SQLite

**
** LIMITS
**
** The maximum ruleset number is 2147483647.  The maximum length of either
** of the strings in the second or third column of the fuzzer data table
** is 50 bytes.  The maximum cost on a rule is 1000.
*/

/* If SQLITE_DEBUG is not defined, disable assert statements. */
#ifndef SQLITE_DEBUG
# define NDEBUG
#endif

#include "sqlite3.h"
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <stdio.h>

#ifndef SQLITE_OMIT_VIRTUALTABLE

*/
static int fuzzerLoadOneRule(
  fuzzer_vtab *p,                 /* Fuzzer virtual table handle */
  sqlite3_stmt *pStmt,            /* Base rule on statements current row */
  fuzzer_rule **ppRule,           /* OUT: New rule object */
  char **pzErr                    /* OUT: Error message */
){
  sqlite3_int64 iRuleset = sqlite3_column_int64(pStmt, 0);
  const char *zFrom = (const char *)sqlite3_column_text(pStmt, 1);
  const char *zTo = (const char *)sqlite3_column_text(pStmt, 2);
  int nCost = sqlite3_column_int(pStmt, 3);

  int rc = SQLITE_OK;             /* Return code */
  int nFrom;                      /* Size of string zFrom, in bytes */
  int nTo;                        /* Size of string zTo, in bytes */

  /* Silently ignore null transformations */
  if( strcmp(zFrom, zTo)==0 ){
    *ppRule = 0;
    return SQLITE_OK;
  }

  if( nCost<=0 || nCost>FUZZER_MX_COST ){
    *pzErr = sqlite3_mprintf("%s: cost must be between 1 and %d", 
        p->zClassName, FUZZER_MX_COST
    );
    rc = SQLITE_ERROR;
  }else
  if( nFrom>FUZZER_MX_LENGTH || nTo>FUZZER_MX_LENGTH ){
    *pzErr = sqlite3_mprintf("%s: maximum string length is %d", 
        p->zClassName, FUZZER_MX_LENGTH
    );
    rc = SQLITE_ERROR;    
  }else
  if( iRuleset<0 || iRuleset>FUZZER_MX_RULEID ){
    *pzErr = sqlite3_mprintf("%s: ruleset must be between 0 and %d", 
        p->zClassName, FUZZER_MX_RULEID
    );
    rc = SQLITE_ERROR;    
  }else{

    pRule = sqlite3_malloc( sizeof(*pRule) + nFrom + nTo );
    if( pRule==0 ){
      rc = SQLITE_NOMEM;
    }else{
      memset(pRule, 0, sizeof(*pRule));
      pRule->zFrom = &pRule->zTo[nTo+1];
      pRule->nFrom = nFrom;
      memcpy(pRule->zFrom, zFrom, nFrom+1);
      memcpy(pRule->zTo, zTo, nTo+1);
      pRule->nTo = nTo;
      pRule->rCost = nCost;
      pRule->iRuleset = (int)iRuleset;
    }
  }

  *ppRule = pRule;
  return rc;
}

    assert( p->pRule==0 );
    p->pRule = pHead;
  }

  return rc;
}

/*
** This function converts an SQL quoted string into an unquoted string
** and returns a pointer to a buffer allocated using sqlite3_malloc() 
** containing the result. The caller should eventually free this buffer
** using sqlite3_free.
**
** Examples:
**
**     "abc"   becomes   abc
**     'xyz'   becomes   xyz
**     [pqr]   becomes   pqr
**     `mno`   becomes   mno
*/
static char *fuzzerDequote(const char *zIn){
  int nIn;                        /* Size of input string, in bytes */
  char *zOut;                     /* Output (dequoted) string */

  nIn = strlen(zIn);
  zOut = sqlite3_malloc(nIn+1);
  if( zOut ){
    char q = zIn[0];              /* Quote character (if any ) */

    if( q!='[' && q!= '\'' && q!='"' && q!='`' ){
      memcpy(zOut, zIn, nIn+1);
    }else{
      int iOut = 0;               /* Index of next byte to write to output */
      int iIn;                    /* Index of next byte to read from input */

      if( q=='[' ) q = ']';
      for(iIn=1; iIn<nIn; iIn++){
        if( zIn[iIn]==q ) iIn++;
        zOut[iOut++] = zIn[iIn];
      }
    }
    assert( strlen(zOut)<=nIn );
  }
  return zOut;
}

/*
** xDisconnect/xDestroy method for the fuzzer module.
*/
static int fuzzerDisconnect(sqlite3_vtab *pVtab){
  fuzzer_vtab *p = (fuzzer_vtab*)pVtab;
  assert( p->nCursor==0 );
  while( p->pRule ){
    fuzzer_rule *pRule = p->pRule;
    p->pRule = pRule->pNext;
    sqlite3_free(pRule);
  }
  sqlite3_free(p);
  return SQLITE_OK;
}

/*
** xConnect/xCreate method for the fuzzer module. Arguments are:
**
**   argv[0]   -> module name  ("fuzzer")
**   argv[1]   -> database name
**   argv[2]   -> table name

    int nModule;                  /* Length of zModule, in bytes */

    nModule = strlen(zModule);
    pNew = sqlite3_malloc( sizeof(*pNew) + nModule + 1);
    if( pNew==0 ){
      rc = SQLITE_NOMEM;
    }else{
      char *zTab;                 /* Dequoted name of fuzzer data table */

      memset(pNew, 0, sizeof(*pNew));
      pNew->zClassName = (char*)&pNew[1];
      memcpy(pNew->zClassName, zModule, nModule+1);

      zTab = fuzzerDequote(argv[3]);
      if( zTab==0 ){
        rc = SQLITE_NOMEM;
      }else{
        rc = fuzzerLoadRules(db, pNew, zDb, zTab, pzErr);
        sqlite3_free(zTab);
      }

      if( rc==SQLITE_OK ){
        sqlite3_declare_vtab(db, "CREATE TABLE x(word, distance, ruleset)");
      }else{
        fuzzerDisconnect((sqlite3_vtab *)pNew);
        pNew = 0;
      }
    }
  }

  *ppVtab = (sqlite3_vtab *)pNew;
  return rc;
}

















/*
** Open a new fuzzer cursor.
*/
static int fuzzerOpen(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor){
  fuzzer_vtab *p = (fuzzer_vtab*)pVTab;
  fuzzer_cursor *pCur;

set testdir [file dirname $argv0]
source $testdir/tester.tcl

ifcapable !vtab {
  finish_test
  return
}

set ::testprefix fuzzer1

register_fuzzer_module db



# Check configuration errors.
#

  ATTACH 'test.db2' AS aux;
  CREATE TABLE aux.f3_rules(ruleset, cfrom, cto, cost);
  INSERT INTO f3_rules(ruleset, cfrom, cto, cost) VALUES(0, 'x','y', 10);
  INSERT INTO f3_rules(ruleset, cfrom, cto, cost) VALUES(1, 'a','b', 10);
  CREATE VIRTUAL TABLE aux.f3 USING fuzzer(f3_rules);
  SELECT word FROM f3 WHERE word MATCH 'ax'
} {ax ay}

#-------------------------------------------------------------------------
#
#  1.5.1 - Check things work with a fuzzer data table name that requires
#          quoting. Also that NULL entries in the "from" column of the
#          data table are treated as zero length strings ('').
#
#  1.5.2 - Check that no-op rules (i.e. C->C) are ignored. Test NULL in
#          the "to" column of a fuzzer data table.
#  
#  1.5.3 - Test out-of-range values for the cost field of the data table.
#
#  1.5.4 - Test out-of-range values for the string fields of the data table.
#
#  1.5.5 - Test out-of-range values for the ruleset field of the data table.
#
do_execsql_test 5.1 {
  CREATE TABLE "fuzzer [x] rules table"(a, b, c, d);
  INSERT INTO "fuzzer [x] rules table" VALUES(0, NULL, 'abc', 10);
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
  SELECT word, distance FROM x WHERE word MATCH '123' LIMIT 4;
} {123 0 abc123 10 1abc23 10 12abc3 10}

do_execsql_test 5.2 {
  DELETE FROM "fuzzer [x] rules table";
  INSERT INTO "fuzzer [x] rules table" VALUES(0, 'x', NULL, 20);
  INSERT INTO "fuzzer [x] rules table" VALUES(0, NULL, NULL, 10);
  INSERT INTO "fuzzer [x] rules table" VALUES(0, 'x', 'x', 10);

  DROP TABLE x;
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');

  SELECT word, distance FROM x WHERE word MATCH 'xx';
} {xx 0 x 20 {} 40}

do_execsql_test 5.3.1 {
  DROP TABLE IF EXISTS x;
  INSERT INTO "fuzzer [x] rules table" VALUES(0, 'c', 'd', 1001);
}
do_catchsql_test 5.3.2 {
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
} {1 {fuzzer: cost must be between 1 and 1000}}

do_execsql_test 5.3.3 {
  DROP TABLE IF EXISTS x;
  DELETE FROM "fuzzer [x] rules table";
  INSERT INTO "fuzzer [x] rules table" VALUES(0, 'd', 'c', 0);
}
do_catchsql_test 5.3.4 {
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
} {1 {fuzzer: cost must be between 1 and 1000}}

do_execsql_test 5.3.5 {
  DROP TABLE IF EXISTS x;
  DELETE FROM "fuzzer [x] rules table";
  INSERT INTO "fuzzer [x] rules table" VALUES(0, 'd', 'c', -20);
}
do_catchsql_test 5.3.6 {
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
} {1 {fuzzer: cost must be between 1 and 1000}}

do_execsql_test 5.4.1 {
  DROP TABLE IF EXISTS x;
  DELETE FROM "fuzzer [x] rules table";
  INSERT INTO "fuzzer [x] rules table" VALUES(
    0, 'x', '12345678901234567890123456789012345678901234567890', 2
  );
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
  SELECT word FROM x WHERE word MATCH 'x';
} {x 12345678901234567890123456789012345678901234567890}

do_execsql_test 5.4.2 {
  DROP TABLE IF EXISTS x;
  DELETE FROM "fuzzer [x] rules table";
  INSERT INTO "fuzzer [x] rules table" VALUES(
    0, 'x', '123456789012345678901234567890123456789012345678901', 2
  );
} 
do_catchsql_test 5.4.3 {
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
} {1 {fuzzer: maximum string length is 50}}

do_execsql_test 5.4.4 {
  DROP TABLE IF EXISTS x;
  DELETE FROM "fuzzer [x] rules table";
  INSERT INTO "fuzzer [x] rules table" VALUES(
    0, '123456789012345678901234567890123456789012345678901', 'x', 2
  );
} 
do_catchsql_test 5.4.5 {
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
} {1 {fuzzer: maximum string length is 50}}

do_execsql_test 5.5.1 {
  DROP TABLE IF EXISTS x;
  DELETE FROM "fuzzer [x] rules table";
  INSERT INTO "fuzzer [x] rules table" VALUES(-1, 'x', 'y', 2);
} 
do_catchsql_test 5.5.2 {
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
} {1 {fuzzer: ruleset must be between 0 and 2147483647}}

do_execsql_test 5.5.3 {
  DROP TABLE IF EXISTS x;
  DELETE FROM "fuzzer [x] rules table";
  INSERT INTO "fuzzer [x] rules table" VALUES((1<<32)+100, 'x', 'y', 2);
} 
do_catchsql_test 5.5.4 {
  CREATE VIRTUAL TABLE x USING fuzzer('fuzzer [x] rules table');
} {1 {fuzzer: ruleset must be between 0 and 2147483647}}

#-------------------------------------------------------------------------
# This test uses a fuzzer table with many rules. There is one rule to
# map each possible two character string, where characters are lower-case
# letters used in the English language, to all other possible two character
# strings. In total, (26^4)-(26^2) mappings (the subtracted term represents
# the no-op mappings discarded automatically by the fuzzer).
#
#
do_execsql_test 6.1.1 {
  DROP TABLE IF EXISTS x1;
  DROP TABLE IF EXISTS x1_rules;
  CREATE TABLE x1_rules(ruleset, cFrom, cTo, cost);
}
puts "This test is slow - perhaps around 7 seconds on an average pc"
do_test 6.1.2 {
  set LETTERS {a b c d e f g h i j k l m n o p q r s t u v w x y z}
  set cost 1
  db transaction {
    foreach c1 $LETTERS { 
      foreach c2 $LETTERS { 
        foreach c3 $LETTERS { 
          foreach c4 $LETTERS { 
            db eval {INSERT INTO x1_rules VALUES(0, $c1||$c2, $c3||$c4, $cost)}
            set cost [expr ($cost%1000) + 1]
          }
        }
      }
    }
    db eval {UPDATE x1_rules SET cost = 20 WHERE cost<20 AND cFrom!='xx'}
  }
} {}

do_execsql_test 6.2 {
  SELECT count(*) FROM x1_rules WHERE cTo!=cFrom;
} [expr 26*26*26*26 - 26*26]

do_execsql_test 6.2.1 {
  CREATE VIRTUAL TABLE x1 USING fuzzer(x1_rules);
  SELECT word FROM x1 WHERE word MATCH 'xx' LIMIT 10;
} {xx hw hx hy hz ia ib ic id ie}
do_execsql_test 6.2.2 {
  SELECT cTo FROM x1_rules WHERE cFrom='xx' 
  ORDER BY cost asc, rowid asc LIMIT 9;
} {hw hx hy hz ia ib ic id ie}


#-------------------------------------------------------------------------
# Test using different types of quotes with CREATE VIRTUAL TABLE 
# arguments.
#
do_execsql_test 7.1 {
  CREATE TABLE [x2 "rules] (a, b, c, d);
  INSERT INTO [x2 "rules] VALUES(0, 'a', 'b', 5);
}
foreach {tn sql} {
  1 { CREATE VIRTUAL TABLE x2 USING fuzzer( [x2 "rules] ) }
  2 { CREATE VIRTUAL TABLE x2 USING fuzzer( "x2 ""rules" ) }
  3 { CREATE VIRTUAL TABLE x2 USING fuzzer( 'x2 "rules' ) }
  4 { CREATE VIRTUAL TABLE x2 USING fuzzer( `x2 "rules` ) }
} {
  do_execsql_test 7.2.$tn.1 { DROP TABLE IF EXISTS x2 }
  do_execsql_test 7.2.$tn.2 $sql
  do_execsql_test 7.2.$tn.3 { 
    SELECT word FROM x2 WHERE word MATCH 'aaa' 
  } {aaa baa aba aab bab abb bba bbb}
}

finish_test