2007-05-11 04:20:08 +04:00
|
|
|
# 2007 May 10
|
2007-05-10 19:37:52 +04:00
|
|
|
#
|
|
|
|
# The author disclaims copyright to this source code. In place of
|
|
|
|
# a legal notice, here is a blessing:
|
|
|
|
#
|
|
|
|
# May you do good and not evil.
|
|
|
|
# May you find forgiveness for yourself and forgive others.
|
|
|
|
# May you share freely, never taking more than you give.
|
|
|
|
#
|
|
|
|
#***********************************************************************
|
|
|
|
# This file implements regression tests for SQLite library. The
|
2007-05-11 04:20:08 +04:00
|
|
|
# focus of this file is generating semi-random strings of SQL
|
|
|
|
# (a.k.a. "fuzz") and sending it into the parser to try to generate
|
|
|
|
# errors.
|
2007-05-10 19:37:52 +04:00
|
|
|
#
|
2007-05-11 20:58:03 +04:00
|
|
|
# $Id: fuzz.test,v 1.7 2007/05/11 16:58:04 danielk1977 Exp $
|
2007-05-10 19:37:52 +04:00
|
|
|
|
|
|
|
set testdir [file dirname $argv0]
|
|
|
|
source $testdir/tester.tcl
|
|
|
|
|
2007-05-11 20:58:03 +04:00
|
|
|
set ::REPEATS 20
|
|
|
|
set ::REPEATS 5000
|
|
|
|
|
2007-05-10 19:37:52 +04:00
|
|
|
proc fuzz {TemplateList} {
|
|
|
|
set n [llength $TemplateList]
|
|
|
|
set i [expr {int(rand()*$n)}]
|
2007-05-11 14:10:33 +04:00
|
|
|
return [uplevel 1 subst -novar [list [lindex $TemplateList $i]]]
|
2007-05-10 19:37:52 +04:00
|
|
|
}
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
# Fuzzy generation primitives:
|
|
|
|
#
|
|
|
|
# Literal
|
|
|
|
# UnaryOp
|
|
|
|
# BinaryOp
|
|
|
|
# Expr
|
|
|
|
# Table
|
|
|
|
# Select
|
|
|
|
# Insert
|
|
|
|
#
|
|
|
|
|
2007-05-10 21:32:48 +04:00
|
|
|
# Returns a string representing an SQL literal.
|
|
|
|
#
|
|
|
|
proc Literal {} {
|
2007-05-10 19:37:52 +04:00
|
|
|
set TemplateList {
|
|
|
|
456 0 -456 1 -1
|
|
|
|
2147483648 2147483647 2147483649 -2147483647 -2147483648 -2147483649
|
|
|
|
'The' 'first' 'experiments' 'in' 'hardware' 'fault' 'injection'
|
|
|
|
zeroblob(1000)
|
|
|
|
NULL
|
|
|
|
56.1 -56.1
|
|
|
|
123456789.1234567899
|
|
|
|
}
|
|
|
|
fuzz $TemplateList
|
|
|
|
}
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
# Returns a string containing an SQL unary operator (e.g. "+" or "NOT").
|
|
|
|
#
|
2007-05-10 19:37:52 +04:00
|
|
|
proc UnaryOp {} {
|
2007-05-11 14:10:33 +04:00
|
|
|
set TemplateList {+ - NOT ~}
|
2007-05-10 19:37:52 +04:00
|
|
|
fuzz $TemplateList
|
|
|
|
}
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
# Returns a string containing an SQL binary operator (e.g. "*" or "/").
|
|
|
|
#
|
2007-05-10 19:37:52 +04:00
|
|
|
proc BinaryOp {} {
|
2007-05-11 14:10:33 +04:00
|
|
|
set TemplateList {
|
|
|
|
|| * / % + - << >> & | < <= > >= = == != <> AND OR
|
|
|
|
LIKE GLOB {NOT LIKE}
|
|
|
|
}
|
2007-05-10 19:37:52 +04:00
|
|
|
fuzz $TemplateList
|
|
|
|
}
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
# Return the complete text of an SQL expression.
|
|
|
|
#
|
2007-05-10 19:37:52 +04:00
|
|
|
set ::ExprDepth 0
|
2007-05-11 14:10:33 +04:00
|
|
|
proc Expr { {c {}} } {
|
2007-05-10 19:37:52 +04:00
|
|
|
incr ::ExprDepth
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
set TemplateList [concat $c {[Literal]}]
|
2007-05-11 20:58:03 +04:00
|
|
|
if {$::ExprDepth < 5} {
|
2007-05-10 19:37:52 +04:00
|
|
|
lappend TemplateList \
|
2007-05-11 14:10:33 +04:00
|
|
|
{[Expr $c] [BinaryOp] [Expr $c]} \
|
|
|
|
{[UnaryOp] [Expr $c]} \
|
|
|
|
{[Expr $c] ISNULL} \
|
|
|
|
{[Expr $c] NOTNULL} \
|
|
|
|
{CAST([Expr $c] AS blob)} \
|
|
|
|
{CAST([Expr $c] AS text)} \
|
|
|
|
{CAST([Expr $c] AS integer)} \
|
|
|
|
{CAST([Expr $c] AS real)} \
|
2007-05-11 20:58:03 +04:00
|
|
|
{abs([Expr])} \
|
|
|
|
{coalesce([Expr], [Expr])} \
|
|
|
|
{hex([Expr])} \
|
|
|
|
{length([Expr])} \
|
|
|
|
{lower([Expr])} \
|
|
|
|
{upper([Expr])} \
|
|
|
|
{quote([Expr])} \
|
|
|
|
{random()} \
|
|
|
|
{randomblob(min(max([Expr],1), 500))} \
|
|
|
|
{typeof([Expr])} \
|
|
|
|
{substr([Expr],[Expr],[Expr])} \
|
2007-05-11 14:10:33 +04:00
|
|
|
{CASE WHEN [Expr $c] THEN [Expr $c] ELSE [Expr $c] END} \
|
|
|
|
{[Literal]} {[Literal]} {[Literal]}
|
2007-05-10 19:37:52 +04:00
|
|
|
}
|
|
|
|
if {$::SelectDepth < 10} {
|
2007-05-11 14:10:33 +04:00
|
|
|
lappend TemplateList \
|
|
|
|
{([Select 1])} \
|
|
|
|
{[Expr $c] IN ([Select 1])} \
|
|
|
|
{[Expr $c] NOT IN ([Select 1])} \
|
|
|
|
{EXISTS ([Select 1])} \
|
2007-05-10 19:37:52 +04:00
|
|
|
}
|
|
|
|
set res [fuzz $TemplateList]
|
|
|
|
incr ::ExprDepth -1
|
|
|
|
return $res
|
|
|
|
}
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
# Return a valid table name.
|
|
|
|
#
|
2007-05-10 21:32:48 +04:00
|
|
|
set ::TableList [list]
|
|
|
|
proc Table {} {
|
|
|
|
set TemplateList [concat sqlite_master $::TableList]
|
|
|
|
fuzz $TemplateList
|
|
|
|
}
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
# Return a SELECT statement.
|
|
|
|
#
|
2007-05-10 19:37:52 +04:00
|
|
|
set ::SelectDepth 0
|
2007-05-11 20:58:03 +04:00
|
|
|
set ::ColumnList [list]
|
2007-05-10 21:32:48 +04:00
|
|
|
proc Select {{isExpr 0}} {
|
2007-05-10 19:37:52 +04:00
|
|
|
incr ::SelectDepth
|
|
|
|
set TemplateList {
|
|
|
|
{SELECT [Expr]}
|
2007-05-11 14:10:33 +04:00
|
|
|
{SELECT [Literal]}
|
2007-05-10 19:37:52 +04:00
|
|
|
}
|
2007-05-10 21:32:48 +04:00
|
|
|
if {$::SelectDepth < 5} {
|
|
|
|
lappend TemplateList \
|
|
|
|
{SELECT [Expr] FROM ([Select])} \
|
2007-05-11 20:58:03 +04:00
|
|
|
{SELECT [Expr $::ColumnList] FROM [Table]} \
|
2007-05-10 21:32:48 +04:00
|
|
|
|
|
|
|
if {0 == $isExpr} {
|
|
|
|
lappend TemplateList \
|
|
|
|
{SELECT [Expr], [Expr] FROM ([Select]) ORDER BY [Expr]} \
|
|
|
|
{SELECT * FROM ([Select]) ORDER BY [Expr]} \
|
2007-05-11 14:10:33 +04:00
|
|
|
{SELECT * FROM [Table]} \
|
2007-05-11 20:58:03 +04:00
|
|
|
{SELECT * FROM [Table] WHERE [Expr $::ColumnList]} \
|
|
|
|
{SELECT * FROM [Table],[Table] AS t2 WHERE [Expr $::ColumnList] LIMIT 1}
|
2007-05-10 21:32:48 +04:00
|
|
|
}
|
|
|
|
}
|
2007-05-10 19:37:52 +04:00
|
|
|
set res [fuzz $TemplateList]
|
|
|
|
incr ::SelectDepth -1
|
|
|
|
set res
|
|
|
|
}
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
# Generate and return a fuzzy INSERT statement.
|
|
|
|
#
|
|
|
|
proc Insert {} {
|
|
|
|
set TemplateList {
|
|
|
|
{INSERT INTO [Table] VALUES([Expr], [Expr], [Expr]);}
|
|
|
|
{INSERT INTO [Table] VALUES([Expr], [Expr], [Expr], [Expr]);}
|
|
|
|
{INSERT INTO [Table] VALUES([Expr], [Expr]);}
|
|
|
|
}
|
|
|
|
fuzz $TemplateList
|
|
|
|
}
|
|
|
|
|
2007-05-11 20:58:03 +04:00
|
|
|
proc Column {} {
|
|
|
|
fuzz $::ColumnList
|
|
|
|
}
|
|
|
|
|
|
|
|
# Generate and return a fuzzy UPDATE statement.
|
|
|
|
#
|
|
|
|
proc Update {} {
|
|
|
|
set TemplateList {
|
|
|
|
{UPDATE [Table]
|
|
|
|
SET [Column] = [Expr $::ColumnList]
|
|
|
|
WHERE [Expr $::ColumnList]}
|
|
|
|
}
|
|
|
|
fuzz $TemplateList
|
|
|
|
}
|
|
|
|
|
|
|
|
proc Delete {} {
|
|
|
|
set TemplateList {
|
|
|
|
{DELETE FROM [Table] WHERE [Expr $::ColumnList]}
|
|
|
|
}
|
|
|
|
fuzz $TemplateList
|
|
|
|
}
|
|
|
|
|
|
|
|
proc Statement {} {
|
|
|
|
set TemplateList {
|
|
|
|
{[Update]}
|
|
|
|
{[Insert]}
|
|
|
|
{[Select]}
|
|
|
|
{[Delete]}
|
|
|
|
}
|
|
|
|
fuzz $TemplateList
|
|
|
|
}
|
|
|
|
|
2007-05-10 21:32:48 +04:00
|
|
|
########################################################################
|
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
set ::log [open fuzzy.log w]
|
|
|
|
|
|
|
|
#
|
|
|
|
# Usage: do_fuzzy_test <testname> ?<options>?
|
|
|
|
#
|
|
|
|
# -template
|
|
|
|
# -errorlist
|
|
|
|
#
|
|
|
|
proc do_fuzzy_test {testname args} {
|
|
|
|
set ::fuzzyopts(-errorlist) [list]
|
|
|
|
array set ::fuzzyopts $args
|
|
|
|
lappend ::fuzzyopts(-errorlist) {parser stack overflow} {ORDER BY column}
|
|
|
|
|
2007-05-11 20:58:03 +04:00
|
|
|
for {set ii 0} {$ii < $::REPEATS} {incr ii} {
|
2007-05-11 14:10:33 +04:00
|
|
|
do_test ${testname}.$ii {
|
|
|
|
set ::sql [subst $::fuzzyopts(-template)]
|
|
|
|
puts $::log $::sql
|
|
|
|
flush $::log
|
|
|
|
set rc [catch {execsql $::sql} msg]
|
|
|
|
set e 1
|
|
|
|
if {$rc} {
|
|
|
|
set e 0
|
|
|
|
foreach error $::fuzzyopts(-errorlist) {
|
|
|
|
if {0 == [string first $error $msg]} {
|
|
|
|
set e 1
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if {$e == 0} {
|
|
|
|
puts ""
|
|
|
|
puts $::sql
|
|
|
|
puts $msg
|
|
|
|
}
|
|
|
|
set e
|
|
|
|
} {1}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-05-10 21:32:48 +04:00
|
|
|
#----------------------------------------------------------------
|
|
|
|
# These tests caused errors that were first caught by the tests
|
|
|
|
# in this file. They are still here.
|
2007-05-10 19:37:52 +04:00
|
|
|
do_test fuzz-1.1 {
|
|
|
|
execsql {
|
|
|
|
SELECT 'abc' LIKE X'ABCD';
|
|
|
|
}
|
|
|
|
} {0}
|
|
|
|
do_test fuzz-1.2 {
|
|
|
|
execsql {
|
|
|
|
SELECT 'abc' LIKE zeroblob(10);
|
|
|
|
}
|
|
|
|
} {0}
|
|
|
|
do_test fuzz-1.3 {
|
|
|
|
execsql {
|
|
|
|
SELECT zeroblob(10) LIKE 'abc';
|
|
|
|
}
|
|
|
|
} {0}
|
|
|
|
do_test fuzz-1.4 {
|
|
|
|
execsql {
|
|
|
|
SELECT (- -21) % NOT (456 LIKE zeroblob(10));
|
|
|
|
}
|
|
|
|
} {0}
|
2007-05-10 21:32:48 +04:00
|
|
|
do_test fuzz-1.5 {
|
|
|
|
execsql {
|
|
|
|
SELECT (SELECT (
|
|
|
|
SELECT (SELECT -2147483648) FROM (SELECT 1) ORDER BY 1
|
|
|
|
))
|
|
|
|
}
|
|
|
|
} {-2147483648}
|
|
|
|
do_test fuzz-1.6 {
|
|
|
|
execsql {
|
|
|
|
SELECT 'abc', zeroblob(1) FROM (SELECT 1) ORDER BY 1
|
|
|
|
}
|
|
|
|
} [execsql {SELECT 'abc', zeroblob(1)}]
|
|
|
|
|
|
|
|
do_test fuzz-1.7 {
|
|
|
|
execsql {
|
2007-05-11 11:08:28 +04:00
|
|
|
SELECT ( SELECT zeroblob(1000) FROM (
|
|
|
|
SELECT * FROM (SELECT 'first') ORDER BY NOT 'in')
|
2007-05-10 21:38:57 +04:00
|
|
|
)
|
2007-05-10 21:32:48 +04:00
|
|
|
}
|
2007-05-11 11:08:28 +04:00
|
|
|
} [execsql {SELECT zeroblob(1000)}]
|
2007-05-10 19:37:52 +04:00
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
do_test fuzz-1.8 {
|
2007-05-11 20:58:03 +04:00
|
|
|
# Problems with opcode OP_ToText (did not account for MEM_Zero).
|
|
|
|
# Also MemExpandBlob() was marking expanded blobs as nul-terminated.
|
|
|
|
# They are not.
|
2007-05-11 14:10:33 +04:00
|
|
|
execsql {
|
|
|
|
SELECT CAST(zeroblob(1000) AS text);
|
|
|
|
}
|
|
|
|
} {{}}
|
|
|
|
|
2007-05-11 20:58:03 +04:00
|
|
|
do_test fuzz-1.9 {
|
|
|
|
# This was causing a NULL pointer dereference of Expr.pList.
|
|
|
|
execsql {
|
|
|
|
SELECT 1 FROM (SELECT * FROM sqlite_master WHERE random())
|
|
|
|
}
|
|
|
|
} {}
|
|
|
|
|
|
|
|
do_test fuzz-1.10 {
|
|
|
|
# Bug in calculation of Parse.ckOffset causing an assert()
|
|
|
|
# to fail. Probably harmless.
|
|
|
|
execsql {
|
|
|
|
SELECT coalesce(1, substr( 1, 2, length('in' IN (SELECT 1))))
|
|
|
|
}
|
|
|
|
} {1}
|
|
|
|
|
2007-05-10 21:32:48 +04:00
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Test some fuzzily generated expressions.
|
|
|
|
#
|
2007-05-11 14:10:33 +04:00
|
|
|
do_fuzzy_test fuzz-2 -template { SELECT [Expr] }
|
2007-05-10 21:32:48 +04:00
|
|
|
|
|
|
|
do_test fuzz-3.1 {
|
|
|
|
execsql {
|
|
|
|
CREATE TABLE abc(a, b, c);
|
2007-05-11 14:10:33 +04:00
|
|
|
CREATE TABLE def(a, b, c);
|
|
|
|
CREATE TABLE ghi(a, b, c);
|
2007-05-10 19:37:52 +04:00
|
|
|
}
|
|
|
|
} {}
|
2007-05-11 14:10:33 +04:00
|
|
|
set ::TableList [list abc def ghi]
|
2007-05-10 21:32:48 +04:00
|
|
|
|
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Test some fuzzily generated SELECT statements.
|
|
|
|
#
|
2007-05-11 14:10:33 +04:00
|
|
|
do_fuzzy_test fuzz-3.2 -template {[Select]}
|
|
|
|
|
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Insert a small amount of data into the database and then run
|
|
|
|
# some more generated SELECT statements.
|
|
|
|
#
|
|
|
|
do_test fuzz-4.1 {
|
|
|
|
execsql {
|
|
|
|
INSERT INTO abc VALUES(1, 2, 3);
|
|
|
|
INSERT INTO abc VALUES(4, 5, 6);
|
|
|
|
INSERT INTO abc VALUES(7, 8, 9);
|
|
|
|
INSERT INTO def VALUES(1, 2, 3);
|
|
|
|
INSERT INTO def VALUES(4, 5, 6);
|
|
|
|
INSERT INTO def VALUES(7, 8, 9);
|
|
|
|
INSERT INTO ghi VALUES(1, 2, 3);
|
|
|
|
INSERT INTO ghi VALUES(4, 5, 6);
|
|
|
|
INSERT INTO ghi VALUES(7, 8, 9);
|
|
|
|
CREATE INDEX abc_i ON abc(a, b, c);
|
|
|
|
CREATE INDEX def_i ON def(c, a, b);
|
|
|
|
CREATE INDEX ghi_i ON ghi(b, c, a);
|
|
|
|
}
|
|
|
|
} {}
|
|
|
|
do_fuzzy_test fuzz-4.2 -template {[Select]}
|
|
|
|
|
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Test some fuzzy INSERT statements:
|
|
|
|
#
|
|
|
|
do_test fuzz-5.1 {execsql BEGIN} {}
|
|
|
|
do_fuzzy_test fuzz-5.2 -template {[Insert]} -errorlist table
|
|
|
|
integrity_check fuzz-5.2.integrity
|
|
|
|
do_test fuzz-5.3 {execsql COMMIT} {}
|
|
|
|
integrity_check fuzz-5.4.integrity
|
|
|
|
|
2007-05-11 20:58:03 +04:00
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Now that there is data in the datbase, run some more SELECT
|
|
|
|
# statements
|
|
|
|
#
|
|
|
|
set ::ColumnList [list a b c]
|
|
|
|
set E {{no such col} {ambiguous column name}}
|
|
|
|
do_fuzzy_test fuzz-6.1 -template {[Select]} -errorlist $E
|
|
|
|
|
|
|
|
#----------------------------------------------------------------
|
|
|
|
# Run some SELECTs, INSERTs, UPDATEs and DELETEs in a transaction.
|
|
|
|
#
|
|
|
|
set E {{no such col} {ambiguous column name} {table}}
|
|
|
|
do_test fuzz-7.1 {execsql BEGIN} {}
|
|
|
|
do_fuzzy_test fuzz-7.2 -template {[Statement]} -errorlist $E
|
|
|
|
integrity_check fuzz-7.3.integrity
|
|
|
|
do_test fuzz-7.4 {execsql COMMIT} {}
|
|
|
|
integrity_check fuzz-7.5.integrity
|
2007-05-10 19:37:52 +04:00
|
|
|
|
2007-05-11 14:10:33 +04:00
|
|
|
close $::log
|
2007-05-10 19:37:52 +04:00
|
|
|
finish_test
|