Fix race condition regarding Task cancellation

This complements #1797 by making sure read-only transactions complete correctly, even if the task is cancelled.

Author: groue

GRDB/Core/Database.swift

@@ -1744,7 +1744,7 @@ public final class Database: CustomStringConvertible, CustomDebugStringConvertib
         if isInsideTransaction {
             try execute(sql: "ROLLBACK TRANSACTION")
         }
-        assert(sqlite3_get_autocommit(sqliteConnection) != 0)
+        assert(!isInsideTransaction)
     }
 
     /// Commits a database transaction.

GRDB/Core/DatabasePool.swift

@@ -361,9 +361,13 @@ extension DatabasePool: DatabaseReader {
         return try await readerPool.get { reader in
             try await reader.execute { db in
                defer {
-                   #warning("TODO: when Task is cancelled, this commit fails, and we're still in a transaction")
-                   // Ignore commit error, but make sure we leave the transaction
-                   try? db.commit()
+                   // Commit or rollback, but make sure we leave the read-only transaction
+                   // (commit may fail with a CancellationError).
+                   do {
+                       try db.commit()
+                   } catch {
+                       try? db.rollback()
+                   }
                    assert(!db.isInsideTransaction)
                }
                // The block isolation comes from the DEFERRED transaction.
@@ -388,8 +392,13 @@ extension DatabasePool: DatabaseReader {
                 // Second async jump because that's how `Pool.async` has to be used.
                 reader.async { db in
                     defer {
-                        // Ignore commit error, but make sure we leave the transaction
-                        try? db.commit()
+                        // Commit or rollback, but make sure we leave the read-only transaction
+                        // (commit may fail with a CancellationError).
+                        do {
+                            try db.commit()
+                        } catch {
+                            try? db.rollback()
+                        }
                         assert(!db.isInsideTransaction)
                         releaseReader(.reuse)
                     }
@@ -552,8 +561,13 @@ extension DatabasePool: DatabaseReader {
             let (reader, releaseReader) = try readerPool.get()
             reader.async { db in
                 defer {
-                    // Ignore commit error, but make sure we leave the transaction
-                    try? db.commit()
+                    // Commit or rollback, but make sure we leave the read-only transaction
+                    // (commit may fail with a CancellationError).
+                    do {
+                        try db.commit()
+                    } catch {
+                        try? db.rollback()
+                    }
                     assert(!db.isInsideTransaction)
                     releaseReader(.reuse)
                 }

GRDB/Core/DatabaseQueue.swift

@@ -248,8 +248,13 @@ extension DatabaseQueue: DatabaseReader {
     ) {
         writer.async { db in
             defer {
-                // Ignore commit error (we can not notify it), but make sure we leave the transaction
-                try? db.commit()
+                // Commit or rollback, but make sure we leave the read-only transaction
+                // (commit may fail with a CancellationError).
+                do {
+                    try db.commit()
+                } catch {
+                    try? db.rollback()
+                }
                 assert(!db.isInsideTransaction)
                 try? db.endReadOnly()
             }
@@ -297,8 +302,13 @@ extension DatabaseQueue: DatabaseReader {
             GRDBPrecondition(!db.isInsideTransaction, "must not be called from inside a transaction.")
 
             defer {
-                // Ignore commit error (we can not notify it), but make sure we leave the transaction
-                try? db.commit()
+                // Commit or rollback, but make sure we leave the read-only transaction
+                // (commit may fail with a CancellationError).
+                do {
+                    try db.commit()
+                } catch {
+                    try? db.rollback()
+                }
                 assert(!db.isInsideTransaction)
                 try? db.endReadOnly()
             }

GRDB/Core/DatabaseSnapshot.swift

@@ -113,8 +113,13 @@ public final class DatabaseSnapshot {
     deinit {
         // Leave snapshot isolation
         reader.reentrantSync { db in
-            // Ignore commit error (we can not notify it), but make sure we leave the transaction
-            try? db.commit()
+            // Commit or rollback, but make sure we leave the read-only transaction
+            // (commit may fail with a CancellationError).
+            do {
+                try db.commit()
+            } catch {
+                try? db.rollback()
+            }
             assert(!db.isInsideTransaction)
         }
     }

GRDB/Core/WALSnapshotTransaction.swift

@@ -15,7 +15,13 @@ final class WALSnapshotTransaction: @unchecked Sendable {
             // WALSnapshotTransaction may be deinitialized in the dispatch
             // queue of its reader: allow reentrancy.
             let isInsideTransaction = reader.reentrantSync(allowingLongLivedTransaction: false) { db in
-                try? db.commit()
+                // Commit or rollback, but try hard to leave the read-only transaction
+                // (commit may fail with a CancellationError).
+                do {
+                    try db.commit()
+                } catch {
+                    try? db.rollback()
+                }
                 return db.isInsideTransaction
             }
             release(isInsideTransaction)