Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Make dbsqlfuzz one of the primary test harnesses for SQLite. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
b56e6bd24650ed311fb19212a44fb339 |
User & Date: | drh 2020-05-22 12:05:52.160 |
Context
2020-05-22
| ||
12:12 | Add a news item for the 3.32.0 release. Change the release date to today. (check-in: 4e9d9494bb user: drh tags: trunk) | |
12:05 | Make dbsqlfuzz one of the primary test harnesses for SQLite. (check-in: b56e6bd246 user: drh tags: trunk) | |
11:43 | Update testing metrics. (check-in: f09dcc9b65 user: drh tags: trunk) | |
Changes
Changes to pages/testing.in.
︙ | ︙ | |||
70 71 72 73 74 75 76 77 78 79 80 81 82 83 | set stat(sltNTest) 7195342 ;# Number of test cases in SLT # grep 'errors out of' all-out.txt | awk '{x+=$5}END{print x}' set stat(sltNRun) 11879758 ;# Number of tests run in SLT # grep 'assert(' sqlite3.c | wc set stat(nAssert) 5835 ;# Number of assert statements # grep 'testcase(' sqlite3.c | grep -v define | wc set stat(nTestcase) 1096 ;# Number of testcase statements set stat(totalSLOC) [expr {$stat(tclcSLOC)+$stat(tclsSLOC)+ $stat(th3SLOC)+$stat(sltcSLOC)+$stat(sltsSLOC)}] proc GB {expr} { set n [uplevel #0 expr $expr] hd_puts [format %.2f [expr {$n/(1000.0*1000.0*1000.0)}]] | > > > > | 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 | set stat(sltNTest) 7195342 ;# Number of test cases in SLT # grep 'errors out of' all-out.txt | awk '{x+=$5}END{print x}' set stat(sltNRun) 11879758 ;# Number of tests run in SLT # grep 'assert(' sqlite3.c | wc set stat(nAssert) 5835 ;# Number of assert statements # grep 'testcase(' sqlite3.c | grep -v define | wc set stat(nTestcase) 1096 ;# Number of testcase statements # ls seeds | wc set stat(nfuzzseed) 231 ;# Number of dbsqlfuzz seeds # ls cases | wc ;# run after -merge=1 set stat(nfuzzpath) 46214 ;# Number of discovered paths set stat(totalSLOC) [expr {$stat(tclcSLOC)+$stat(tclsSLOC)+ $stat(th3SLOC)+$stat(sltcSLOC)+$stat(sltsSLOC)}] proc GB {expr} { set n [uplevel #0 expr $expr] hd_puts [format %.2f [expr {$n/(1000.0*1000.0*1000.0)}]] |
︙ | ︙ | |||
123 124 125 126 127 128 129 | </tcl> test code and test scripts - <tcl>KB {$stat(totalSLOC)}</tcl> KSLOC.</p> <h2>Executive Summary</h2> <ul> | | | | 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 | </tcl> test code and test scripts - <tcl>KB {$stat(totalSLOC)}</tcl> KSLOC.</p> <h2>Executive Summary</h2> <ul> <li> Four independently developed test harnesses <li> 100% branch test coverage in an as-deployed configuration <li> Millions and millions of test cases <li> Out-of-memory tests <li> I/O error tests <li> Crash and power loss tests <li> Fuzz tests <li> Boundary value tests <li> Disabled optimization tests <li> Regression tests <li> Malformed database tests <li> Extensive use of assert() and run-time checks <li> Valgrind analysis <li> Undefined behavior checks <li> Checklists </ul> <tcl>hd_fragment {harnesses} {test harness} {three test harnesses}</tcl> <h1>Test Harnesses</h1> <p>There are four independent test harnesses used for testing the core SQLite library. Each test harness is designed, maintained, and managed separately from the others. </p> <ol> <li><p> |
︙ | ︙ | |||
196 197 198 199 200 201 202 203 204 | or SLT test harness is used to run huge numbers of SQL statements against both SQLite and several other SQL database engines and verify that they all get the same answers. SLT currently compares SQLite against PostgreSQL, MySQL, Microsoft SQL Server, and Oracle 10g. SLT runs <tcl>MB {$stat(sltNTest)}</tcl> million queries comprising <tcl>GB {$stat(sltsNByte)}</tcl>GB of test data. </p></li> </ol> | > > > > > > > > > > > > > > > | | | 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 | or SLT test harness is used to run huge numbers of SQL statements against both SQLite and several other SQL database engines and verify that they all get the same answers. SLT currently compares SQLite against PostgreSQL, MySQL, Microsoft SQL Server, and Oracle 10g. SLT runs <tcl>MB {$stat(sltNTest)}</tcl> million queries comprising <tcl>GB {$stat(sltsNByte)}</tcl>GB of test data. </p></li> <li><p> The <a href="#dbsqlfuzz"><b>dbsqlfuzz</b></a> engine is a proprietary fuzz tester. Other [fuzz testing|fuzzers for SQLite] mutate either the SQL inputs or the database file. Dbsqlfuzz mutates both the SQL and the database file at the same time, and is thus able to reach new error states. Dbsqlfuzz is built using the [http://llvm.org/docs/LibFuzzer.html|libFuzzer] framework of LLVM with a custom mutator. Starting from <tcl>hd_puts $stat(nfuzzseed)</tcl> seed files, the dbsqlfuzz fuzzer has examined many tens of millions of mutations, resulting in <tcl>hd_puts $stat(nfuzzpath)</tcl> distinct test cases that form the basis of each new fuzzing session. Dbsqlfuzz helps ensure that SQLite is robust against attack via malicious SQL or database inputs. </ol> <p>In addition to the four main test harnesses, there several other small programs that implement specialized tests. <ol> <li value="5">The "speedtest1.c" program estimates the performance of SQLite under a typical workload. <li>The "mptester.c" program is a stress test for multiple processes concurrently reading and writing a single database. <li>The "threadtest3.c" program is a stress test for multiple threads using SQLite simultaneously. <li>The "fuzzershell.c" program is used to run some <a href="#fuzztesting">fuzz tests</a>. |
︙ | ︙ | |||
435 436 437 438 439 440 441 442 443 444 445 446 447 448 | text to be run against that database. Because it mutates both the input database and the input SQL at the same time, dbsqlfuzz has been able to find some obscure faults in SQLite that were missed by prior fuzzers that mutated only SQL inputs or only the database file. The SQLite developers usually leave an instance or two of dbsqlfuzz running on the latest trunk code of SQLite whenever they are away from the office for an extended period, such as overnight.</p> <tcl>hd_fragment 3pfuzz {3rd-party fuzzers}</tcl> <h3>Other third-party fuzzers</h3> <p>SQLite seems to be a popular target for third-parties to fuzz. The developers hear about many attempts to fuzz SQLite and they do occasionally get bug reports found by independent | > > > > | 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 | text to be run against that database. Because it mutates both the input database and the input SQL at the same time, dbsqlfuzz has been able to find some obscure faults in SQLite that were missed by prior fuzzers that mutated only SQL inputs or only the database file. The SQLite developers usually leave an instance or two of dbsqlfuzz running on the latest trunk code of SQLite whenever they are away from the office for an extended period, such as overnight.</p> <p>The dbsqlfuzz fuzzer has been so successful at hardening the SQLite code base against malicious attack that it is now considered one of the four primary test harnesses for SQLite. <tcl>hd_fragment 3pfuzz {3rd-party fuzzers}</tcl> <h3>Other third-party fuzzers</h3> <p>SQLite seems to be a popular target for third-parties to fuzz. The developers hear about many attempts to fuzz SQLite and they do occasionally get bug reports found by independent |
︙ | ︙ |