Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add further test cases and minor fixes for the fuzzer. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
583dde93a9176ba4fff85241bafbbe4e |
User & Date: | dan 2012-02-21 10:36:27.146 |
Context
2012-02-21
| ||
14:11 | Further fuzzer test cases. Fix a case in the fuzzer where an error code was being dropped. (check-in: 8b77d3953f user: dan tags: trunk) | |
10:36 | Add further test cases and minor fixes for the fuzzer. (check-in: 583dde93a9 user: dan tags: trunk) | |
2012-02-20
| ||
22:44 | Updates to the instructions in the header comment of the fuzzer implementation. New test cases for the fuzzer. (check-in: bf1dc7907c user: drh tags: trunk) | |
Changes
Changes to src/test_fuzzer.c.
︙ | ︙ | |||
137 138 139 140 141 142 143 144 145 146 147 148 149 150 | ** ** LIMITS ** ** The maximum ruleset number is 2147483647. The maximum length of either ** of the strings in the second or third column of the fuzzer data table ** is 50 bytes. The maximum cost on a rule is 1000. */ #include "sqlite3.h" #include <stdlib.h> #include <string.h> #include <assert.h> #include <stdio.h> #ifndef SQLITE_OMIT_VIRTUALTABLE | > > > > > > | 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 | ** ** LIMITS ** ** The maximum ruleset number is 2147483647. The maximum length of either ** of the strings in the second or third column of the fuzzer data table ** is 50 bytes. The maximum cost on a rule is 1000. */ /* If SQLITE_DEBUG is not defined, disable assert statements. */ #ifndef SQLITE_DEBUG # define NDEBUG #endif #include "sqlite3.h" #include <stdlib.h> #include <string.h> #include <assert.h> #include <stdio.h> #ifndef SQLITE_OMIT_VIRTUALTABLE |
︙ | ︙ | |||
285 286 287 288 289 290 291 | */ static int fuzzerLoadOneRule( fuzzer_vtab *p, /* Fuzzer virtual table handle */ sqlite3_stmt *pStmt, /* Base rule on statements current row */ fuzzer_rule **ppRule, /* OUT: New rule object */ char **pzErr /* OUT: Error message */ ){ | | | 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 | */ static int fuzzerLoadOneRule( fuzzer_vtab *p, /* Fuzzer virtual table handle */ sqlite3_stmt *pStmt, /* Base rule on statements current row */ fuzzer_rule **ppRule, /* OUT: New rule object */ char **pzErr /* OUT: Error message */ ){ sqlite3_int64 iRuleset = sqlite3_column_int64(pStmt, 0); const char *zFrom = (const char *)sqlite3_column_text(pStmt, 1); const char *zTo = (const char *)sqlite3_column_text(pStmt, 2); int nCost = sqlite3_column_int(pStmt, 3); int rc = SQLITE_OK; /* Return code */ int nFrom; /* Size of string zFrom, in bytes */ int nTo; /* Size of string zTo, in bytes */ |
︙ | ︙ | |||
307 308 309 310 311 312 313 | /* Silently ignore null transformations */ if( strcmp(zFrom, zTo)==0 ){ *ppRule = 0; return SQLITE_OK; } if( nCost<=0 || nCost>FUZZER_MX_COST ){ | | > > | > > | | > | | 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 | /* Silently ignore null transformations */ if( strcmp(zFrom, zTo)==0 ){ *ppRule = 0; return SQLITE_OK; } if( nCost<=0 || nCost>FUZZER_MX_COST ){ *pzErr = sqlite3_mprintf("%s: cost must be between 1 and %d", p->zClassName, FUZZER_MX_COST ); rc = SQLITE_ERROR; }else if( nFrom>FUZZER_MX_LENGTH || nTo>FUZZER_MX_LENGTH ){ *pzErr = sqlite3_mprintf("%s: maximum string length is %d", p->zClassName, FUZZER_MX_LENGTH ); rc = SQLITE_ERROR; }else if( iRuleset<0 || iRuleset>FUZZER_MX_RULEID ){ *pzErr = sqlite3_mprintf("%s: ruleset must be between 0 and %d", p->zClassName, FUZZER_MX_RULEID ); rc = SQLITE_ERROR; }else{ pRule = sqlite3_malloc( sizeof(*pRule) + nFrom + nTo ); if( pRule==0 ){ rc = SQLITE_NOMEM; }else{ memset(pRule, 0, sizeof(*pRule)); pRule->zFrom = &pRule->zTo[nTo+1]; pRule->nFrom = nFrom; memcpy(pRule->zFrom, zFrom, nFrom+1); memcpy(pRule->zTo, zTo, nTo+1); pRule->nTo = nTo; pRule->rCost = nCost; pRule->iRuleset = (int)iRuleset; } } *ppRule = pRule; return rc; } |
︙ | ︙ | |||
415 416 417 418 419 420 421 422 423 424 425 426 427 428 | assert( p->pRule==0 ); p->pRule = pHead; } return rc; } /* ** xConnect/xCreate method for the fuzzer module. Arguments are: ** ** argv[0] -> module name ("fuzzer") ** argv[1] -> database name ** argv[2] -> table name | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 | assert( p->pRule==0 ); p->pRule = pHead; } return rc; } /* ** This function converts an SQL quoted string into an unquoted string ** and returns a pointer to a buffer allocated using sqlite3_malloc() ** containing the result. The caller should eventually free this buffer ** using sqlite3_free. ** ** Examples: ** ** "abc" becomes abc ** 'xyz' becomes xyz ** [pqr] becomes pqr ** `mno` becomes mno */ static char *fuzzerDequote(const char *zIn){ int nIn; /* Size of input string, in bytes */ char *zOut; /* Output (dequoted) string */ nIn = strlen(zIn); zOut = sqlite3_malloc(nIn+1); if( zOut ){ char q = zIn[0]; /* Quote character (if any ) */ if( q!='[' && q!= '\'' && q!='"' && q!='`' ){ memcpy(zOut, zIn, nIn+1); }else{ int iOut = 0; /* Index of next byte to write to output */ int iIn; /* Index of next byte to read from input */ if( q=='[' ) q = ']'; for(iIn=1; iIn<nIn; iIn++){ if( zIn[iIn]==q ) iIn++; zOut[iOut++] = zIn[iIn]; } } assert( strlen(zOut)<=nIn ); } return zOut; } /* ** xDisconnect/xDestroy method for the fuzzer module. */ static int fuzzerDisconnect(sqlite3_vtab *pVtab){ fuzzer_vtab *p = (fuzzer_vtab*)pVtab; assert( p->nCursor==0 ); while( p->pRule ){ fuzzer_rule *pRule = p->pRule; p->pRule = pRule->pNext; sqlite3_free(pRule); } sqlite3_free(p); return SQLITE_OK; } /* ** xConnect/xCreate method for the fuzzer module. Arguments are: ** ** argv[0] -> module name ("fuzzer") ** argv[1] -> database name ** argv[2] -> table name |
︙ | ︙ | |||
449 450 451 452 453 454 455 456 457 458 459 | int nModule; /* Length of zModule, in bytes */ nModule = strlen(zModule); pNew = sqlite3_malloc( sizeof(*pNew) + nModule + 1); if( pNew==0 ){ rc = SQLITE_NOMEM; }else{ memset(pNew, 0, sizeof(*pNew)); pNew->zClassName = (char*)&pNew[1]; memcpy(pNew->zClassName, zModule, nModule+1); | > > > > > > | > > > | | < < < < < < < < < < < < < < < < | 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 | int nModule; /* Length of zModule, in bytes */ nModule = strlen(zModule); pNew = sqlite3_malloc( sizeof(*pNew) + nModule + 1); if( pNew==0 ){ rc = SQLITE_NOMEM; }else{ char *zTab; /* Dequoted name of fuzzer data table */ memset(pNew, 0, sizeof(*pNew)); pNew->zClassName = (char*)&pNew[1]; memcpy(pNew->zClassName, zModule, nModule+1); zTab = fuzzerDequote(argv[3]); if( zTab==0 ){ rc = SQLITE_NOMEM; }else{ rc = fuzzerLoadRules(db, pNew, zDb, zTab, pzErr); sqlite3_free(zTab); } if( rc==SQLITE_OK ){ sqlite3_declare_vtab(db, "CREATE TABLE x(word, distance, ruleset)"); }else{ fuzzerDisconnect((sqlite3_vtab *)pNew); pNew = 0; } } } *ppVtab = (sqlite3_vtab *)pNew; return rc; } /* ** Open a new fuzzer cursor. */ static int fuzzerOpen(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor){ fuzzer_vtab *p = (fuzzer_vtab*)pVTab; fuzzer_cursor *pCur; |
︙ | ︙ |
Changes to test/fuzzer1.test.
︙ | ︙ | |||
17 18 19 20 21 22 23 24 25 26 27 28 29 30 | set testdir [file dirname $argv0] source $testdir/tester.tcl ifcapable !vtab { finish_test return } register_fuzzer_module db # Check configuration errors. # | > > | 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | set testdir [file dirname $argv0] source $testdir/tester.tcl ifcapable !vtab { finish_test return } set ::testprefix fuzzer1 register_fuzzer_module db # Check configuration errors. # |
︙ | ︙ | |||
1533 1534 1535 1536 1537 1538 1539 1540 1541 | ATTACH 'test.db2' AS aux; CREATE TABLE aux.f3_rules(ruleset, cfrom, cto, cost); INSERT INTO f3_rules(ruleset, cfrom, cto, cost) VALUES(0, 'x','y', 10); INSERT INTO f3_rules(ruleset, cfrom, cto, cost) VALUES(1, 'a','b', 10); CREATE VIRTUAL TABLE aux.f3 USING fuzzer(f3_rules); SELECT word FROM f3 WHERE word MATCH 'ax' } {ax ay} finish_test | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 | ATTACH 'test.db2' AS aux; CREATE TABLE aux.f3_rules(ruleset, cfrom, cto, cost); INSERT INTO f3_rules(ruleset, cfrom, cto, cost) VALUES(0, 'x','y', 10); INSERT INTO f3_rules(ruleset, cfrom, cto, cost) VALUES(1, 'a','b', 10); CREATE VIRTUAL TABLE aux.f3 USING fuzzer(f3_rules); SELECT word FROM f3 WHERE word MATCH 'ax' } {ax ay} #------------------------------------------------------------------------- # # 1.5.1 - Check things work with a fuzzer data table name that requires # quoting. Also that NULL entries in the "from" column of the # data table are treated as zero length strings (''). # # 1.5.2 - Check that no-op rules (i.e. C->C) are ignored. Test NULL in # the "to" column of a fuzzer data table. # # 1.5.3 - Test out-of-range values for the cost field of the data table. # # 1.5.4 - Test out-of-range values for the string fields of the data table. # # 1.5.5 - Test out-of-range values for the ruleset field of the data table. # do_execsql_test 5.1 { CREATE TABLE "fuzzer [x] rules table"(a, b, c, d); INSERT INTO "fuzzer [x] rules table" VALUES(0, NULL, 'abc', 10); CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); SELECT word, distance FROM x WHERE word MATCH '123' LIMIT 4; } {123 0 abc123 10 1abc23 10 12abc3 10} do_execsql_test 5.2 { DELETE FROM "fuzzer [x] rules table"; INSERT INTO "fuzzer [x] rules table" VALUES(0, 'x', NULL, 20); INSERT INTO "fuzzer [x] rules table" VALUES(0, NULL, NULL, 10); INSERT INTO "fuzzer [x] rules table" VALUES(0, 'x', 'x', 10); DROP TABLE x; CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); SELECT word, distance FROM x WHERE word MATCH 'xx'; } {xx 0 x 20 {} 40} do_execsql_test 5.3.1 { DROP TABLE IF EXISTS x; INSERT INTO "fuzzer [x] rules table" VALUES(0, 'c', 'd', 1001); } do_catchsql_test 5.3.2 { CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); } {1 {fuzzer: cost must be between 1 and 1000}} do_execsql_test 5.3.3 { DROP TABLE IF EXISTS x; DELETE FROM "fuzzer [x] rules table"; INSERT INTO "fuzzer [x] rules table" VALUES(0, 'd', 'c', 0); } do_catchsql_test 5.3.4 { CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); } {1 {fuzzer: cost must be between 1 and 1000}} do_execsql_test 5.3.5 { DROP TABLE IF EXISTS x; DELETE FROM "fuzzer [x] rules table"; INSERT INTO "fuzzer [x] rules table" VALUES(0, 'd', 'c', -20); } do_catchsql_test 5.3.6 { CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); } {1 {fuzzer: cost must be between 1 and 1000}} do_execsql_test 5.4.1 { DROP TABLE IF EXISTS x; DELETE FROM "fuzzer [x] rules table"; INSERT INTO "fuzzer [x] rules table" VALUES( 0, 'x', '12345678901234567890123456789012345678901234567890', 2 ); CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); SELECT word FROM x WHERE word MATCH 'x'; } {x 12345678901234567890123456789012345678901234567890} do_execsql_test 5.4.2 { DROP TABLE IF EXISTS x; DELETE FROM "fuzzer [x] rules table"; INSERT INTO "fuzzer [x] rules table" VALUES( 0, 'x', '123456789012345678901234567890123456789012345678901', 2 ); } do_catchsql_test 5.4.3 { CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); } {1 {fuzzer: maximum string length is 50}} do_execsql_test 5.4.4 { DROP TABLE IF EXISTS x; DELETE FROM "fuzzer [x] rules table"; INSERT INTO "fuzzer [x] rules table" VALUES( 0, '123456789012345678901234567890123456789012345678901', 'x', 2 ); } do_catchsql_test 5.4.5 { CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); } {1 {fuzzer: maximum string length is 50}} do_execsql_test 5.5.1 { DROP TABLE IF EXISTS x; DELETE FROM "fuzzer [x] rules table"; INSERT INTO "fuzzer [x] rules table" VALUES(-1, 'x', 'y', 2); } do_catchsql_test 5.5.2 { CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); } {1 {fuzzer: ruleset must be between 0 and 2147483647}} do_execsql_test 5.5.3 { DROP TABLE IF EXISTS x; DELETE FROM "fuzzer [x] rules table"; INSERT INTO "fuzzer [x] rules table" VALUES((1<<32)+100, 'x', 'y', 2); } do_catchsql_test 5.5.4 { CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table'); } {1 {fuzzer: ruleset must be between 0 and 2147483647}} #------------------------------------------------------------------------- # This test uses a fuzzer table with many rules. There is one rule to # map each possible two character string, where characters are lower-case # letters used in the English language, to all other possible two character # strings. In total, (26^4)-(26^2) mappings (the subtracted term represents # the no-op mappings discarded automatically by the fuzzer). # # do_execsql_test 6.1.1 { DROP TABLE IF EXISTS x1; DROP TABLE IF EXISTS x1_rules; CREATE TABLE x1_rules(ruleset, cFrom, cTo, cost); } puts "This test is slow - perhaps around 7 seconds on an average pc" do_test 6.1.2 { set LETTERS {a b c d e f g h i j k l m n o p q r s t u v w x y z} set cost 1 db transaction { foreach c1 $LETTERS { foreach c2 $LETTERS { foreach c3 $LETTERS { foreach c4 $LETTERS { db eval {INSERT INTO x1_rules VALUES(0, $c1||$c2, $c3||$c4, $cost)} set cost [expr ($cost%1000) + 1] } } } } db eval {UPDATE x1_rules SET cost = 20 WHERE cost<20 AND cFrom!='xx'} } } {} do_execsql_test 6.2 { SELECT count(*) FROM x1_rules WHERE cTo!=cFrom; } [expr 26*26*26*26 - 26*26] do_execsql_test 6.2.1 { CREATE VIRTUAL TABLE x1 USING fuzzer(x1_rules); SELECT word FROM x1 WHERE word MATCH 'xx' LIMIT 10; } {xx hw hx hy hz ia ib ic id ie} do_execsql_test 6.2.2 { SELECT cTo FROM x1_rules WHERE cFrom='xx' ORDER BY cost asc, rowid asc LIMIT 9; } {hw hx hy hz ia ib ic id ie} #------------------------------------------------------------------------- # Test using different types of quotes with CREATE VIRTUAL TABLE # arguments. # do_execsql_test 7.1 { CREATE TABLE [x2 "rules] (a, b, c, d); INSERT INTO [x2 "rules] VALUES(0, 'a', 'b', 5); } foreach {tn sql} { 1 { CREATE VIRTUAL TABLE x2 USING fuzzer( [x2 "rules] ) } 2 { CREATE VIRTUAL TABLE x2 USING fuzzer( "x2 ""rules" ) } 3 { CREATE VIRTUAL TABLE x2 USING fuzzer( 'x2 "rules' ) } 4 { CREATE VIRTUAL TABLE x2 USING fuzzer( `x2 "rules` ) } } { do_execsql_test 7.2.$tn.1 { DROP TABLE IF EXISTS x2 } do_execsql_test 7.2.$tn.2 $sql do_execsql_test 7.2.$tn.3 { SELECT word FROM x2 WHERE word MATCH 'aaa' } {aaa baa aba aab bab abb bba bbb} } finish_test |