1 # 2007 May 10 2 # 3 # The author disclaims copyright to this source code. In place of 4 # a legal notice, here is a blessing: 5 # 6 # May you do good and not evil. 7 # May you find forgiveness for yourself and forgive others. 8 # May you share freely, never taking more than you give. 9 # 10 #*********************************************************************** 11 # This file implements regression tests for SQLite library. The 12 # focus of this file is generating semi-random strings of SQL 13 # (a.k.a. "fuzz") and sending it into the parser to try to 14 # generate errors. 15 # 16 # The tests in this file are really about testing fuzzily generated 17 # SQL parse-trees. The majority of the fuzzily generated SQL is 18 # valid as far as the parser is concerned. 19 # 20 # The most complicated trees are for SELECT statements. 21 # 22 # $Id: fuzz.test,v 1.19 2009/04/28 11:10:39 danielk1977 Exp $ 23 24 set testdir [file dirname $argv0] 25 source $testdir/tester.tcl 26 27 set ::REPEATS 5000 28 29 # If running quick.test, don't do so many iterations. 30 if {[info exists ::G(isquick)]} { 31 if {$::G(isquick)} { set ::REPEATS 20 } 32 } 33 34 source $testdir/fuzz_common.tcl 35 expr srand(0) 36 37 #---------------------------------------------------------------- 38 # These tests caused errors that were first caught by the tests 39 # in this file. They are still here. 40 do_test fuzz-1.1 { 41 execsql { 42 SELECT 'abc' LIKE X'ABCD'; 43 } 44 } {0} 45 do_test fuzz-1.2 { 46 execsql { 47 SELECT 'abc' LIKE zeroblob(10); 48 } 49 } {0} 50 do_test fuzz-1.3 { 51 execsql { 52 SELECT zeroblob(10) LIKE 'abc'; 53 } 54 } {0} 55 do_test fuzz-1.4 { 56 execsql { 57 SELECT (- -21) % NOT (456 LIKE zeroblob(10)); 58 } 59 } {0} 60 do_test fuzz-1.5 { 61 execsql { 62 SELECT (SELECT ( 63 SELECT (SELECT -2147483648) FROM (SELECT 1) ORDER BY 1 64 )) 65 } 66 } {-2147483648} 67 do_test fuzz-1.6 { 68 execsql { 69 SELECT 'abc', zeroblob(1) FROM (SELECT 1) ORDER BY 1 70 } 71 } [execsql {SELECT 'abc', zeroblob(1)}] 72 73 do_test fuzz-1.7 { 74 execsql { 75 SELECT ( SELECT zeroblob(1000) FROM ( 76 SELECT * FROM (SELECT 'first') ORDER BY NOT 'in') 77 ) 78 } 79 } [execsql {SELECT zeroblob(1000)}] 80 81 do_test fuzz-1.8 { 82 # Problems with opcode OP_ToText (did not account for MEM_Zero). 83 # Also MemExpandBlob() was marking expanded blobs as nul-terminated. 84 # They are not. 85 execsql { 86 SELECT CAST(zeroblob(1000) AS text); 87 } 88 } {{}} 89 90 do_test fuzz-1.9 { 91 # This was causing a NULL pointer dereference of Expr.pList. 92 execsql { 93 SELECT 1 FROM (SELECT * FROM sqlite_master WHERE random()) 94 } 95 } {} 96 97 do_test fuzz-1.10 { 98 # Bug in calculation of Parse.ckOffset causing an assert() 99 # to fail. Probably harmless. 100 execsql { 101 SELECT coalesce(1, substr( 1, 2, length('in' IN (SELECT 1)))) 102 } 103 } {1} 104 105 do_test fuzz-1.11 { 106 # The literals (A, B, C, D) are not important, they are just used 107 # to make the EXPLAIN output easier to read. 108 # 109 # The problem here is that the EXISTS(...) expression leaves an 110 # extra value on the VDBE stack. This is confusing the parent and 111 # leads to an assert() failure when OP_Insert encounters an integer 112 # when it expects a record blob. 113 # 114 # Update: Any query with (LIMIT 0) was leaking stack. 115 # 116 execsql { 117 SELECT 'A' FROM (SELECT 'B') ORDER BY EXISTS ( 118 SELECT 'C' FROM (SELECT 'D' LIMIT 0) 119 ) 120 } 121 } {A} 122 123 do_test fuzz-1.12.1 { 124 # Create a table with a single row. 125 execsql { 126 CREATE TABLE abc(b); 127 INSERT INTO abc VALUES('ABCDE'); 128 } 129 130 # The following query was crashing. The later subquery (in the FROM) 131 # clause was flattened into the parent, but the code was not repairng 132 # the "b" reference in the other sub-query. When the query was executed, 133 # that "b" refered to a non-existant vdbe table-cursor. 134 # 135 execsql { 136 SELECT 1 IN ( SELECT b UNION SELECT 1 ) FROM (SELECT b FROM abc); 137 } 138 } {1} 139 do_test fuzz-1.12.2 { 140 # Clean up after the previous query. 141 execsql { 142 DROP TABLE abc; 143 } 144 } {} 145 146 147 do_test fuzz-1.13 { 148 # The problem here was that when there were more expressions in 149 # the ORDER BY list than the result-set list. The temporary b-tree 150 # used for sorting was being misconfigured in this case. 151 # 152 execsql { 153 SELECT 'abcd' UNION SELECT 'efgh' ORDER BY 1 ASC, 1 ASC; 154 } 155 } {abcd efgh} 156 157 do_test fuzz-1.14.1 { 158 execsql { 159 CREATE TABLE abc(a, b, c); 160 INSERT INTO abc VALUES(123, 456, 789); 161 } 162 163 # The [a] reference in the sub-select was causing a problem. Because 164 # the internal walkSelectExpr() function was not considering compound 165 # SELECT operators. 166 execsql { 167 SELECT 1 FROM abc 168 GROUP BY c HAVING EXISTS (SELECT a UNION SELECT 123); 169 } 170 } {1} 171 do_test fuzz-1.14.2 { 172 execsql { 173 DROP TABLE abc; 174 } 175 } {} 176 177 # Making sure previously discovered errors have been fixed. 178 # 179 do_test fuzz-1.15 { 180 execsql { 181 SELECT hex(CAST(zeroblob(1000) AS integer)) 182 } 183 } {30} 184 185 do_test fuzz-1.16.1 { 186 execsql { 187 CREATE TABLE abc(a, b, c); 188 CREATE TABLE def(a, b, c); 189 CREATE TABLE ghi(a, b, c); 190 } 191 } {} 192 do_test fuzz-1.16.2 { 193 catchsql { 194 SELECT DISTINCT EXISTS( 195 SELECT 1 196 FROM ( 197 SELECT C FROM (SELECT 1) 198 ) 199 WHERE (SELECT c) 200 ) 201 FROM abc 202 } 203 } {0 {}} 204 do_test fuzz-1.16.3 { 205 catchsql { 206 SELECT DISTINCT substr(-456 ISNULL,zeroblob(1000), EXISTS( 207 SELECT DISTINCT EXISTS( 208 SELECT DISTINCT b FROM abc 209 ORDER BY EXISTS ( 210 SELECT DISTINCT 2147483647 UNION ALL SELECT -2147483648 211 ) ASC 212 ) 213 FROM ( 214 SELECT c, c FROM ( 215 SELECT 456, 'injection' ORDER BY 56.1 ASC, -56.1 DESC 216 ) 217 ) 218 GROUP BY (SELECT ALL (SELECT DISTINCT 'hardware')) 219 HAVING ( 220 SELECT DISTINCT c 221 FROM ( 222 SELECT ALL -2147483648, 'experiments' 223 ORDER BY -56.1 ASC, -56.1 DESC 224 ) 225 GROUP BY (SELECT DISTINCT 456) IN 226 (SELECT DISTINCT 'injection') NOT IN (SELECT ALL -456) 227 HAVING EXISTS ( 228 SELECT ALL 'injection' 229 ) 230 ) 231 UNION ALL 232 SELECT a IN ( 233 SELECT -2147483647 234 UNION ALL 235 SELECT ALL 'injection' 236 ) 237 FROM sqlite_master 238 ) -- end EXISTS 239 ) /* end SUBSTR() */, c NOTNULL ISNULL 240 FROM abc 241 ORDER BY CAST(-56.1 AS blob) ASC 242 } 243 } {0 {}} 244 do_test fuzz-1.16.4 { 245 execsql { 246 DROP TABLE abc; DROP TABLE def; DROP TABLE ghi; 247 } 248 } {} 249 250 do_test fuzz-1.17 { 251 catchsql { 252 SELECT 'hardware', 56.1 NOTNULL, random()&0 253 FROM ( 254 SELECT ALL lower(~ EXISTS ( 255 SELECT 1 NOT IN (SELECT ALL 1) 256 )), CAST(456 AS integer), -2147483647 257 FROM ( 258 SELECT DISTINCT -456, CAST(1 AS integer) ISNULL 259 FROM (SELECT ALL 2147483647, typeof(2147483649)) 260 ) 261 ) 262 GROUP BY CAST(CAST('experiments' AS blob) AS blob) 263 HAVING random() 264 } 265 } {0 {hardware 1 0}} 266 267 do_test fuzz-1.18 { 268 catchsql { 269 SELECT -2147483649 << upper('fault' NOT IN ( 270 SELECT ALL ( 271 SELECT ALL -1 272 ORDER BY -2147483649 273 LIMIT ( 274 SELECT ALL ( 275 SELECT 0 EXCEPT SELECT DISTINCT 'experiments' ORDER BY 1 ASC 276 ) 277 ) 278 OFFSET EXISTS ( 279 SELECT ALL 280 (SELECT ALL -2147483648) NOT IN ( 281 SELECT ALL 123456789.1234567899 282 ) IN (SELECT 2147483649) 283 FROM sqlite_master 284 ) NOT IN (SELECT ALL 'The') 285 ) 286 )) 287 } 288 } {0 -4294967298} 289 290 # At one point the following INSERT statement caused an assert() to fail. 291 # 292 do_test fuzz-1.19 { 293 execsql { CREATE TABLE t1(a) } 294 catchsql { 295 INSERT INTO t1 VALUES( 296 CASE WHEN NULL THEN NULL ELSE ( SELECT 0 ORDER BY 456 ) END 297 ) 298 } 299 } {1 {1st ORDER BY term out of range - should be between 1 and 1}} 300 do_test fuzz-1.20 { 301 execsql { DROP TABLE t1 } 302 } {} 303 304 #---------------------------------------------------------------- 305 # Test some fuzzily generated expressions. 306 # 307 do_fuzzy_test fuzz-2 -template { SELECT [Expr] } 308 309 do_test fuzz-3.1 { 310 execsql { 311 CREATE TABLE abc(a, b, c); 312 CREATE TABLE def(a, b, c); 313 CREATE TABLE ghi(a, b, c); 314 } 315 } {} 316 set ::TableList [list abc def ghi] 317 318 #---------------------------------------------------------------- 319 # Test some fuzzily generated SELECT statements. 320 # 321 do_fuzzy_test fuzz-3.2 -template {[Select]} 322 323 #---------------------------------------------------------------- 324 # Insert a small amount of data into the database and then run 325 # some more generated SELECT statements. 326 # 327 do_test fuzz-4.1 { 328 execsql { 329 INSERT INTO abc VALUES(1, 2, 3); 330 INSERT INTO abc VALUES(4, 5, 6); 331 INSERT INTO abc VALUES(7, 8, 9); 332 INSERT INTO def VALUES(1, 2, 3); 333 INSERT INTO def VALUES(4, 5, 6); 334 INSERT INTO def VALUES(7, 8, 9); 335 INSERT INTO ghi VALUES(1, 2, 3); 336 INSERT INTO ghi VALUES(4, 5, 6); 337 INSERT INTO ghi VALUES(7, 8, 9); 338 CREATE INDEX abc_i ON abc(a, b, c); 339 CREATE INDEX def_i ON def(c, a, b); 340 CREATE INDEX ghi_i ON ghi(b, c, a); 341 } 342 } {} 343 do_fuzzy_test fuzz-4.2 -template {[Select]} 344 345 #---------------------------------------------------------------- 346 # Test some fuzzy INSERT statements: 347 # 348 do_test fuzz-5.1 {execsql BEGIN} {} 349 do_fuzzy_test fuzz-5.2 -template {[Insert]} -errorlist table 350 integrity_check fuzz-5.2.integrity 351 do_test fuzz-5.3 {execsql COMMIT} {} 352 integrity_check fuzz-5.4.integrity 353 354 #---------------------------------------------------------------- 355 # Now that there is data in the database, run some more SELECT 356 # statements 357 # 358 set ::ColumnList [list a b c] 359 set E {{no such col} {ambiguous column name}} 360 do_fuzzy_test fuzz-6.1 -template {[Select]} -errorlist $E 361 362 #---------------------------------------------------------------- 363 # Run some SELECTs, INSERTs, UPDATEs and DELETEs in a transaction. 364 # 365 set E {{no such col} {ambiguous column name} {table}} 366 do_test fuzz-7.1 {execsql BEGIN} {} 367 do_fuzzy_test fuzz-7.2 -template {[Statement]} -errorlist $E 368 integrity_check fuzz-7.3.integrity 369 do_test fuzz-7.4 {execsql COMMIT} {} 370 integrity_check fuzz-7.5.integrity 371 372 #---------------------------------------------------------------- 373 # Many CREATE and DROP TABLE statements: 374 # 375 set E [list table duplicate {no such col} {ambiguous column name} {use DROP}] 376 do_fuzzy_test fuzz-8.1 -template {[CreateOrDropTableOrView]} -errorlist $E 377 378 close $::log 379 finish_test 380
