File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / sqlite3 / test / fuzz.test
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 17:04:16 2012 UTC (12 years, 10 months ago) by misho
Branches: sqlite3, MAIN
CVS tags: v3_7_10, HEAD
sqlite3

    1: # 2007 May 10
    2: #
    3: # The author disclaims copyright to this source code.  In place of
    4: # a legal notice, here is a blessing:
    5: #
    6: #    May you do good and not evil.
    7: #    May you find forgiveness for yourself and forgive others.
    8: #    May you share freely, never taking more than you give.
    9: #
   10: #***********************************************************************
   11: # This file implements regression tests for SQLite library.  The
   12: # focus of this file is generating semi-random strings of SQL
   13: # (a.k.a. "fuzz") and sending it into the parser to try to 
   14: # generate errors.
   15: #
   16: # The tests in this file are really about testing fuzzily generated
   17: # SQL parse-trees. The majority of the fuzzily generated SQL is 
   18: # valid as far as the parser is concerned. 
   19: #
   20: # The most complicated trees are for SELECT statements.
   21: #
   22: # $Id: fuzz.test,v 1.1.1.1 2012/02/21 17:04:16 misho Exp $
   23: 
   24: set testdir [file dirname $argv0]
   25: source $testdir/tester.tcl
   26: 
   27: set ::REPEATS 5000
   28: 
   29: # If running quick.test, don't do so many iterations.
   30: if {[info exists ::G(isquick)]} {
   31:   if {$::G(isquick)} { set ::REPEATS 20 }
   32: }
   33: 
   34: source $testdir/fuzz_common.tcl
   35: expr srand(0)
   36: 
   37: #----------------------------------------------------------------
   38: # These tests caused errors that were first caught by the tests
   39: # in this file. They are still here.
   40: do_test fuzz-1.1 {
   41:   execsql {
   42:     SELECT 'abc' LIKE X'ABCD';
   43:   }
   44: } {0}
   45: do_test fuzz-1.2 {
   46:   execsql {
   47:     SELECT 'abc' LIKE zeroblob(10);
   48:   }
   49: } {0}
   50: do_test fuzz-1.3 {
   51:   execsql {
   52:     SELECT zeroblob(10) LIKE 'abc';
   53:   }
   54: } {0}
   55: do_test fuzz-1.4 {
   56:   execsql {
   57:     SELECT (- -21) % NOT (456 LIKE zeroblob(10));
   58:   }
   59: } {0}
   60: do_test fuzz-1.5 {
   61:   execsql {
   62:     SELECT (SELECT (
   63:         SELECT (SELECT -2147483648) FROM (SELECT 1) ORDER BY 1
   64:     ))
   65:   }
   66: } {-2147483648}
   67: do_test fuzz-1.6 {
   68:   execsql {
   69:     SELECT 'abc', zeroblob(1) FROM (SELECT 1) ORDER BY 1
   70:   }
   71: } [execsql {SELECT 'abc', zeroblob(1)}]
   72: 
   73: do_test fuzz-1.7 {
   74:   execsql {
   75:     SELECT ( SELECT zeroblob(1000) FROM ( 
   76:       SELECT * FROM (SELECT 'first') ORDER BY NOT 'in') 
   77:     )
   78:   }
   79: } [execsql {SELECT zeroblob(1000)}]
   80: 
   81: do_test fuzz-1.8 {
   82:   # Problems with opcode OP_ToText (did not account for MEM_Zero).
   83:   # Also MemExpandBlob() was marking expanded blobs as nul-terminated.
   84:   # They are not.
   85:   execsql {
   86:     SELECT CAST(zeroblob(1000) AS text);
   87:   }
   88: } {{}}
   89: 
   90: do_test fuzz-1.9 {
   91:   # This was causing a NULL pointer dereference of Expr.pList.
   92:   execsql {
   93:     SELECT 1 FROM (SELECT * FROM sqlite_master WHERE random())
   94:   }
   95: } {}
   96: 
   97: do_test fuzz-1.10 {
   98:   # Bug in calculation of Parse.ckOffset causing an assert() 
   99:   # to fail. Probably harmless.
  100:   execsql {
  101:     SELECT coalesce(1, substr( 1, 2, length('in' IN (SELECT 1))))
  102:   }
  103: } {1}
  104: 
  105: do_test fuzz-1.11 {
  106:   # The literals (A, B, C, D) are not important, they are just used
  107:   # to make the EXPLAIN output easier to read.
  108:   #
  109:   # The problem here is that the EXISTS(...) expression leaves an
  110:   # extra value on the VDBE stack. This is confusing the parent and
  111:   # leads to an assert() failure when OP_Insert encounters an integer
  112:   # when it expects a record blob.
  113:   #
  114:   # Update: Any query with (LIMIT 0) was leaking stack.
  115:   #
  116:   execsql {
  117:     SELECT 'A' FROM (SELECT 'B') ORDER BY EXISTS (
  118:       SELECT 'C' FROM (SELECT 'D' LIMIT 0)
  119:     )
  120:   }
  121: } {A}
  122: 
  123: do_test fuzz-1.12.1 {
  124:   # Create a table with a single row.
  125:   execsql {
  126:     CREATE TABLE abc(b);
  127:     INSERT INTO abc VALUES('ABCDE');
  128:   }
  129: 
  130:   # The following query was crashing. The later subquery (in the FROM)
  131:   # clause was flattened into the parent, but the code was not repairng
  132:   # the "b" reference in the other sub-query. When the query was executed,
  133:   # that "b" refered to a non-existant vdbe table-cursor.
  134:   #
  135:   execsql {
  136:     SELECT 1 IN ( SELECT b UNION SELECT 1 ) FROM (SELECT b FROM abc);
  137:   }
  138: } {1}
  139: do_test fuzz-1.12.2 {
  140:   # Clean up after the previous query.
  141:   execsql {
  142:     DROP TABLE abc;
  143:   }
  144: } {}
  145: 
  146: 
  147: do_test fuzz-1.13 {
  148:   # The problem here was that when there were more expressions in
  149:   # the ORDER BY list than the result-set list. The temporary b-tree
  150:   # used for sorting was being misconfigured in this case.
  151:   #
  152:   execsql {
  153:     SELECT 'abcd' UNION SELECT 'efgh' ORDER BY 1 ASC, 1 ASC;
  154:   }
  155: } {abcd efgh}
  156: 
  157: do_test fuzz-1.14.1 {
  158:   execsql {
  159:     CREATE TABLE abc(a, b, c);
  160:     INSERT INTO abc VALUES(123, 456, 789);
  161:   }
  162:  
  163:   # The [a] reference in the sub-select was causing a problem. Because
  164:   # the internal walkSelectExpr() function was not considering compound
  165:   # SELECT operators.
  166:   execsql {
  167:     SELECT 1 FROM abc
  168:     GROUP BY c HAVING EXISTS (SELECT a UNION SELECT 123);
  169:   }
  170: } {1}
  171: do_test fuzz-1.14.2 {
  172:   execsql {
  173:     DROP TABLE abc;
  174:   }
  175: } {}
  176: 
  177: # Making sure previously discovered errors have been fixed.
  178: #
  179: do_test fuzz-1.15 {
  180:   execsql {
  181:     SELECT hex(CAST(zeroblob(1000) AS integer))
  182:   }
  183: } {30}
  184: 
  185: do_test fuzz-1.16.1 {
  186:   execsql {
  187:     CREATE TABLE abc(a, b, c);
  188:     CREATE TABLE def(a, b, c);
  189:     CREATE TABLE ghi(a, b, c);
  190:   }
  191: } {}
  192: do_test fuzz-1.16.2 {
  193:   catchsql {
  194:     SELECT DISTINCT EXISTS(
  195:        SELECT 1
  196:        FROM (
  197:          SELECT C FROM (SELECT 1)
  198:        )
  199:        WHERE (SELECT c)
  200:     )
  201:     FROM abc
  202:   }
  203: } {0 {}}
  204: do_test fuzz-1.16.3 {
  205:   catchsql {
  206:     SELECT DISTINCT substr(-456 ISNULL,zeroblob(1000), EXISTS(
  207:          SELECT DISTINCT EXISTS(
  208:            SELECT DISTINCT b FROM abc
  209:            ORDER BY EXISTS (
  210:              SELECT DISTINCT 2147483647 UNION ALL SELECT -2147483648
  211:            ) ASC
  212:          )
  213:          FROM (
  214:            SELECT c, c FROM (
  215:              SELECT 456, 'injection' ORDER BY 56.1 ASC, -56.1 DESC
  216:            )
  217:          )
  218:          GROUP BY (SELECT ALL (SELECT DISTINCT 'hardware')) 
  219:          HAVING (
  220:            SELECT DISTINCT c
  221:            FROM (
  222:              SELECT ALL -2147483648, 'experiments'
  223:              ORDER BY -56.1 ASC, -56.1 DESC
  224:            )
  225:            GROUP BY (SELECT DISTINCT 456) IN 
  226:                    (SELECT DISTINCT 'injection') NOT IN (SELECT ALL -456)
  227:            HAVING EXISTS (
  228:              SELECT ALL 'injection'
  229:            )
  230:          )
  231:          UNION ALL
  232:          SELECT a IN (
  233:            SELECT -2147483647
  234:            UNION ALL
  235:            SELECT ALL 'injection'
  236:          )
  237:          FROM sqlite_master
  238:        ) -- end EXISTS
  239:     ) /* end SUBSTR() */, c NOTNULL ISNULL
  240:     FROM abc
  241:     ORDER BY CAST(-56.1 AS blob) ASC
  242:   }
  243: } {0 {}}
  244: do_test fuzz-1.16.4 {
  245:   execsql {
  246:     DROP TABLE abc; DROP TABLE def; DROP TABLE ghi;
  247:   }
  248: } {}
  249: 
  250: do_test fuzz-1.17 {
  251:   catchsql {
  252:     SELECT 'hardware', 56.1 NOTNULL, random()&0
  253:     FROM (
  254:        SELECT ALL lower(~ EXISTS (
  255:            SELECT 1 NOT IN (SELECT ALL 1)
  256:        )), CAST(456 AS integer), -2147483647
  257:        FROM (
  258:          SELECT DISTINCT -456, CAST(1 AS integer) ISNULL
  259:          FROM (SELECT ALL 2147483647, typeof(2147483649))
  260:        )
  261:     )
  262:     GROUP BY CAST(CAST('experiments' AS blob) AS blob)
  263:     HAVING random()
  264:   }
  265: } {0 {hardware 1 0}}
  266: 
  267: do_test fuzz-1.18 {
  268:   catchsql {
  269:      SELECT -2147483649 << upper('fault' NOT IN (
  270:         SELECT ALL (
  271:            SELECT ALL -1
  272:            ORDER BY -2147483649
  273:            LIMIT (
  274:               SELECT ALL (
  275:                  SELECT 0 EXCEPT SELECT DISTINCT 'experiments' ORDER BY 1 ASC
  276:               )
  277:            )
  278:            OFFSET EXISTS (
  279:               SELECT ALL 
  280:                   (SELECT ALL -2147483648) NOT IN (
  281:                      SELECT ALL 123456789.1234567899
  282:                   ) IN (SELECT 2147483649) 
  283:               FROM sqlite_master
  284:            ) NOT IN (SELECT ALL 'The')
  285:         )
  286:      ))
  287:   }
  288: } {0 -4294967298}
  289: 
  290: # At one point the following INSERT statement caused an assert() to fail.
  291: # 
  292: do_test fuzz-1.19 {
  293:   execsql { CREATE TABLE t1(a) }
  294:   catchsql {
  295:     INSERT INTO t1 VALUES( 
  296:       CASE WHEN NULL THEN NULL ELSE ( SELECT 0 ORDER BY 456 ) END 
  297:     )
  298:   }
  299: } {1 {1st ORDER BY term out of range - should be between 1 and 1}}
  300: do_test fuzz-1.20 {
  301:   execsql { DROP TABLE t1 }
  302: } {}
  303: 
  304: #----------------------------------------------------------------
  305: # Test some fuzzily generated expressions.
  306: #
  307: do_fuzzy_test fuzz-2 -template  { SELECT [Expr] }
  308: 
  309: do_test fuzz-3.1 {
  310:   execsql {
  311:     CREATE TABLE abc(a, b, c);
  312:     CREATE TABLE def(a, b, c);
  313:     CREATE TABLE ghi(a, b, c);
  314:   }
  315: } {}
  316: set ::TableList  [list abc def ghi]
  317: 
  318: #----------------------------------------------------------------
  319: # Test some fuzzily generated SELECT statements.
  320: #
  321: do_fuzzy_test fuzz-3.2 -template  {[Select]}
  322: 
  323: #----------------------------------------------------------------
  324: # Insert a small amount of data into the database and then run 
  325: # some more generated SELECT statements.
  326: #
  327: do_test fuzz-4.1 {
  328:   execsql {
  329:     INSERT INTO abc VALUES(1, 2, 3);
  330:     INSERT INTO abc VALUES(4, 5, 6);
  331:     INSERT INTO abc VALUES(7, 8, 9);
  332:     INSERT INTO def VALUES(1, 2, 3);
  333:     INSERT INTO def VALUES(4, 5, 6);
  334:     INSERT INTO def VALUES(7, 8, 9);
  335:     INSERT INTO ghi VALUES(1, 2, 3);
  336:     INSERT INTO ghi VALUES(4, 5, 6);
  337:     INSERT INTO ghi VALUES(7, 8, 9);
  338:     CREATE INDEX abc_i ON abc(a, b, c);
  339:     CREATE INDEX def_i ON def(c, a, b);
  340:     CREATE INDEX ghi_i ON ghi(b, c, a);
  341:   }
  342: } {}
  343: do_fuzzy_test fuzz-4.2 -template {[Select]}
  344: 
  345: #----------------------------------------------------------------
  346: # Test some fuzzy INSERT statements:
  347: #
  348: do_test         fuzz-5.1 {execsql BEGIN} {}
  349: do_fuzzy_test   fuzz-5.2 -template  {[Insert]} -errorlist table
  350: integrity_check fuzz-5.2.integrity
  351: do_test         fuzz-5.3 {execsql COMMIT} {}
  352: integrity_check fuzz-5.4.integrity
  353: 
  354: #----------------------------------------------------------------
  355: # Now that there is data in the database, run some more SELECT 
  356: # statements
  357: #
  358: set ::ColumnList [list a b c]
  359: set E {{no such col} {ambiguous column name}}
  360: do_fuzzy_test fuzz-6.1 -template {[Select]} -errorlist $E
  361: 
  362: #----------------------------------------------------------------
  363: # Run some SELECTs, INSERTs, UPDATEs and DELETEs in a transaction.
  364: #
  365: set E {{no such col} {ambiguous column name} {table}}
  366: do_test         fuzz-7.1 {execsql BEGIN} {}
  367: do_fuzzy_test   fuzz-7.2 -template {[Statement]} -errorlist $E
  368: integrity_check fuzz-7.3.integrity
  369: do_test         fuzz-7.4 {execsql COMMIT} {}
  370: integrity_check fuzz-7.5.integrity
  371: 
  372: #----------------------------------------------------------------
  373: # Many CREATE and DROP TABLE statements:
  374: #
  375: set E [list table duplicate {no such col} {ambiguous column name} {use DROP}]
  376: do_fuzzy_test fuzz-8.1 -template {[CreateOrDropTableOrView]} -errorlist $E
  377: 
  378: close $::log
  379: finish_test

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>