/ Check-in [14a9e4a3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add the --oom option to fuzzershell.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 14a9e4a377bf2974f5db148c8f86e2c5ffdfa28d
User & Date: drh 2015-04-24 23:45:23
Context
2015-04-25
00:20
Add fflush() calls to fuzzershell to keep stderr and stdout synchronized. check-in: 2b98a252 user: drh tags: trunk
2015-04-24
23:45
Add the --oom option to fuzzershell. check-in: 14a9e4a3 user: drh tags: trunk
18:31
Fix fuzzershell so that it works with SQLITE_OMIT_TRACE. check-in: dc88fe7e user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to tool/fuzzershell.c.

67
68
69
70
71
72
73
74







75
76






77



























78
79
80
81
82
83
84
...
255
256
257
258
259
260
261

262
263
264
265
266
267
268
...
372
373
374
375
376
377
378




379
380

381
382
383
384
385
386
387
...
426
427
428
429
430
431
432



433
434
435
436
437
438
439
...
476
477
478
479
480
481
482







483
484
485
486
487
488
489
...
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
...
607
608
609
610
611
612
613






614
615
616


617
618





619
620
























621
622


623
624


625


626
627

628
629
630
631
632
633
634
















635














636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
#include <ctype.h>
#include "sqlite3.h"

/*
** All global variables are gathered into the "g" singleton.
*/
struct GlobalVars {
  const char *zArgv0;         /* Name of program */







} g;




































/*
** Print an error message and abort in such a way to indicate to the
** fuzzer that this counts as a crash.
*/
static void abendError(const char *zFormat, ...){
  va_list ap;
................................................................................
"Options:\n"
"  --autovacuum          Enable AUTOVACUUM mode\n"
"  -f FILE               Read SQL text from FILE instead of standard input\n"
"  --heap SZ MIN         Memory allocator uses SZ bytes & min allocation MIN\n"
"  --help                Show this help text\n"    
"  --initdb DBFILE       Initialize the in-memory database using template DBFILE\n"
"  --lookaside N SZ      Configure lookaside for N slots of SZ bytes each\n"

"  --pagesize N          Set the page size to N\n"
"  --pcache N SZ         Configure N pages of pagecache each of size SZ bytes\n"
"  -q                    Reduced output\n"
"  --quiet               Reduced output\n"
"  --scratch N SZ        Configure scratch memory for N slots of SZ bytes each\n"
"  --unique-cases FILE   Write all unique test cases to FILE\n"
"  --utf16be             Set text encoding to UTF-16BE\n"
................................................................................
  int nTest = 0;                /* Number of test cases run */
  int multiTest = 0;            /* True if there will be multiple test cases */
  int lastPct = -1;             /* Previous percentage done output */
  sqlite3 *dataDb = 0;          /* Database holding compacted input data */
  sqlite3_stmt *pStmt = 0;      /* Statement to insert testcase into dataDb */
  const char *zDataOut = 0;     /* Write compacted data to this output file */
  int nHeader = 0;              /* Bytes of header comment text on input file */







  g.zArgv0 = argv[0];
  for(i=1; i<argc; i++){
    const char *z = argv[i];
    if( z[0]=='-' ){
      z++;
      if( z[0]=='-' ) z++;
      if( strcmp(z,"autovacuum")==0 ){
................................................................................
          zCkGlob = "'*',*";
        }else if( strcmp(z, "strftime")==0 ){
          iMode = FZMODE_Strftime;
          zCkGlob = "'*',*";
        }else{
          abendError("unknown --mode: %s", z);
        }



      }else
      if( strcmp(z,"pagesize")==0 ){
        if( i>=argc-1 ) abendError("missing argument on %s", argv[i]);
        pageSize = integerValue(argv[++i]);
      }else
      if( strcmp(z,"pcache")==0 ){
        if( i>=argc-2 ) abendError("missing arguments on %s", argv[i]);
................................................................................
  if( verboseFlag ) sqlite3_config(SQLITE_CONFIG_LOG, shellLog, 0);
  if( nHeap>0 ){
    pHeap = malloc( nHeap );
    if( pHeap==0 ) fatalError("cannot allocate %d-byte heap\n", nHeap);
    rc = sqlite3_config(SQLITE_CONFIG_HEAP, pHeap, nHeap, mnHeap);
    if( rc ) abendError("heap configuration failed: %d\n", rc);
  }







  if( nLook>0 ){
    sqlite3_config(SQLITE_CONFIG_LOOKASIDE, 0, 0);
    if( szLook>0 ){
      pLook = malloc( nLook*szLook );
      if( pLook==0 ) fatalError("out of memory");
    }
  }
................................................................................
    }
    cSaved = zIn[iNext];
    zIn[iNext] = 0;
    if( zCkGlob && sqlite3_strglob(zCkGlob,&zIn[i])!=0 ){
      zIn[iNext] = cSaved;
      continue;
    }
    rc = sqlite3_open_v2(
      "main.db", &db,
      SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY,
      0);
    if( rc!=SQLITE_OK ){
      abendError("Unable to open the in-memory database");
    }
    if( pLook ){
      rc = sqlite3_db_config(db, SQLITE_DBCONFIG_LOOKASIDE, pLook, szLook, nLook);
      if( rc!=SQLITE_OK ) abendError("lookaside configuration filed: %d", rc);
    }
    if( zInitDb ){
      sqlite3_backup *pBackup;
      pBackup = sqlite3_backup_init(db, "main", dbInit, "main");
      rc = sqlite3_backup_step(pBackup, -1);
      if( rc!=SQLITE_DONE ){
        abendError("attempt to initialize the in-memory database failed (rc=%d)",
                   rc);
      }
      sqlite3_backup_finish(pBackup);
    }
#ifndef SQLITE_OMIT_TRACE
    if( verboseFlag ) sqlite3_trace(db, traceCallback, 0);
#endif
    sqlite3_create_function(db, "eval", 1, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
    sqlite3_create_function(db, "eval", 2, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
    sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 1000000);
    if( zEncoding ) sqlexec(db, "PRAGMA encoding=%s", zEncoding);
    if( pageSize ) sqlexec(db, "PRAGMA pagesize=%d", pageSize);
    if( doAutovac ) sqlexec(db, "PRAGMA auto_vacuum=FULL");
    zSql = &zIn[i];
    if( verboseFlag ){
      printf("INPUT (offset: %d, size: %d): [%s]\n",
              i, (int)strlen(&zIn[i]), &zIn[i]);
    }else if( multiTest && !quietFlag ){
      int pct = 10*iNext/nIn;
      if( pct!=lastPct ){
        if( lastPct<0 ) printf("fuzz test:");
        printf(" %d%%", pct*10);
        fflush(stdout);
        lastPct = pct;
      }
    }
    switch( iMode ){
      case FZMODE_Glob:
        zSql = zToFree = sqlite3_mprintf("SELECT glob(%s);", zSql);
................................................................................
      case FZMODE_Printf:
        zSql = zToFree = sqlite3_mprintf("SELECT printf(%s);", zSql);
        break;
      case FZMODE_Strftime:
        zSql = zToFree = sqlite3_mprintf("SELECT strftime(%s);", zSql);
        break;
    }






    zErrMsg = 0;
    rc = sqlite3_exec(db, zSql, verboseFlag ? execCallback : execNoop, 0, &zErrMsg);
    if( zToFree ){


      sqlite3_free(zToFree);
      zToFree = 0;





    }
    zIn[iNext] = cSaved;
























    if( verboseFlag ){
      printf("RESULT-CODE: %d\n", rc);


      if( zErrMsg ){
        printf("ERROR-MSG: [%s]\n", zErrMsg);


      }


    }
    sqlite3_free(zErrMsg);

    rc = sqlite3_close(db);
    if( rc ){
      abendError("sqlite3_close() failed with rc=%d", rc);
    }
    if( sqlite3_memory_used()>0 ){
      abendError("memory in use after close: %lld bytes", sqlite3_memory_used());
    }
















    if( nTest==1 ){














      /* Simulate an error if the TEST_FAILURE environment variable is "5" */
      char *zFailCode = getenv("TEST_FAILURE");
      if( zFailCode ){
        if( zFailCode[0]=='5' && zFailCode[1]==0 ){
          abendError("simulated failure");
        }else if( zFailCode[0]!=0 ){
          /* If TEST_FAILURE is something other than 5, just exit the test
          ** early */
          printf("\nExit early due to TEST_FAILURE being set");
          break;
        }
      }
    }
  }
  if( !verboseFlag && multiTest && !quietFlag ) printf("\n");
  if( nTest>1 && !quietFlag ){
    printf("%d fuzz tests with no errors\nSQLite %s %s\n",
           nTest, sqlite3_libversion(), sqlite3_sourceid());







|
>
>
>
>
>
>
>


>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







 







>







 







>
>
>
>


>







 







>
>
>







 







>
>
>
>
>
>
>







 







<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<





|


|







 







>
>
>
>
>
>
|
<
<
>
>
|
<
>
>
>
>
>
|
<
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
>
|
<
>
>
|
>
>
|
<
>
|
|
|
|
|
|
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
|
|
|
|
|
|
|
|
<







67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
...
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
...
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
...
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
...
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
...
609
610
611
612
613
614
615






























616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
...
633
634
635
636
637
638
639
640
641
642
643
644
645
646


647
648
649

650
651
652
653
654
655

656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680

681
682
683

684
685
686
687
688
689

690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729

730
731
732
733
734
735
736
737

738
739
740
741
742
743
744
#include <ctype.h>
#include "sqlite3.h"

/*
** All global variables are gathered into the "g" singleton.
*/
struct GlobalVars {
  const char *zArgv0;              /* Name of program */
  sqlite3_mem_methods sOrigMem;    /* Original memory methods */
  sqlite3_mem_methods sOomMem;     /* Memory methods with OOM simulator */
  int iOomCntdown;                 /* Memory fails on 1 to 0 transition */
  int nOomFault;                   /* Increments for each OOM fault */
  int bOomOnce;                    /* Fail just once if true */
  int bOomEnable;                  /* True to enable OOM simulation */
  int nOomBrkpt;                   /* Number of calls to oomFault() */
} g;

/*
** This routine is called when a simulated OOM occurs.  It exists as a
** convenient place to set a debugger breakpoint.
*/
static void oomFault(void){
  g.nOomBrkpt++;
}


/* Versions of malloc() and realloc() that simulate OOM conditions */
static void *oomMalloc(int nByte){
  if( nByte>0 && g.bOomEnable && g.iOomCntdown>0 ){
    g.iOomCntdown--;
    if( g.iOomCntdown==0 ){
      if( g.nOomFault==0 ) oomFault();
      g.nOomFault++;
      if( !g.bOomOnce ) g.iOomCntdown = 1;
      return 0;
    }
  }
  return g.sOrigMem.xMalloc(nByte);
}
static void *oomRealloc(void *pOld, int nByte){
  if( nByte>0 && g.bOomEnable && g.iOomCntdown>0 ){
    g.iOomCntdown--;
    if( g.iOomCntdown==0 ){
      if( g.nOomFault==0 ) oomFault();
      g.nOomFault++;
      if( !g.bOomOnce ) g.iOomCntdown = 1;
      return 0;
    }
  }
  return g.sOrigMem.xRealloc(pOld, nByte);
}

/*
** Print an error message and abort in such a way to indicate to the
** fuzzer that this counts as a crash.
*/
static void abendError(const char *zFormat, ...){
  va_list ap;
................................................................................
"Options:\n"
"  --autovacuum          Enable AUTOVACUUM mode\n"
"  -f FILE               Read SQL text from FILE instead of standard input\n"
"  --heap SZ MIN         Memory allocator uses SZ bytes & min allocation MIN\n"
"  --help                Show this help text\n"    
"  --initdb DBFILE       Initialize the in-memory database using template DBFILE\n"
"  --lookaside N SZ      Configure lookaside for N slots of SZ bytes each\n"
"  --oom                 Run each test multiple times in a simulated OOM loop\n"
"  --pagesize N          Set the page size to N\n"
"  --pcache N SZ         Configure N pages of pagecache each of size SZ bytes\n"
"  -q                    Reduced output\n"
"  --quiet               Reduced output\n"
"  --scratch N SZ        Configure scratch memory for N slots of SZ bytes each\n"
"  --unique-cases FILE   Write all unique test cases to FILE\n"
"  --utf16be             Set text encoding to UTF-16BE\n"
................................................................................
  int nTest = 0;                /* Number of test cases run */
  int multiTest = 0;            /* True if there will be multiple test cases */
  int lastPct = -1;             /* Previous percentage done output */
  sqlite3 *dataDb = 0;          /* Database holding compacted input data */
  sqlite3_stmt *pStmt = 0;      /* Statement to insert testcase into dataDb */
  const char *zDataOut = 0;     /* Write compacted data to this output file */
  int nHeader = 0;              /* Bytes of header comment text on input file */
  int oomFlag = 0;              /* --oom */
  int oomCnt = 0;               /* Counter for the OOM loop */
  char zErrBuf[200];            /* Space for the error message */
  const char *zFailCode;        /* Value of the TEST_FAILURE environment var */


  zFailCode = getenv("TEST_FAILURE");
  g.zArgv0 = argv[0];
  for(i=1; i<argc; i++){
    const char *z = argv[i];
    if( z[0]=='-' ){
      z++;
      if( z[0]=='-' ) z++;
      if( strcmp(z,"autovacuum")==0 ){
................................................................................
          zCkGlob = "'*',*";
        }else if( strcmp(z, "strftime")==0 ){
          iMode = FZMODE_Strftime;
          zCkGlob = "'*',*";
        }else{
          abendError("unknown --mode: %s", z);
        }
      }else
      if( strcmp(z,"oom")==0 ){
        oomFlag = 1;
      }else
      if( strcmp(z,"pagesize")==0 ){
        if( i>=argc-1 ) abendError("missing argument on %s", argv[i]);
        pageSize = integerValue(argv[++i]);
      }else
      if( strcmp(z,"pcache")==0 ){
        if( i>=argc-2 ) abendError("missing arguments on %s", argv[i]);
................................................................................
  if( verboseFlag ) sqlite3_config(SQLITE_CONFIG_LOG, shellLog, 0);
  if( nHeap>0 ){
    pHeap = malloc( nHeap );
    if( pHeap==0 ) fatalError("cannot allocate %d-byte heap\n", nHeap);
    rc = sqlite3_config(SQLITE_CONFIG_HEAP, pHeap, nHeap, mnHeap);
    if( rc ) abendError("heap configuration failed: %d\n", rc);
  }
  if( oomFlag ){
    sqlite3_config(SQLITE_CONFIG_GETMALLOC, &g.sOrigMem);
    g.sOomMem = g.sOrigMem;
    g.sOomMem.xMalloc = oomMalloc;
    g.sOomMem.xRealloc = oomRealloc;
    sqlite3_config(SQLITE_CONFIG_MALLOC, &g.sOomMem);
  }
  if( nLook>0 ){
    sqlite3_config(SQLITE_CONFIG_LOOKASIDE, 0, 0);
    if( szLook>0 ){
      pLook = malloc( nLook*szLook );
      if( pLook==0 ) fatalError("out of memory");
    }
  }
................................................................................
    }
    cSaved = zIn[iNext];
    zIn[iNext] = 0;
    if( zCkGlob && sqlite3_strglob(zCkGlob,&zIn[i])!=0 ){
      zIn[iNext] = cSaved;
      continue;
    }






























    zSql = &zIn[i];
    if( verboseFlag ){
      printf("INPUT (offset: %d, size: %d): [%s]\n",
              i, (int)strlen(&zIn[i]), &zIn[i]);
    }else if( multiTest && !quietFlag ){
      int pct = oomFlag ? 100*iNext/nIn : ((10*iNext)/nIn)*10;
      if( pct!=lastPct ){
        if( lastPct<0 ) printf("fuzz test:");
        printf(" %d%%", pct);
        fflush(stdout);
        lastPct = pct;
      }
    }
    switch( iMode ){
      case FZMODE_Glob:
        zSql = zToFree = sqlite3_mprintf("SELECT glob(%s);", zSql);
................................................................................
      case FZMODE_Printf:
        zSql = zToFree = sqlite3_mprintf("SELECT printf(%s);", zSql);
        break;
      case FZMODE_Strftime:
        zSql = zToFree = sqlite3_mprintf("SELECT strftime(%s);", zSql);
        break;
    }
    if( oomFlag ){
      oomCnt = g.iOomCntdown = 1;
      g.nOomFault = 0;
      g.bOomOnce = 1;
      if( verboseFlag ) printf("Once.%d\n", oomCnt);
    }else{
      oomCnt = 0;


    }
    do{
      rc = sqlite3_open_v2(

        "main.db", &db,
        SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY,
        0);
      if( rc!=SQLITE_OK ){
        abendError("Unable to open the in-memory database");
      }

      if( pLook ){
        rc = sqlite3_db_config(db, SQLITE_DBCONFIG_LOOKASIDE, pLook, szLook, nLook);
        if( rc!=SQLITE_OK ) abendError("lookaside configuration filed: %d", rc);
      }
      if( zInitDb ){
        sqlite3_backup *pBackup;
        pBackup = sqlite3_backup_init(db, "main", dbInit, "main");
        rc = sqlite3_backup_step(pBackup, -1);
        if( rc!=SQLITE_DONE ){
          abendError("attempt to initialize the in-memory database failed (rc=%d)",
                     rc);
        }
        sqlite3_backup_finish(pBackup);
      }
  #ifndef SQLITE_OMIT_TRACE
      if( verboseFlag ) sqlite3_trace(db, traceCallback, 0);
  #endif
      sqlite3_create_function(db, "eval", 1, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
      sqlite3_create_function(db, "eval", 2, SQLITE_UTF8, 0, sqlEvalFunc, 0, 0);
      sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 1000000);
      if( zEncoding ) sqlexec(db, "PRAGMA encoding=%s", zEncoding);
      if( pageSize ) sqlexec(db, "PRAGMA pagesize=%d", pageSize);
      if( doAutovac ) sqlexec(db, "PRAGMA auto_vacuum=FULL");
      g.bOomEnable = 1;
      if( verboseFlag ){

        zErrMsg = 0;
        rc = sqlite3_exec(db, zSql, execCallback, 0, &zErrMsg);
        if( zErrMsg ){

          sqlite3_snprintf(sizeof(zErrBuf),zErrBuf,"%z", zErrMsg);
          zErrMsg = 0;
        }
      }else {
        rc = sqlite3_exec(db, zSql, execNoop, 0, 0);
      }

      g.bOomEnable = 0;
      rc = sqlite3_close(db);
      if( rc ){
        abendError("sqlite3_close() failed with rc=%d", rc);
      }
      if( sqlite3_memory_used()>0 ){
        abendError("memory in use after close: %lld bytes", sqlite3_memory_used());
      }
      if( oomFlag ){
        if( g.nOomFault==0 || oomCnt>2000 ){
          if( g.bOomOnce ){
            oomCnt = g.iOomCntdown = 1;
            g.bOomOnce = 0;
          }else{
            oomCnt = 0;
          }
        }else{
          g.iOomCntdown = ++oomCnt;
          g.nOomFault = 0;
        }
        if( oomCnt ){
          if( verboseFlag ){
            printf("%s.%d\n", g.bOomOnce ? "Once" : "Multi", oomCnt);
          }
          nTest++;
        }
      }
    }while( oomCnt>0 );
    if( zToFree ){
      sqlite3_free(zToFree);
      zToFree = 0;
    }
    zIn[iNext] = cSaved;
    if( verboseFlag ){
      printf("RESULT-CODE: %d\n", rc);
      if( zErrMsg ){
        printf("ERROR-MSG: [%s]\n", zErrBuf);
      }
    }
    /* Simulate an error if the TEST_FAILURE environment variable is "5" */

    if( zFailCode ){
      if( zFailCode[0]=='5' && zFailCode[1]==0 ){
        abendError("simulated failure");
      }else if( zFailCode[0]!=0 ){
        /* If TEST_FAILURE is something other than 5, just exit the test
        ** early */
        printf("\nExit early due to TEST_FAILURE being set");
        break;

      }
    }
  }
  if( !verboseFlag && multiTest && !quietFlag ) printf("\n");
  if( nTest>1 && !quietFlag ){
    printf("%d fuzz tests with no errors\nSQLite %s %s\n",
           nTest, sqlite3_libversion(), sqlite3_sourceid());