# 2007 May 10 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. # May you find forgiveness for yourself and forgive others. # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. The # focus of this file is generating semi-random strings of SQL # (a.k.a. "fuzz") and sending it into the parser to try to # generate errors. # # The tests in this file are really about testing fuzzily generated # SQL parse-trees. The majority of the fuzzily generated SQL is # valid as far as the parser is concerned. # # The most complicated trees are for SELECT statements. # # $Id: fuzz.test,v 1.18 2009/01/06 00:11:26 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl set ::REPEATS 5000 # If running quick.test, don't do so many iterations. if {[info exists ::ISQUICK]} { if {$::ISQUICK} { set ::REPEATS 20 } } source $testdir/fuzz_common.tcl expr srand(0) #---------------------------------------------------------------- # These tests caused errors that were first caught by the tests # in this file. They are still here. do_test fuzz-1.1 { execsql { SELECT 'abc' LIKE X'ABCD'; } } {0} do_test fuzz-1.2 { execsql { SELECT 'abc' LIKE zeroblob(10); } } {0} do_test fuzz-1.3 { execsql { SELECT zeroblob(10) LIKE 'abc'; } } {0} do_test fuzz-1.4 { execsql { SELECT (- -21) % NOT (456 LIKE zeroblob(10)); } } {0} do_test fuzz-1.5 { execsql { SELECT (SELECT ( SELECT (SELECT -2147483648) FROM (SELECT 1) ORDER BY 1 )) } } {-2147483648} do_test fuzz-1.6 { execsql { SELECT 'abc', zeroblob(1) FROM (SELECT 1) ORDER BY 1 } } [execsql {SELECT 'abc', zeroblob(1)}] do_test fuzz-1.7 { execsql { SELECT ( SELECT zeroblob(1000) FROM ( SELECT * FROM (SELECT 'first') ORDER BY NOT 'in') ) } } [execsql {SELECT zeroblob(1000)}] do_test fuzz-1.8 { # Problems with opcode OP_ToText (did not account for MEM_Zero). # Also MemExpandBlob() was marking expanded blobs as nul-terminated. # They are not. execsql { SELECT CAST(zeroblob(1000) AS text); } } {{}} do_test fuzz-1.9 { # This was causing a NULL pointer dereference of Expr.pList. execsql { SELECT 1 FROM (SELECT * FROM sqlite_master WHERE random()) } } {} do_test fuzz-1.10 { # Bug in calculation of Parse.ckOffset causing an assert() # to fail. Probably harmless. execsql { SELECT coalesce(1, substr( 1, 2, length('in' IN (SELECT 1)))) } } {1} do_test fuzz-1.11 { # The literals (A, B, C, D) are not important, they are just used # to make the EXPLAIN output easier to read. # # The problem here is that the EXISTS(...) expression leaves an # extra value on the VDBE stack. This is confusing the parent and # leads to an assert() failure when OP_Insert encounters an integer # when it expects a record blob. # # Update: Any query with (LIMIT 0) was leaking stack. # execsql { SELECT 'A' FROM (SELECT 'B') ORDER BY EXISTS ( SELECT 'C' FROM (SELECT 'D' LIMIT 0) ) } } {A} do_test fuzz-1.12.1 { # Create a table with a single row. execsql { CREATE TABLE abc(b); INSERT INTO abc VALUES('ABCDE'); } # The following query was crashing. The later subquery (in the FROM) # clause was flattened into the parent, but the code was not repairng # the "b" reference in the other sub-query. When the query was executed, # that "b" refered to a non-existant vdbe table-cursor. # execsql { SELECT 1 IN ( SELECT b UNION SELECT 1 ) FROM (SELECT b FROM abc); } } {1} do_test fuzz-1.12.2 { # Clean up after the previous query. execsql { DROP TABLE abc; } } {} do_test fuzz-1.13 { # The problem here was that when there were more expressions in # the ORDER BY list than the result-set list. The temporary b-tree # used for sorting was being misconfigured in this case. # execsql { SELECT 'abcd' UNION SELECT 'efgh' ORDER BY 1 ASC, 1 ASC; } } {abcd efgh} do_test fuzz-1.14.1 { execsql { CREATE TABLE abc(a, b, c); INSERT INTO abc VALUES(123, 456, 789); } # The [a] reference in the sub-select was causing a problem. Because # the internal walkSelectExpr() function was not considering compound # SELECT operators. execsql { SELECT 1 FROM abc GROUP BY c HAVING EXISTS (SELECT a UNION SELECT 123); } } {1} do_test fuzz-1.14.2 { execsql { DROP TABLE abc; } } {} # Making sure previously discovered errors have been fixed. # do_test fuzz-1.15 { execsql { SELECT hex(CAST(zeroblob(1000) AS integer)) } } {30} do_test fuzz-1.16.1 { execsql { CREATE TABLE abc(a, b, c); CREATE TABLE def(a, b, c); CREATE TABLE ghi(a, b, c); } } {} do_test fuzz-1.16.2 { catchsql { SELECT DISTINCT EXISTS( SELECT 1 FROM ( SELECT C FROM (SELECT 1) ) WHERE (SELECT c) ) FROM abc } } {0 {}} do_test fuzz-1.16.3 { catchsql { SELECT DISTINCT substr(-456 ISNULL,zeroblob(1000), EXISTS( SELECT DISTINCT EXISTS( SELECT DISTINCT b FROM abc ORDER BY EXISTS ( SELECT DISTINCT 2147483647 UNION ALL SELECT -2147483648 ) ASC ) FROM ( SELECT c, c FROM ( SELECT 456, 'injection' ORDER BY 56.1 ASC, -56.1 DESC ) ) GROUP BY (SELECT ALL (SELECT DISTINCT 'hardware')) HAVING ( SELECT DISTINCT c FROM ( SELECT ALL -2147483648, 'experiments' ORDER BY -56.1 ASC, -56.1 DESC ) GROUP BY (SELECT DISTINCT 456) IN (SELECT DISTINCT 'injection') NOT IN (SELECT ALL -456) HAVING EXISTS ( SELECT ALL 'injection' ) ) UNION ALL SELECT a IN ( SELECT -2147483647 UNION ALL SELECT ALL 'injection' ) FROM sqlite_master ) -- end EXISTS ) /* end SUBSTR() */, c NOTNULL ISNULL FROM abc ORDER BY CAST(-56.1 AS blob) ASC } } {0 {}} do_test fuzz-1.16.4 { execsql { DROP TABLE abc; DROP TABLE def; DROP TABLE ghi; } } {} do_test fuzz-1.17 { catchsql { SELECT 'hardware', 56.1 NOTNULL, random()&0 FROM ( SELECT ALL lower(~ EXISTS ( SELECT 1 NOT IN (SELECT ALL 1) )), CAST(456 AS integer), -2147483647 FROM ( SELECT DISTINCT -456, CAST(1 AS integer) ISNULL FROM (SELECT ALL 2147483647, typeof(2147483649)) ) ) GROUP BY CAST(CAST('experiments' AS blob) AS blob) HAVING random() } } {0 {hardware 1 0}} do_test fuzz-1.18 { catchsql { SELECT -2147483649 << upper('fault' NOT IN ( SELECT ALL ( SELECT ALL -1 ORDER BY -2147483649 LIMIT ( SELECT ALL ( SELECT 0 EXCEPT SELECT DISTINCT 'experiments' ORDER BY 1 ASC ) ) OFFSET EXISTS ( SELECT ALL (SELECT ALL -2147483648) NOT IN ( SELECT ALL 123456789.1234567899 ) IN (SELECT 2147483649) FROM sqlite_master ) NOT IN (SELECT ALL 'The') ) )) } } {0 -4294967298} #---------------------------------------------------------------- # Test some fuzzily generated expressions. # do_fuzzy_test fuzz-2 -template { SELECT [Expr] } do_test fuzz-3.1 { execsql { CREATE TABLE abc(a, b, c); CREATE TABLE def(a, b, c); CREATE TABLE ghi(a, b, c); } } {} set ::TableList [list abc def ghi] #---------------------------------------------------------------- # Test some fuzzily generated SELECT statements. # do_fuzzy_test fuzz-3.2 -template {[Select]} #---------------------------------------------------------------- # Insert a small amount of data into the database and then run # some more generated SELECT statements. # do_test fuzz-4.1 { execsql { INSERT INTO abc VALUES(1, 2, 3); INSERT INTO abc VALUES(4, 5, 6); INSERT INTO abc VALUES(7, 8, 9); INSERT INTO def VALUES(1, 2, 3); INSERT INTO def VALUES(4, 5, 6); INSERT INTO def VALUES(7, 8, 9); INSERT INTO ghi VALUES(1, 2, 3); INSERT INTO ghi VALUES(4, 5, 6); INSERT INTO ghi VALUES(7, 8, 9); CREATE INDEX abc_i ON abc(a, b, c); CREATE INDEX def_i ON def(c, a, b); CREATE INDEX ghi_i ON ghi(b, c, a); } } {} do_fuzzy_test fuzz-4.2 -template {[Select]} #---------------------------------------------------------------- # Test some fuzzy INSERT statements: # do_test fuzz-5.1 {execsql BEGIN} {} do_fuzzy_test fuzz-5.2 -template {[Insert]} -errorlist table integrity_check fuzz-5.2.integrity do_test fuzz-5.3 {execsql COMMIT} {} integrity_check fuzz-5.4.integrity #---------------------------------------------------------------- # Now that there is data in the database, run some more SELECT # statements # set ::ColumnList [list a b c] set E {{no such col} {ambiguous column name}} do_fuzzy_test fuzz-6.1 -template {[Select]} -errorlist $E #---------------------------------------------------------------- # Run some SELECTs, INSERTs, UPDATEs and DELETEs in a transaction. # set E {{no such col} {ambiguous column name} {table}} do_test fuzz-7.1 {execsql BEGIN} {} do_fuzzy_test fuzz-7.2 -template {[Statement]} -errorlist $E integrity_check fuzz-7.3.integrity do_test fuzz-7.4 {execsql COMMIT} {} integrity_check fuzz-7.5.integrity #---------------------------------------------------------------- # Many CREATE and DROP TABLE statements: # set E [list table duplicate {no such col} {ambiguous column name} {use DROP}] do_fuzzy_test fuzz-8.1 -template {[CreateOrDropTableOrView]} -errorlist $E close $::log finish_test