Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add the --oom option to fuzzershell. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
14a9e4a377bf2974f5db148c8f86e2c5 |
| User & Date: | drh 2015-04-24 23:45:23 |
Context
|
2015-04-25
| ||
| 00:20 | Add fflush() calls to fuzzershell to keep stderr and stdout synchronized. check-in: 2b98a252 user: drh tags: trunk | |
|
2015-04-24
| ||
| 23:45 | Add the --oom option to fuzzershell. check-in: 14a9e4a3 user: drh tags: trunk | |
| 18:31 | Fix fuzzershell so that it works with SQLITE_OMIT_TRACE. check-in: dc88fe7e user: drh tags: trunk | |
Changes
Changes to tool/fuzzershell.c.
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 ... 255 256 257 258 259 260 261 262 263 264 265 266 267 268 ... 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 ... 426 427 428 429 430 431 432 433 434 435 436 437 438 439 ... 476 477 478 479 480 481 482 483 484 485 486 487 488 489 ... 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 ... 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 |
#include <ctype.h>
#include "sqlite3.h"
/*
** All global variables are gathered into the "g" singleton.
*/
struct GlobalVars {
const char *zArgv0; /* Name of program */
} g;
/*
** Print an error message and abort in such a way to indicate to the
** fuzzer that this counts as a crash.
*/
static void abendError(const char *zFormat, ...){
va_list ap;
................................................................................
"Options:\n"
" --autovacuum Enable AUTOVACUUM mode\n"
" -f FILE Read SQL text from FILE instead of standard input\n"
" --heap SZ MIN Memory allocator uses SZ bytes & min allocation MIN\n"
" --help Show this help text\n"
" --initdb DBFILE Initialize the in-memory database using template DBFILE\n"
" --lookaside N SZ Configure lookaside for N slots of SZ bytes each\n"
" --pagesize N Set the page size to N\n"
" --pcache N SZ Configure N pages of pagecache each of size SZ bytes\n"
" -q Reduced output\n"
" --quiet Reduced output\n"
" --scratch N SZ Configure scratch memory for N slots of SZ bytes each\n"
" --unique-cases FILE Write all unique test cases to FILE\n"
" --utf16be Set text encoding to UTF-16BE\n"
................................................................................
int nTest = 0; /* Number of test cases run */
int multiTest = 0; /* True if there will be multiple test cases */
int lastPct = -1; /* Previous percentage done output */
sqlite3 *dataDb = 0; /* Database holding compacted input data */
sqlite3_stmt *pStmt = 0; /* Statement to insert testcase into dataDb */
const char *zDataOut = 0; /* Write compacted data to this output file */
int nHeader = 0; /* Bytes of header comment text on input file */
g.zArgv0 = argv[0];
for(i=1; i<argc; i++){
const char *z = argv[i];
if( z[0]=='-' ){
z++;
if( z[0]=='-' ) z++;
if( strcmp(z,"autovacuum")==0 ){
................................................................................
zCkGlob = "'*',*";
}else if( strcmp(z, "strftime")==0 ){
iMode = FZMODE_Strftime;
zCkGlob = "'*',*";
}else{
abendError("unknown --mode: %s", z);
}
}else
if( strcmp(z,"pagesize")==0 ){
if( i>=argc-1 ) abendError("missing argument on %s", argv[i]);
pageSize = integerValue(argv[++i]);
}else
if( strcmp(z,"pcache")==0 ){
if( i>=argc-2 ) abendError("missing arguments on %s", argv[i]);
................................................................................
if( verboseFlag ) sqlite3_config(SQLITE_CONFIG_LOG, shellLog, 0);
if( nHeap>0 ){
pHeap = malloc( nHeap );
if( pHeap==0 ) fatalError("cannot allocate %d-byte heap\n", nHeap);
rc = sqlite3_config(SQLITE_CONFIG_HEAP, pHeap, nHeap, mnHeap);
if( rc ) abendError("heap configuration failed: %d\n", rc);
}
if( nLook>0 ){
sqlite3_config(SQLITE_CONFIG_LOOKASIDE, 0, 0);
if( szLook>0 ){
pLook = malloc( nLook*szLook );
if( pLook==0 ) fatalError("out of memory");
}
}
................................................................................
}
cSaved = zIn[iNext];
zIn[iNext] = 0;
if( zCkGlob && sqlite3_strglob(zCkGlob,&zIn[i])!=0 ){
zIn[iNext] = cSaved;
continue;
}
rc = sqlite3_open_v2(
"main.db", &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY,
0);
if( rc!=SQLITE_OK ){
abendError("Unable to open the in-memory database");
}
if( pLook ){
rc = sqlite3_db_config(db, SQLITE_DBCONFIG_LOOKASIDE, pLook, szLook, nLook);
if( rc!=SQLITE_OK ) abendError("lookaside configuration filed: %d", rc);
}
if( zInitDb ){
sqlite3_backup *pBackup;
pBackup = sqlite3_backup_init(db, "main", dbInit, "main");
rc = sqlite3_backup_step(pBackup, -1);
if( rc!=SQLITE_DONE ){
abendError("attempt to initialize the in-memory database failed (rc=%d)",
rc);
}
sqlite3_backup_finish(pBackup);
}
#ifndef SQLITE_OMIT_TRACE
if( verboseFlag ) sqlite3_trace(db, traceCallback, 0);
#endif
sqlite3_create_function(db, "eval", 1, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
sqlite3_create_function(db, "eval", 2, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 1000000);
if( zEncoding ) sqlexec(db, "PRAGMA encoding=%s", zEncoding);
if( pageSize ) sqlexec(db, "PRAGMA pagesize=%d", pageSize);
if( doAutovac ) sqlexec(db, "PRAGMA auto_vacuum=FULL");
zSql = &zIn[i];
if( verboseFlag ){
printf("INPUT (offset: %d, size: %d): [%s]\n",
i, (int)strlen(&zIn[i]), &zIn[i]);
}else if( multiTest && !quietFlag ){
int pct = 10*iNext/nIn;
if( pct!=lastPct ){
if( lastPct<0 ) printf("fuzz test:");
printf(" %d%%", pct*10);
fflush(stdout);
lastPct = pct;
}
}
switch( iMode ){
case FZMODE_Glob:
zSql = zToFree = sqlite3_mprintf("SELECT glob(%s);", zSql);
................................................................................
case FZMODE_Printf:
zSql = zToFree = sqlite3_mprintf("SELECT printf(%s);", zSql);
break;
case FZMODE_Strftime:
zSql = zToFree = sqlite3_mprintf("SELECT strftime(%s);", zSql);
break;
}
zErrMsg = 0;
rc = sqlite3_exec(db, zSql, verboseFlag ? execCallback : execNoop, 0, &zErrMsg);
if( zToFree ){
sqlite3_free(zToFree);
zToFree = 0;
}
zIn[iNext] = cSaved;
if( verboseFlag ){
printf("RESULT-CODE: %d\n", rc);
if( zErrMsg ){
printf("ERROR-MSG: [%s]\n", zErrMsg);
}
}
sqlite3_free(zErrMsg);
rc = sqlite3_close(db);
if( rc ){
abendError("sqlite3_close() failed with rc=%d", rc);
}
if( sqlite3_memory_used()>0 ){
abendError("memory in use after close: %lld bytes", sqlite3_memory_used());
}
if( nTest==1 ){
/* Simulate an error if the TEST_FAILURE environment variable is "5" */
char *zFailCode = getenv("TEST_FAILURE");
if( zFailCode ){
if( zFailCode[0]=='5' && zFailCode[1]==0 ){
abendError("simulated failure");
}else if( zFailCode[0]!=0 ){
/* If TEST_FAILURE is something other than 5, just exit the test
** early */
printf("\nExit early due to TEST_FAILURE being set");
break;
}
}
}
}
if( !verboseFlag && multiTest && !quietFlag ) printf("\n");
if( nTest>1 && !quietFlag ){
printf("%d fuzz tests with no errors\nSQLite %s %s\n",
nTest, sqlite3_libversion(), sqlite3_sourceid());
|
| > > > > > > > > > > > > > | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | | > > > > > > | < < > > | < > > > > > | < > > > > > > > > > > > > > > > > > > > > > > > > | < > > | < > > | > > | < > | | | | | | | > > > > > > > > > > > > > > > > | > > > > > > > > > > > > > > | < | | | | | | | | < |
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 ... 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 ... 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 ... 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 ... 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 ... 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 ... 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 |
#include <ctype.h>
#include "sqlite3.h"
/*
** All global variables are gathered into the "g" singleton.
*/
struct GlobalVars {
const char *zArgv0; /* Name of program */
sqlite3_mem_methods sOrigMem; /* Original memory methods */
sqlite3_mem_methods sOomMem; /* Memory methods with OOM simulator */
int iOomCntdown; /* Memory fails on 1 to 0 transition */
int nOomFault; /* Increments for each OOM fault */
int bOomOnce; /* Fail just once if true */
int bOomEnable; /* True to enable OOM simulation */
int nOomBrkpt; /* Number of calls to oomFault() */
} g;
/*
** This routine is called when a simulated OOM occurs. It exists as a
** convenient place to set a debugger breakpoint.
*/
static void oomFault(void){
g.nOomBrkpt++;
}
/* Versions of malloc() and realloc() that simulate OOM conditions */
static void *oomMalloc(int nByte){
if( nByte>0 && g.bOomEnable && g.iOomCntdown>0 ){
g.iOomCntdown--;
if( g.iOomCntdown==0 ){
if( g.nOomFault==0 ) oomFault();
g.nOomFault++;
if( !g.bOomOnce ) g.iOomCntdown = 1;
return 0;
}
}
return g.sOrigMem.xMalloc(nByte);
}
static void *oomRealloc(void *pOld, int nByte){
if( nByte>0 && g.bOomEnable && g.iOomCntdown>0 ){
g.iOomCntdown--;
if( g.iOomCntdown==0 ){
if( g.nOomFault==0 ) oomFault();
g.nOomFault++;
if( !g.bOomOnce ) g.iOomCntdown = 1;
return 0;
}
}
return g.sOrigMem.xRealloc(pOld, nByte);
}
/*
** Print an error message and abort in such a way to indicate to the
** fuzzer that this counts as a crash.
*/
static void abendError(const char *zFormat, ...){
va_list ap;
................................................................................
"Options:\n"
" --autovacuum Enable AUTOVACUUM mode\n"
" -f FILE Read SQL text from FILE instead of standard input\n"
" --heap SZ MIN Memory allocator uses SZ bytes & min allocation MIN\n"
" --help Show this help text\n"
" --initdb DBFILE Initialize the in-memory database using template DBFILE\n"
" --lookaside N SZ Configure lookaside for N slots of SZ bytes each\n"
" --oom Run each test multiple times in a simulated OOM loop\n"
" --pagesize N Set the page size to N\n"
" --pcache N SZ Configure N pages of pagecache each of size SZ bytes\n"
" -q Reduced output\n"
" --quiet Reduced output\n"
" --scratch N SZ Configure scratch memory for N slots of SZ bytes each\n"
" --unique-cases FILE Write all unique test cases to FILE\n"
" --utf16be Set text encoding to UTF-16BE\n"
................................................................................
int nTest = 0; /* Number of test cases run */
int multiTest = 0; /* True if there will be multiple test cases */
int lastPct = -1; /* Previous percentage done output */
sqlite3 *dataDb = 0; /* Database holding compacted input data */
sqlite3_stmt *pStmt = 0; /* Statement to insert testcase into dataDb */
const char *zDataOut = 0; /* Write compacted data to this output file */
int nHeader = 0; /* Bytes of header comment text on input file */
int oomFlag = 0; /* --oom */
int oomCnt = 0; /* Counter for the OOM loop */
char zErrBuf[200]; /* Space for the error message */
const char *zFailCode; /* Value of the TEST_FAILURE environment var */
zFailCode = getenv("TEST_FAILURE");
g.zArgv0 = argv[0];
for(i=1; i<argc; i++){
const char *z = argv[i];
if( z[0]=='-' ){
z++;
if( z[0]=='-' ) z++;
if( strcmp(z,"autovacuum")==0 ){
................................................................................
zCkGlob = "'*',*";
}else if( strcmp(z, "strftime")==0 ){
iMode = FZMODE_Strftime;
zCkGlob = "'*',*";
}else{
abendError("unknown --mode: %s", z);
}
}else
if( strcmp(z,"oom")==0 ){
oomFlag = 1;
}else
if( strcmp(z,"pagesize")==0 ){
if( i>=argc-1 ) abendError("missing argument on %s", argv[i]);
pageSize = integerValue(argv[++i]);
}else
if( strcmp(z,"pcache")==0 ){
if( i>=argc-2 ) abendError("missing arguments on %s", argv[i]);
................................................................................
if( verboseFlag ) sqlite3_config(SQLITE_CONFIG_LOG, shellLog, 0);
if( nHeap>0 ){
pHeap = malloc( nHeap );
if( pHeap==0 ) fatalError("cannot allocate %d-byte heap\n", nHeap);
rc = sqlite3_config(SQLITE_CONFIG_HEAP, pHeap, nHeap, mnHeap);
if( rc ) abendError("heap configuration failed: %d\n", rc);
}
if( oomFlag ){
sqlite3_config(SQLITE_CONFIG_GETMALLOC, &g.sOrigMem);
g.sOomMem = g.sOrigMem;
g.sOomMem.xMalloc = oomMalloc;
g.sOomMem.xRealloc = oomRealloc;
sqlite3_config(SQLITE_CONFIG_MALLOC, &g.sOomMem);
}
if( nLook>0 ){
sqlite3_config(SQLITE_CONFIG_LOOKASIDE, 0, 0);
if( szLook>0 ){
pLook = malloc( nLook*szLook );
if( pLook==0 ) fatalError("out of memory");
}
}
................................................................................
}
cSaved = zIn[iNext];
zIn[iNext] = 0;
if( zCkGlob && sqlite3_strglob(zCkGlob,&zIn[i])!=0 ){
zIn[iNext] = cSaved;
continue;
}
zSql = &zIn[i];
if( verboseFlag ){
printf("INPUT (offset: %d, size: %d): [%s]\n",
i, (int)strlen(&zIn[i]), &zIn[i]);
}else if( multiTest && !quietFlag ){
int pct = oomFlag ? 100*iNext/nIn : ((10*iNext)/nIn)*10;
if( pct!=lastPct ){
if( lastPct<0 ) printf("fuzz test:");
printf(" %d%%", pct);
fflush(stdout);
lastPct = pct;
}
}
switch( iMode ){
case FZMODE_Glob:
zSql = zToFree = sqlite3_mprintf("SELECT glob(%s);", zSql);
................................................................................
case FZMODE_Printf:
zSql = zToFree = sqlite3_mprintf("SELECT printf(%s);", zSql);
break;
case FZMODE_Strftime:
zSql = zToFree = sqlite3_mprintf("SELECT strftime(%s);", zSql);
break;
}
if( oomFlag ){
oomCnt = g.iOomCntdown = 1;
g.nOomFault = 0;
g.bOomOnce = 1;
if( verboseFlag ) printf("Once.%d\n", oomCnt);
}else{
oomCnt = 0;
}
do{
rc = sqlite3_open_v2(
"main.db", &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY,
0);
if( rc!=SQLITE_OK ){
abendError("Unable to open the in-memory database");
}
if( pLook ){
rc = sqlite3_db_config(db, SQLITE_DBCONFIG_LOOKASIDE, pLook, szLook, nLook);
if( rc!=SQLITE_OK ) abendError("lookaside configuration filed: %d", rc);
}
if( zInitDb ){
sqlite3_backup *pBackup;
pBackup = sqlite3_backup_init(db, "main", dbInit, "main");
rc = sqlite3_backup_step(pBackup, -1);
if( rc!=SQLITE_DONE ){
abendError("attempt to initialize the in-memory database failed (rc=%d)",
rc);
}
sqlite3_backup_finish(pBackup);
}
#ifndef SQLITE_OMIT_TRACE
if( verboseFlag ) sqlite3_trace(db, traceCallback, 0);
#endif
sqlite3_create_function(db, "eval", 1, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
sqlite3_create_function(db, "eval", 2, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 1000000);
if( zEncoding ) sqlexec(db, "PRAGMA encoding=%s", zEncoding);
if( pageSize ) sqlexec(db, "PRAGMA pagesize=%d", pageSize);
if( doAutovac ) sqlexec(db, "PRAGMA auto_vacuum=FULL");
g.bOomEnable = 1;
if( verboseFlag ){
zErrMsg = 0;
rc = sqlite3_exec(db, zSql, execCallback, 0, &zErrMsg);
if( zErrMsg ){
sqlite3_snprintf(sizeof(zErrBuf),zErrBuf,"%z", zErrMsg);
zErrMsg = 0;
}
}else {
rc = sqlite3_exec(db, zSql, execNoop, 0, 0);
}
g.bOomEnable = 0;
rc = sqlite3_close(db);
if( rc ){
abendError("sqlite3_close() failed with rc=%d", rc);
}
if( sqlite3_memory_used()>0 ){
abendError("memory in use after close: %lld bytes", sqlite3_memory_used());
}
if( oomFlag ){
if( g.nOomFault==0 || oomCnt>2000 ){
if( g.bOomOnce ){
oomCnt = g.iOomCntdown = 1;
g.bOomOnce = 0;
}else{
oomCnt = 0;
}
}else{
g.iOomCntdown = ++oomCnt;
g.nOomFault = 0;
}
if( oomCnt ){
if( verboseFlag ){
printf("%s.%d\n", g.bOomOnce ? "Once" : "Multi", oomCnt);
}
nTest++;
}
}
}while( oomCnt>0 );
if( zToFree ){
sqlite3_free(zToFree);
zToFree = 0;
}
zIn[iNext] = cSaved;
if( verboseFlag ){
printf("RESULT-CODE: %d\n", rc);
if( zErrMsg ){
printf("ERROR-MSG: [%s]\n", zErrBuf);
}
}
/* Simulate an error if the TEST_FAILURE environment variable is "5" */
if( zFailCode ){
if( zFailCode[0]=='5' && zFailCode[1]==0 ){
abendError("simulated failure");
}else if( zFailCode[0]!=0 ){
/* If TEST_FAILURE is something other than 5, just exit the test
** early */
printf("\nExit early due to TEST_FAILURE being set");
break;
}
}
}
if( !verboseFlag && multiTest && !quietFlag ) printf("\n");
if( nTest>1 && !quietFlag ){
printf("%d fuzz tests with no errors\nSQLite %s %s\n",
nTest, sqlite3_libversion(), sqlite3_sourceid());
|