From f34e9aabd8af209fa849eea0141ba9e0302e4a93 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Mon, 20 Apr 2015 12:50:13 +0000
Subject: [PATCH] Enhance fuzzershell to support multiple blocks of SQL, each
 run in its own private in-memory database.

FossilOrigin-Name: ab0a96ca73cfe92d5a837c71c148e8361f42acc3
---
 manifest           |  12 ++---
 manifest.uuid      |   2 +-
 tool/fuzzershell.c | 122 ++++++++++++++++++++++++++++++++-------------
 3 files changed, 95 insertions(+), 41 deletions(-)

diff --git a/manifest b/manifest
index 98ea026575..6d6a24c20d 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\san\sALWAYS()\saround\sa\snew\sbranch\sthat\swas\smade\sunreachable\sby\san\seven\nnewer\schange.
-D 2015-04-20T01:13:33.830
+C Enhance\sfuzzershell\sto\ssupport\smultiple\sblocks\sof\sSQL,\seach\srun\sin\sits\sown\nprivate\sin-memory\sdatabase.
+D 2015-04-20T12:50:13.942
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in faaf75b89840659d74501bea269c7e33414761c1
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -1203,7 +1203,7 @@ F tool/diffdb.c 7524b1b5df217c20cd0431f6789851a4e0cb191b
 F tool/extract.c 054069d81b095fbdc189a6f5d4466e40380505e2
 F tool/fast_vacuum.c 5ba0d6f5963a0a63bdc42840f678bad75b2ebce1
 F tool/fragck.tcl 5265a95126abcf6ab357f7efa544787e5963f439
-F tool/fuzzershell.c 9e7e273da203037154b433bb67f10b0d9772b370
+F tool/fuzzershell.c d6f9206395645668499aa5b097cbcda5ef67d457
 F tool/genfkey.README cf68fddd4643bbe3ff8e31b8b6d8b0a1b85e20f4
 F tool/genfkey.test 4196a8928b78f51d54ef58e99e99401ab2f0a7e5
 F tool/getlock.c f4c39b651370156cae979501a7b156bdba50e7ce
@@ -1251,7 +1251,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P c83052e48bbae0f45db2a44155b4e5482ee4a901
-R 952a9e0aae8c56d03933920a47e90909
+P 592c010478fba7410424f011a62e019c826f1ac3
+R 55f62d08aa055d79c5fb00626b830397
 U drh
-Z b000b63de0ad5ddbe40a2bc087fe2878
+Z 4938f7ca9f322011187311f0d5e05712
diff --git a/manifest.uuid b/manifest.uuid
index 0e878dee1e..2ad27925f2 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-592c010478fba7410424f011a62e019c826f1ac3
\ No newline at end of file
+ab0a96ca73cfe92d5a837c71c148e8361f42acc3
\ No newline at end of file
diff --git a/tool/fuzzershell.c b/tool/fuzzershell.c
index a44a722505..6f841e220c 100644
--- a/tool/fuzzershell.c
+++ b/tool/fuzzershell.c
@@ -31,6 +31,29 @@
 **
 **    (4)  The eval() SQL function is added, allowing the fuzzer to do 
 **         interesting recursive operations.
+**
+** 2015-04-20: The input text can be divided into separate SQL chunks using
+** lines of the form:
+**
+**       |****<...>****|
+**
+** where the "..." is arbitrary text, except the "|" should really be "/".
+** ("|" is used here to avoid compiler warnings about nested comments.)
+** Each such SQL comment is printed as it is encountered.  A separate 
+** in-memory SQLite database is created to run each chunk of SQL.  This
+** feature allows the "queue" of AFL to be captured into a single big
+** file using a command like this:
+**
+**    (for i in id:*; do echo '|****<'$i'>****|'; cat $i; done) >~/all-queue.txt
+**
+** (Once again, change the "|" to "/") Then all elements of the AFL queue
+** can be run in a single go (for regression testing, for example, by typing:
+**
+**    fuzzershell -f ~/all-queue.txt >out.txt
+**
+** After running each chunk of SQL, the database connection is closed.  The
+** program aborts if the close fails or if there is any unfreed memory after
+** the close.
 */
 #include <stdio.h>
 #include <stdlib.h>
@@ -218,8 +241,9 @@ int main(int argc, char **argv){
   FILE *in = stdin;       /* Where to read SQL text from */
   int rc = SQLITE_OK;     /* Result codes from API functions */
   int i;                  /* Loop counter */
+  int iNext;              /* Next block of SQL */
   sqlite3 *db;            /* Open database */
-  sqlite3 *dbInit;        /* On-disk database used to initialize the in-memory db */
+  sqlite3 *dbInit = 0;    /* On-disk database used to initialize the in-memory db */
   const char *zInitDb = 0;/* Name of the initialization database file */
   char *zErrMsg = 0;      /* Error message returned from sqlite3_exec() */
 
@@ -250,45 +274,75 @@ int main(int argc, char **argv){
     }
   }
   sqlite3_config(SQLITE_CONFIG_LOG, shellLog, 0);
-  rc = sqlite3_open_v2(
-    "main.db", &db,
-    SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY,
-    0);
-  if( rc!=SQLITE_OK ){
-    abendError("Unable to open the in-memory database");
-  }
-  if( zInitDb ){
-    sqlite3_backup *pBackup;
-    rc = sqlite3_open_v2(zInitDb, &dbInit, SQLITE_OPEN_READONLY, 0);
-    if( rc!=SQLITE_OK ){
-      abendError("unable to open initialization database \"%s\"", zInitDb);
-    }
-    pBackup = sqlite3_backup_init(db, "main", dbInit, "main");
-    rc = sqlite3_backup_step(pBackup, -1);
-    if( rc!=SQLITE_DONE ){
-      abendError("attempt to initialize the in-memory database failed (rc=%d)",rc);
-    }
-    sqlite3_backup_finish(pBackup);
-    sqlite3_close(dbInit);
-  }
-  sqlite3_trace(db, traceCallback, 0);
-  sqlite3_create_function(db, "eval", 1, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
-  sqlite3_create_function(db, "eval", 2, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
   while( !feof(in) ){
-    nAlloc += 1000;
-    zIn = sqlite3_realloc(zIn, nAlloc);
+    nAlloc += nAlloc+1000;
+    zIn = realloc(zIn, nAlloc);
     if( zIn==0 ) fatalError("out of memory");
     got = fread(zIn+nIn, 1, nAlloc-nIn-1, in); 
     nIn += (int)got;
     zIn[nIn] = 0;
     if( got==0 ) break;
   }
-  printf("INPUT (%d bytes): [%s]\n", nIn, zIn);
-  rc = sqlite3_exec(db, zIn, execCallback, 0, &zErrMsg);
-  printf("RESULT-CODE: %d\n", rc);
-  if( zErrMsg ){
-    printf("ERROR-MSG: [%s]\n", zErrMsg);
-    sqlite3_free(zErrMsg);
+  if( zInitDb ){
+    rc = sqlite3_open_v2(zInitDb, &dbInit, SQLITE_OPEN_READONLY, 0);
+    if( rc!=SQLITE_OK ){
+      abendError("unable to open initialization database \"%s\"", zInitDb);
+    }
   }
-  return rc!=SQLITE_OK;
+  for(i=0; i<nIn; i=iNext){
+    char cSaved;
+    if( strncmp(&zIn[i], "/****<",6)==0 ){
+      char *z = strstr(&zIn[i], ">****/");
+      if( z ){
+        z += 6;
+        printf("%.*s\n", (int)(z-&zIn[i]), &zIn[i]);
+        i += (int)(z-&zIn[i]);
+      }
+    }
+    for(iNext=i; iNext<nIn && strncmp(&zIn[iNext],"/****<",6)!=0; iNext++){}
+    
+    rc = sqlite3_open_v2(
+      "main.db", &db,
+      SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY,
+      0);
+    if( rc!=SQLITE_OK ){
+      abendError("Unable to open the in-memory database");
+    }
+    if( zInitDb ){
+      sqlite3_backup *pBackup;
+      pBackup = sqlite3_backup_init(db, "main", dbInit, "main");
+      rc = sqlite3_backup_step(pBackup, -1);
+      if( rc!=SQLITE_DONE ){
+        abendError("attempt to initialize the in-memory database failed (rc=%d)",
+                   rc);
+      }
+      sqlite3_backup_finish(pBackup);
+    }
+    sqlite3_trace(db, traceCallback, 0);
+    sqlite3_create_function(db, "eval", 1, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
+    sqlite3_create_function(db, "eval", 2, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
+    sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 1000000);
+
+    cSaved = zIn[iNext];
+    zIn[iNext] = 0;
+    printf("INPUT (offset: %d, size: %d): [%s]\n",
+            i, (int)strlen(&zIn[i]), &zIn[i]);
+    rc = sqlite3_exec(db, &zIn[i], execCallback, 0, &zErrMsg);
+    zIn[iNext] = cSaved;
+
+    printf("RESULT-CODE: %d\n", rc);
+    if( zErrMsg ){
+      printf("ERROR-MSG: [%s]\n", zErrMsg);
+      sqlite3_free(zErrMsg);
+    }
+    rc = sqlite3_close(db);
+    if( rc ){
+      abendError("sqlite3_close() failed with rc=%d", rc);
+    }
+    if( sqlite3_memory_used()>0 ){
+      abendError("memory in use after close: %lld bytes", sqlite3_memory_used());
+    }
+  }
+  free(zIn);
+  return 0;
 }