2007-05-11 04:20:08 +04:00
|
|
|
# 2007 May 10
|
2007-05-10 19:37:52 +04:00
|
|
|
#
|
|
|
|
# The author disclaims copyright to this source code. In place of
|
|
|
|
# a legal notice, here is a blessing:
|
|
|
|
#
|
|
|
|
# May you do good and not evil.
|
|
|
|
# May you find forgiveness for yourself and forgive others.
|
|
|
|
# May you share freely, never taking more than you give.
|
|
|
|
#
|
|
|
|
#***********************************************************************
|
|
|
|
# This file implements regression tests for SQLite library. The
|
2007-05-11 04:20:08 +04:00
|
|
|
# focus of this file is generating semi-random strings of SQL
|
2007-05-14 18:04:59 +04:00
|
|
|
# (a.k.a. "fuzz") and sending it into the parser to try to
|
|
|
|
# generate errors.
|
2007-05-10 19:37:52 +04:00
|
|
|
#
|
2007-05-14 18:04:59 +04:00
|
|
|
# The tests in this file are really about testing fuzzily generated
|
|
|
|
# SQL parse-trees. The majority of the fuzzily generated SQL is
|
|
|
|
# valid as far as the parser is concerned.
|
|
|
|
#
|
|
|
|
# The most complicated trees are for SELECT statements.
|
|
|
|
#
|
2009-04-28 15:10:39 +04:00
|
|
|
# $Id: fuzz.test,v 1.19 2009/04/28 11:10:39 danielk1977 Exp $
|
2007-05-10 19:37:52 +04:00
|
|
|
|
|
|
|
set testdir [file dirname $argv0]
|
|
|
|
source $testdir/tester.tcl
|
|
|
|
|
2007-05-14 19:49:43 +04:00
|
|
|
set ::REPEATS 5000
|
2007-05-30 12:18:04 +04:00
|
|
|
|
|
|
|
# If running quick.test, don't do so many iterations.
|
2007-05-15 11:14:32 +04:00
|
|
|
if {[info exists ::ISQUICK]} {
|
2007-05-15 11:00:34 +04:00
|
|
|
if {$::ISQUICK} { set ::REPEATS 20 }
|
|
|
|
}
|
2007-05-11 20:58:03 +04:00
|
|
|
|
2007-05-30 14:36:47 +04:00
|
|
|
source $testdir/fuzz_common.tcl
|
2009-01-05 22:36:30 +03:00
|
|
|
expr srand(0)
|
2007-05-11 14:10:33 +04:00
|
|
|
|
2007-05-10 21:32:48 +04:00
|
|
|
#----------------------------------------------------------------
|
|
|
|
# These tests caused errors that were first caught by the tests
|
|
|
|
# in this file. They are still here.
|
2007-05-10 19:37:52 +04:00
|
|
|
do_test fuzz-1.1 {
|
|
|
|
execsql {
|
|
|
|
SELECT 'abc' LIKE X'ABCD';
|
|
|
|
}
|
|
|
|
} {0}
|
|
|
|
do_test fuzz-1.2 {
|
|
|
|
execsql {
|
|
|
|
SELECT 'abc' LIKE zeroblob(10);
|
|
|
|
}
|
|
|
|
} {0}
|
|
|
|
do_test fuzz-1.3 {
|
|
|
|
execsql {
|
|
|
|
SELECT zeroblob(10) LIKE 'abc';
|
|
|
|
}
|
|
|
|
} {0}
|
|
|
|
do_test fuzz-1.4 {
|
|
|
|
execsql {
|
|
|
|
SELECT (- -21) % NOT (456 LIKE zeroblob(10));
|
|
|
|
}
|
|
|
|
} {0}
|
2007-05-10 21:32:48 +04:00
|
|
|
do_test fuzz-1.5 {
|
|
|
|
execsql {
|
|
|
|
SELECT (SELECT (
|
|
|
|
SELECT (SELECT -2147483648) FROM (SELECT 1) ORDER BY 1
|
|
|
|
))
|
|
|
|
}
|
|
|
|
} {-2147483648}
|
|
|
|
do_test fuzz-1.6 {
|
|
|
|
execsql {
|
|
|
|
SELECT 'abc', zeroblob(1) FROM (SELECT 1) ORDER BY 1
|
|
|
|
}
|
|
|
|
} [execsql {SELECT 'abc', zeroblob(1)}]
|
|
|
|
|
|
|
|
do_test fuzz-1.7 {
|
|
|
|
execsql {
|
2007-05-11 11:08:28 +04:00
|
|
|
SELECT ( SELECT zeroblob(1000) FROM (
|
|
|
|
SELECT * FROM (SELECT 'first') ORDER BY NOT 'in')
|
2007-05-10 21:38:57 +04:00
|
|
|
)
|
2007-05-10 21:32:48 +04:00
|
|
|
}
|
2007-05-11 11:08:28 +04:00
|
|
|
} [execsql {SELECT zeroblob(1000)}]
|
2007-05-10 19:37:52 +04:00
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
do_test fuzz-1.8 {
|
2007-05-11 20:58:03 +04:00
|
|
|
# Problems with opcode OP_ToText (did not account for MEM_Zero).
|
|
|
|
# Also MemExpandBlob() was marking expanded blobs as nul-terminated.
|
|
|
|
# They are not.
|
2007-05-11 14:10:33 +04:00
|
|
|
execsql {
|
|
|
|
SELECT CAST(zeroblob(1000) AS text);
|
|
|
|
}
|
|
|
|
} {{}}
|
|
|
|
|
2007-05-11 20:58:03 +04:00
|
|
|
do_test fuzz-1.9 {
|
|
|
|
# This was causing a NULL pointer dereference of Expr.pList.
|
|
|
|
execsql {
|
|
|
|
SELECT 1 FROM (SELECT * FROM sqlite_master WHERE random())
|
|
|
|
}
|
|
|
|
} {}
|
|
|
|
|
|
|
|
do_test fuzz-1.10 {
|
|
|
|
# Bug in calculation of Parse.ckOffset causing an assert()
|
|
|
|
# to fail. Probably harmless.
|
|
|
|
execsql {
|
|
|
|
SELECT coalesce(1, substr( 1, 2, length('in' IN (SELECT 1))))
|
|
|
|
}
|
|
|
|
} {1}
|
|
|
|
|
2007-05-14 18:04:59 +04:00
|
|
|
do_test fuzz-1.11 {
|
|
|
|
# The literals (A, B, C, D) are not important, they are just used
|
|
|
|
# to make the EXPLAIN output easier to read.
|
|
|
|
#
|
|
|
|
# The problem here is that the EXISTS(...) expression leaves an
|
|
|
|
# extra value on the VDBE stack. This is confusing the parent and
|
|
|
|
# leads to an assert() failure when OP_Insert encounters an integer
|
|
|
|
# when it expects a record blob.
|
|
|
|
#
|
|
|
|
# Update: Any query with (LIMIT 0) was leaking stack.
|
|
|
|
#
|
|
|
|
execsql {
|
|
|
|
SELECT 'A' FROM (SELECT 'B') ORDER BY EXISTS (
|
|
|
|
SELECT 'C' FROM (SELECT 'D' LIMIT 0)
|
|
|
|
)
|
|
|
|
}
|
|
|
|
} {A}
|
|
|
|
|
2007-05-14 19:49:43 +04:00
|
|
|
do_test fuzz-1.12.1 {
|
|
|
|
# Create a table with a single row.
|
|
|
|
execsql {
|
|
|
|
CREATE TABLE abc(b);
|
|
|
|
INSERT INTO abc VALUES('ABCDE');
|
|
|
|
}
|
|
|
|
|
|
|
|
# The following query was crashing. The later subquery (in the FROM)
|
|
|
|
# clause was flattened into the parent, but the code was not repairng
|
|
|
|
# the "b" reference in the other sub-query. When the query was executed,
|
|
|
|
# that "b" refered to a non-existant vdbe table-cursor.
|
|
|
|
#
|
|
|
|
execsql {
|
|
|
|
SELECT 1 IN ( SELECT b UNION SELECT 1 ) FROM (SELECT b FROM abc);
|
|
|
|
}
|
|
|
|
} {1}
|
|
|
|
do_test fuzz-1.12.2 {
|
|
|
|
# Clean up after the previous query.
|
|
|
|
execsql {
|
|
|
|
DROP TABLE abc;
|
|
|
|
}
|
|
|
|
} {}
|
|
|
|
|
2007-05-14 20:50:48 +04:00
|
|
|
|
|
|
|
do_test fuzz-1.13 {
|
|
|
|
# The problem here was that when there were more expressions in
|
|
|
|
# the ORDER BY list than the result-set list. The temporary b-tree
|
|
|
|
# used for sorting was being misconfigured in this case.
|
|
|
|
#
|
|
|
|
execsql {
|
|
|
|
SELECT 'abcd' UNION SELECT 'efgh' ORDER BY 1 ASC, 1 ASC;
|
|
|
|
}
|
|
|
|
} {abcd efgh}
|
|
|
|
|
2007-05-15 11:00:34 +04:00
|
|
|
do_test fuzz-1.14.1 {
|
|
|
|
execsql {
|
|
|
|
CREATE TABLE abc(a, b, c);
|
|
|
|
INSERT INTO abc VALUES(123, 456, 789);
|
|
|
|
}
|
|
|
|
|
|
|
|
# The [a] reference in the sub-select was causing a problem. Because
|
|
|
|
# the internal walkSelectExpr() function was not considering compound
|
|
|
|
# SELECT operators.
|
|
|
|
execsql {
|
|
|
|
SELECT 1 FROM abc
|
|
|
|
GROUP BY c HAVING EXISTS (SELECT a UNION SELECT 123);
|
|
|
|
}
|
|
|
|
} {1}
|
|
|
|
do_test fuzz-1.14.2 {
|
|
|
|
execsql {
|
|
|
|
DROP TABLE abc;
|
|
|
|
}
|
|
|
|
} {}
|
|
|
|
|
2009-01-05 22:36:30 +03:00
|
|
|
# Making sure previously discovered errors have been fixed.
|
|
|
|
#
|
|
|
|
do_test fuzz-1.15 {
|
|
|
|
execsql {
|
|
|
|
SELECT hex(CAST(zeroblob(1000) AS integer))
|
|
|
|
}
|
|
|
|
} {30}
|
|
|
|
|
|
|
|
do_test fuzz-1.16.1 {
|
|
|
|
execsql {
|
|
|
|
CREATE TABLE abc(a, b, c);
|
|
|
|
CREATE TABLE def(a, b, c);
|
|
|
|
CREATE TABLE ghi(a, b, c);
|
|
|
|
}
|
|
|
|
} {}
|
|
|
|
do_test fuzz-1.16.2 {
|
|
|
|
catchsql {
|
|
|
|
SELECT DISTINCT EXISTS(
|
|
|
|
SELECT 1
|
|
|
|
FROM (
|
|
|
|
SELECT C FROM (SELECT 1)
|
|
|
|
)
|
|
|
|
WHERE (SELECT c)
|
|
|
|
)
|
|
|
|
FROM abc
|
|
|
|
}
|
|
|
|
} {0 {}}
|
|
|
|
do_test fuzz-1.16.3 {
|
|
|
|
catchsql {
|
|
|
|
SELECT DISTINCT substr(-456 ISNULL,zeroblob(1000), EXISTS(
|
|
|
|
SELECT DISTINCT EXISTS(
|
|
|
|
SELECT DISTINCT b FROM abc
|
|
|
|
ORDER BY EXISTS (
|
|
|
|
SELECT DISTINCT 2147483647 UNION ALL SELECT -2147483648
|
|
|
|
) ASC
|
|
|
|
)
|
|
|
|
FROM (
|
|
|
|
SELECT c, c FROM (
|
|
|
|
SELECT 456, 'injection' ORDER BY 56.1 ASC, -56.1 DESC
|
|
|
|
)
|
|
|
|
)
|
|
|
|
GROUP BY (SELECT ALL (SELECT DISTINCT 'hardware'))
|
|
|
|
HAVING (
|
|
|
|
SELECT DISTINCT c
|
|
|
|
FROM (
|
|
|
|
SELECT ALL -2147483648, 'experiments'
|
|
|
|
ORDER BY -56.1 ASC, -56.1 DESC
|
|
|
|
)
|
|
|
|
GROUP BY (SELECT DISTINCT 456) IN
|
|
|
|
(SELECT DISTINCT 'injection') NOT IN (SELECT ALL -456)
|
|
|
|
HAVING EXISTS (
|
|
|
|
SELECT ALL 'injection'
|
|
|
|
)
|
|
|
|
)
|
|
|
|
UNION ALL
|
|
|
|
SELECT a IN (
|
|
|
|
SELECT -2147483647
|
|
|
|
UNION ALL
|
|
|
|
SELECT ALL 'injection'
|
|
|
|
)
|
|
|
|
FROM sqlite_master
|
|
|
|
) -- end EXISTS
|
|
|
|
) /* end SUBSTR() */, c NOTNULL ISNULL
|
|
|
|
FROM abc
|
|
|
|
ORDER BY CAST(-56.1 AS blob) ASC
|
|
|
|
}
|
|
|
|
} {0 {}}
|
|
|
|
do_test fuzz-1.16.4 {
|
|
|
|
execsql {
|
|
|
|
DROP TABLE abc; DROP TABLE def; DROP TABLE ghi;
|
|
|
|
}
|
|
|
|
} {}
|
|
|
|
|
2009-01-06 01:30:38 +03:00
|
|
|
do_test fuzz-1.17 {
|
|
|
|
catchsql {
|
|
|
|
SELECT 'hardware', 56.1 NOTNULL, random()&0
|
|
|
|
FROM (
|
|
|
|
SELECT ALL lower(~ EXISTS (
|
|
|
|
SELECT 1 NOT IN (SELECT ALL 1)
|
|
|
|
)), CAST(456 AS integer), -2147483647
|
|
|
|
FROM (
|
|
|
|
SELECT DISTINCT -456, CAST(1 AS integer) ISNULL
|
|
|
|
FROM (SELECT ALL 2147483647, typeof(2147483649))
|
|
|
|
)
|
|
|
|
)
|
|
|
|
GROUP BY CAST(CAST('experiments' AS blob) AS blob)
|
|
|
|
HAVING random()
|
|
|
|
}
|
|
|
|
} {0 {hardware 1 0}}
|
|
|
|
|
2009-01-06 03:08:02 +03:00
|
|
|
do_test fuzz-1.18 {
|
|
|
|
catchsql {
|
|
|
|
SELECT -2147483649 << upper('fault' NOT IN (
|
|
|
|
SELECT ALL (
|
|
|
|
SELECT ALL -1
|
|
|
|
ORDER BY -2147483649
|
|
|
|
LIMIT (
|
|
|
|
SELECT ALL (
|
|
|
|
SELECT 0 EXCEPT SELECT DISTINCT 'experiments' ORDER BY 1 ASC
|
|
|
|
)
|
|
|
|
)
|
|
|
|
OFFSET EXISTS (
|
|
|
|
SELECT ALL
|
|
|
|
(SELECT ALL -2147483648) NOT IN (
|
|
|
|
SELECT ALL 123456789.1234567899
|
|
|
|
) IN (SELECT 2147483649)
|
|
|
|
FROM sqlite_master
|
|
|
|
) NOT IN (SELECT ALL 'The')
|
|
|
|
)
|
|
|
|
))
|
|
|
|
}
|
|
|
|
} {0 -4294967298}
|
|
|
|
|
2009-04-28 15:10:39 +04:00
|
|
|
# At one point the following INSERT statement caused an assert() to fail.
|
|
|
|
#
|
|
|
|
do_test fuzz-1.19 {
|
|
|
|
execsql { CREATE TABLE t1(a) }
|
|
|
|
catchsql {
|
|
|
|
INSERT INTO t1 VALUES(
|
|
|
|
CASE WHEN NULL THEN NULL ELSE ( SELECT 0 ORDER BY 456 ) END
|
|
|
|
)
|
|
|
|
}
|
|
|
|
} {1 {1st ORDER BY term out of range - should be between 1 and 1}}
|
|
|
|
do_test fuzz-1.20 {
|
|
|
|
execsql { DROP TABLE t1 }
|
|
|
|
} {}
|
|
|
|
|
2007-05-10 21:32:48 +04:00
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Test some fuzzily generated expressions.
|
|
|
|
#
|
2007-05-11 14:10:33 +04:00
|
|
|
do_fuzzy_test fuzz-2 -template { SELECT [Expr] }
|
2007-05-10 21:32:48 +04:00
|
|
|
|
|
|
|
do_test fuzz-3.1 {
|
|
|
|
execsql {
|
|
|
|
CREATE TABLE abc(a, b, c);
|
2007-05-11 14:10:33 +04:00
|
|
|
CREATE TABLE def(a, b, c);
|
|
|
|
CREATE TABLE ghi(a, b, c);
|
2007-05-10 19:37:52 +04:00
|
|
|
}
|
|
|
|
} {}
|
2007-05-11 14:10:33 +04:00
|
|
|
set ::TableList [list abc def ghi]
|
2007-05-10 21:32:48 +04:00
|
|
|
|
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Test some fuzzily generated SELECT statements.
|
|
|
|
#
|
2007-05-11 14:10:33 +04:00
|
|
|
do_fuzzy_test fuzz-3.2 -template {[Select]}
|
|
|
|
|
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Insert a small amount of data into the database and then run
|
|
|
|
# some more generated SELECT statements.
|
|
|
|
#
|
|
|
|
do_test fuzz-4.1 {
|
|
|
|
execsql {
|
|
|
|
INSERT INTO abc VALUES(1, 2, 3);
|
|
|
|
INSERT INTO abc VALUES(4, 5, 6);
|
|
|
|
INSERT INTO abc VALUES(7, 8, 9);
|
|
|
|
INSERT INTO def VALUES(1, 2, 3);
|
|
|
|
INSERT INTO def VALUES(4, 5, 6);
|
|
|
|
INSERT INTO def VALUES(7, 8, 9);
|
|
|
|
INSERT INTO ghi VALUES(1, 2, 3);
|
|
|
|
INSERT INTO ghi VALUES(4, 5, 6);
|
|
|
|
INSERT INTO ghi VALUES(7, 8, 9);
|
|
|
|
CREATE INDEX abc_i ON abc(a, b, c);
|
|
|
|
CREATE INDEX def_i ON def(c, a, b);
|
|
|
|
CREATE INDEX ghi_i ON ghi(b, c, a);
|
|
|
|
}
|
|
|
|
} {}
|
|
|
|
do_fuzzy_test fuzz-4.2 -template {[Select]}
|
|
|
|
|
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Test some fuzzy INSERT statements:
|
|
|
|
#
|
|
|
|
do_test fuzz-5.1 {execsql BEGIN} {}
|
|
|
|
do_fuzzy_test fuzz-5.2 -template {[Insert]} -errorlist table
|
|
|
|
integrity_check fuzz-5.2.integrity
|
|
|
|
do_test fuzz-5.3 {execsql COMMIT} {}
|
|
|
|
integrity_check fuzz-5.4.integrity
|
|
|
|
|
2007-05-11 20:58:03 +04:00
|
|
|
#----------------------------------------------------------------
|
2007-05-14 18:04:59 +04:00
|
|
|
# Now that there is data in the database, run some more SELECT
|
2007-05-11 20:58:03 +04:00
|
|
|
# statements
|
|
|
|
#
|
|
|
|
set ::ColumnList [list a b c]
|
|
|
|
set E {{no such col} {ambiguous column name}}
|
|
|
|
do_fuzzy_test fuzz-6.1 -template {[Select]} -errorlist $E
|
|
|
|
|
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Run some SELECTs, INSERTs, UPDATEs and DELETEs in a transaction.
|
|
|
|
#
|
|
|
|
set E {{no such col} {ambiguous column name} {table}}
|
|
|
|
do_test fuzz-7.1 {execsql BEGIN} {}
|
|
|
|
do_fuzzy_test fuzz-7.2 -template {[Statement]} -errorlist $E
|
|
|
|
integrity_check fuzz-7.3.integrity
|
|
|
|
do_test fuzz-7.4 {execsql COMMIT} {}
|
|
|
|
integrity_check fuzz-7.5.integrity
|
2007-05-10 19:37:52 +04:00
|
|
|
|
2007-05-14 18:04:59 +04:00
|
|
|
#----------------------------------------------------------------
|
2007-05-15 11:00:34 +04:00
|
|
|
# Many CREATE and DROP TABLE statements:
|
2007-05-14 18:04:59 +04:00
|
|
|
#
|
2007-05-15 11:14:32 +04:00
|
|
|
set E [list table duplicate {no such col} {ambiguous column name} {use DROP}]
|
2007-05-15 11:00:34 +04:00
|
|
|
do_fuzzy_test fuzz-8.1 -template {[CreateOrDropTableOrView]} -errorlist $E
|
2007-05-14 18:04:59 +04:00
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
close $::log
|
2007-05-10 19:37:52 +04:00
|
|
|
finish_test
|