c
 **    src/test3.c
 **    src/test8.c
@@ -90201,7 +90202,7 @@ SQLITE_PRIVATE int sqlite3VdbeReset(Vdbe *p){
 #ifdef SQLITE_DEBUG
   p->nWrite = 0;
 #endif
-  p->isInterrupted = 0;
+  AtomicStore(&p->isInterrupted, 0);
 
   /* Save profiling information from this VDBE run.
   */
@@ -93043,7 +93044,9 @@ void libsql_stmt_interrupt(sqlite3_stmt *pStmt){
     (void)SQLITE_MISUSE_BKPT;
     return;
   }
-  v->isInterrupted = 1;
+  /* Set atomically: this may be called from a different thread than the one
+  ** executing the statement, mirroring sqlite3_interrupt(). */
+  AtomicStore(&v->isInterrupted, 1);
 }
 
 /*
@@ -93061,7 +93064,7 @@ SQLITE_API int sqlite3_step(sqlite3_stmt *pStmt){
     return SQLITE_MISUSE_BKPT;
   }
   db = v->db;
-  if( v->isInterrupted ){
+  if( AtomicLoad(&v->isInterrupted) ){
     rc = SQLITE_INTERRUPT;
     v->rc = rc;
     db->errCode = rc;
@@ -95105,6 +95108,12 @@ SQLITE_API int sqlite3_search_count = 0;
 */
 #ifdef SQLITE_TEST
 SQLITE_API int sqlite3_interrupt_count = 0;
+/*
+** As above, but simulates a statement-level interrupt
+** (libsql_stmt_interrupt()) on the statement that is currently executing,
+** rather than a connection-wide sqlite3_interrupt().
+*/
+SQLITE_API int sqlite3_stmt_interrupt_count = 0;
 #endif
 
 /*
@@ -95928,7 +95937,9 @@ SQLITE_PRIVATE int sqlite3VdbeExec(
   p->iCurrentTime = 0;
   assert( p->explain==0 );
   db->busyHandler.nBusy = 0;
-  if( AtomicLoad(&db->u1.isInterrupted) ) goto abort_due_to_interrupt;
+  if( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) ){
+    goto abort_due_to_interrupt;
+  }
   sqlite3VdbeIOTraceSql(p);
 #ifdef SQLITE_DEBUG
   sqlite3BeginBenignMalloc();
@@ -95997,6 +96008,12 @@ SQLITE_PRIVATE int sqlite3VdbeExec(
         sqlite3_interrupt(db);
       }
     }
+    if( sqlite3_stmt_interrupt_count>0 ){
+      sqlite3_stmt_interrupt_count--;
+      if( sqlite3_stmt_interrupt_count==0 ){
+        libsql_stmt_interrupt((sqlite3_stmt*)p);
+      }
+    }
 #endif
 
     /* Sanity checking on other operands */
@@ -96118,7 +96135,9 @@ case OP_Goto: {             /* jump */
   ** checks on every opcode.  This helps sqlite3_step() to run about 1.5%
   ** faster according to "valgrind --tool=cachegrind" */
 check_for_interrupt:
-  if( AtomicLoad(&db->u1.isInterrupted) ) goto abort_due_to_interrupt;
+  if( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) ){
+    goto abort_due_to_interrupt;
+  }
 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
   /* Call the progress callback if it is configured and the required number
   ** of VDBE ops have been executed (either since this invocation of
@@ -104463,7 +104482,7 @@ default: {          /* This is really OP_Noop, OP_Explain */
   ** flag.
   */
 abort_due_to_interrupt:
-  assert( AtomicLoad(&db->u1.isInterrupted) );
+  assert( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) );
   rc = SQLITE_INTERRUPT;
   goto abort_due_to_error;
 }
diff --git a/libsql-sqlite3/Makefile.in b/libsql-sqlite3/Makefile.in
@@ -1682,6 +1682,11 @@ threadtest: threadtest3$(TEXE)
 threadtest5: sqlite3.c $(TOP)/test/threadtest5.c
 	$(LTLINK) $(TOP)/test/threadtest5.c sqlite3.c -o $@ $(TLIBS)
 
+# Multi-threaded test of the libsql_stmt_interrupt() API.  Builds a small
+# standalone binary; run it directly to check the result.
+interrupttest: sqlite3.c $(TOP)/test/interrupttest.c
+	$(LTLINK) $(TOP)/test/interrupttest.c sqlite3.c -o $@ $(TLIBS)
+
 # Standard install and cleanup targets
 #
 liblibsql_wasm_install:	liblibsql_wasm
diff --git a/libsql-sqlite3/main.mk b/libsql-sqlite3/main.mk
@@ -1047,6 +1047,11 @@ threadtest3$(EXE): sqlite3.o $(THREADTEST3_SRC) $(TOP)/src/test_multiplex.c
 threadtest: threadtest3$(EXE)
 	./threadtest3$(EXE)
 
+# Multi-threaded test of the libsql_stmt_interrupt() API.  Builds a small
+# standalone binary; run it directly to check the result.
+interrupttest$(EXE): sqlite3.o $(TOP)/test/interrupttest.c
+	$(TCCX) $(TOP)/test/interrupttest.c sqlite3.o -o $@ $(THREADLIB)
+
 TEST_EXTENSION = $(SHPREFIX)testloadext.$(SO)
 $(TEST_EXTENSION): $(TOP)/src/test_loadext.c
 	$(MKSHLIB) $(TOP)/src/test_loadext.c -o $(TEST_EXTENSION)
diff --git a/libsql-sqlite3/src/test1.c b/libsql-sqlite3/src/test1.c
@@ -8970,6 +8970,7 @@ int Sqlitetest1_Init(Tcl_Interp *interp){
   extern int sqlite3_search_count;
   extern int sqlite3_found_count;
   extern int sqlite3_interrupt_count;
+  extern int sqlite3_stmt_interrupt_count;
   extern int sqlite3_open_file_count;
   extern int sqlite3_sort_count;
   extern int sqlite3_current_time;
@@ -9306,8 +9307,10 @@ int Sqlitetest1_Init(Tcl_Interp *interp){
       (char*)&sqlite3_max_blobsize, TCL_LINK_INT);
   Tcl_LinkVar(interp, "sqlite_like_count", 
       (char*)&sqlite3_like_count, TCL_LINK_INT);
-  Tcl_LinkVar(interp, "sqlite_interrupt_count", 
+  Tcl_LinkVar(interp, "sqlite_interrupt_count",
       (char*)&sqlite3_interrupt_count, TCL_LINK_INT);
+  Tcl_LinkVar(interp, "sqlite_stmt_interrupt_count",
+      (char*)&sqlite3_stmt_interrupt_count, TCL_LINK_INT);
   Tcl_LinkVar(interp, "sqlite_open_file_count", 
       (char*)&sqlite3_open_file_count, TCL_LINK_INT);
   Tcl_LinkVar(interp, "sqlite_current_time", 
diff --git a/libsql-sqlite3/src/vdbe.c b/libsql-sqlite3/src/vdbe.c
@@ -72,6 +72,12 @@ int sqlite3_search_count = 0;
 */
 #ifdef SQLITE_TEST
 int sqlite3_interrupt_count = 0;
+/*
+** As above, but simulates a statement-level interrupt
+** (libsql_stmt_interrupt()) on the statement that is currently executing,
+** rather than a connection-wide sqlite3_interrupt().
+*/
+int sqlite3_stmt_interrupt_count = 0;
 #endif
 
 /*
@@ -895,7 +901,9 @@ int sqlite3VdbeExec(
   p->iCurrentTime = 0;
   assert( p->explain==0 );
   db->busyHandler.nBusy = 0;
-  if( AtomicLoad(&db->u1.isInterrupted) ) goto abort_due_to_interrupt;
+  if( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) ){
+    goto abort_due_to_interrupt;
+  }
   sqlite3VdbeIOTraceSql(p);
 #ifdef SQLITE_DEBUG
   sqlite3BeginBenignMalloc();
@@ -964,6 +972,12 @@ int sqlite3VdbeExec(
         sqlite3_interrupt(db);
       }
     }
+    if( sqlite3_stmt_interrupt_count>0 ){
+      sqlite3_stmt_interrupt_count--;
+      if( sqlite3_stmt_interrupt_count==0 ){
+        libsql_stmt_interrupt((sqlite3_stmt*)p);
+      }
+    }
 #endif
 
     /* Sanity checking on other operands */
@@ -1085,7 +1099,9 @@ case OP_Goto: {             /* jump */
   ** checks on every opcode.  This helps sqlite3_step() to run about 1.5%
   ** faster according to "valgrind --tool=cachegrind" */
 check_for_interrupt:
-  if( AtomicLoad(&db->u1.isInterrupted) ) goto abort_due_to_interrupt;
+  if( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) ){
+    goto abort_due_to_interrupt;
+  }
 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
   /* Call the progress callback if it is configured and the required number
   ** of VDBE ops have been executed (either since this invocation of
@@ -9430,7 +9446,7 @@ default: {          /* This is really OP_Noop, OP_Explain */
   ** flag.
   */
 abort_due_to_interrupt:
-  assert( AtomicLoad(&db->u1.isInterrupted) );
+  assert( AtomicLoad(&db->u1.isInterrupted) || AtomicLoad(&p->isInterrupted) );
   rc = SQLITE_INTERRUPT;
   goto abort_due_to_error;
 }
diff --git a/libsql-sqlite3/src/vdbeapi.c b/libsql-sqlite3/src/vdbeapi.c
@@ -897,7 +897,9 @@ void libsql_stmt_interrupt(sqlite3_stmt *pStmt){
     (void)SQLITE_MISUSE_BKPT;
     return;
   }
-  v->isInterrupted = 1;
+  /* Set atomically: this may be called from a different thread than the one
+  ** executing the statement, mirroring sqlite3_interrupt(). */
+  AtomicStore(&v->isInterrupted, 1);
 }
 
 /*
@@ -915,7 +917,7 @@ int sqlite3_step(sqlite3_stmt *pStmt){
     return SQLITE_MISUSE_BKPT;
   }
   db = v->db;
-  if( v->isInterrupted ){
+  if( AtomicLoad(&v->isInterrupted) ){
     rc = SQLITE_INTERRUPT;
     v->rc = rc;
     db->errCode = rc;
diff --git a/libsql-sqlite3/src/vdbeaux.c b/libsql-sqlite3/src/vdbeaux.c
@@ -3632,7 +3632,7 @@ int sqlite3VdbeReset(Vdbe *p){
 #ifdef SQLITE_DEBUG
   p->nWrite = 0;
 #endif
-  p->isInterrupted = 0;
+  AtomicStore(&p->isInterrupted, 0);
 
   /* Save profiling information from this VDBE run.
   */
diff --git a/libsql-sqlite3/test/interruptstmt.test b/libsql-sqlite3/test/interruptstmt.test
diff --git a/libsql-sqlite3/test/interrupttest.c b/libsql-sqlite3/test/interrupttest.c

Original file line number	Diff line number	Diff line change
`@@ -897,7 +897,9 @@ void libsql_stmt_interrupt(sqlite3_stmt *pStmt){`
`897`	`897`	`(void)SQLITE_MISUSE_BKPT;`
`898`	`898`	`return;`
`899`	`899`	`}`
`900`		`- v->isInterrupted = 1;`
	`900`	`+ /* Set atomically: this may be called from a different thread than the one`
	`901`	`+ ** executing the statement, mirroring sqlite3_interrupt(). */`
	`902`	`+ AtomicStore(&v->isInterrupted, 1);`
`901`	`903`	`}`
`902`	`904`
`903`	`905`	`/*`
`@@ -915,7 +917,7 @@ int sqlite3_step(sqlite3_stmt *pStmt){`
`915`	`917`	`return SQLITE_MISUSE_BKPT;`
`916`	`918`	`}`
`917`	`919`	`db = v->db;`
`918`		`- if( v->isInterrupted ){`
	`920`	`+ if( AtomicLoad(&v->isInterrupted) ){`
`919`	`921`	`rc = SQLITE_INTERRUPT;`
`920`	`922`	`v->rc = rc;`
`921`	`923`	`db->errCode = rc;`