sl@0: # 2007 May 10 sl@0: # sl@0: # The author disclaims copyright to this source code. In place of sl@0: # a legal notice, here is a blessing: sl@0: # sl@0: # May you do good and not evil. sl@0: # May you find forgiveness for yourself and forgive others. sl@0: # May you share freely, never taking more than you give. sl@0: # sl@0: #*********************************************************************** sl@0: # This file implements regression tests for SQLite library. The sl@0: # focus of this file is generating semi-random strings of SQL sl@0: # (a.k.a. "fuzz") and sending it into the parser to try to sl@0: # generate errors. sl@0: # sl@0: # The tests in this file are really about testing fuzzily generated sl@0: # SQL parse-trees. The majority of the fuzzily generated SQL is sl@0: # valid as far as the parser is concerned. sl@0: # sl@0: # The most complicated trees are for SELECT statements. sl@0: # sl@0: # $Id: fuzz.test,v 1.14 2007/05/30 10:36:47 danielk1977 Exp $ sl@0: sl@0: set testdir [file dirname $argv0] sl@0: source $testdir/tester.tcl sl@0: sl@0: set ::REPEATS 5000 sl@0: sl@0: # If running quick.test, don't do so many iterations. sl@0: if {[info exists ::ISQUICK]} { sl@0: if {$::ISQUICK} { set ::REPEATS 20 } sl@0: } sl@0: sl@0: source $testdir/fuzz_common.tcl sl@0: sl@0: #---------------------------------------------------------------- sl@0: # These tests caused errors that were first caught by the tests sl@0: # in this file. They are still here. sl@0: do_test fuzz-1.1 { sl@0: execsql { sl@0: SELECT 'abc' LIKE X'ABCD'; sl@0: } sl@0: } {0} sl@0: do_test fuzz-1.2 { sl@0: execsql { sl@0: SELECT 'abc' LIKE zeroblob(10); sl@0: } sl@0: } {0} sl@0: do_test fuzz-1.3 { sl@0: execsql { sl@0: SELECT zeroblob(10) LIKE 'abc'; sl@0: } sl@0: } {0} sl@0: do_test fuzz-1.4 { sl@0: execsql { sl@0: SELECT (- -21) % NOT (456 LIKE zeroblob(10)); sl@0: } sl@0: } {0} sl@0: do_test fuzz-1.5 { sl@0: execsql { sl@0: SELECT (SELECT ( sl@0: SELECT (SELECT -2147483648) FROM (SELECT 1) ORDER BY 1 sl@0: )) sl@0: } sl@0: } {-2147483648} sl@0: do_test fuzz-1.6 { sl@0: execsql { sl@0: SELECT 'abc', zeroblob(1) FROM (SELECT 1) ORDER BY 1 sl@0: } sl@0: } [execsql {SELECT 'abc', zeroblob(1)}] sl@0: sl@0: do_test fuzz-1.7 { sl@0: execsql { sl@0: SELECT ( SELECT zeroblob(1000) FROM ( sl@0: SELECT * FROM (SELECT 'first') ORDER BY NOT 'in') sl@0: ) sl@0: } sl@0: } [execsql {SELECT zeroblob(1000)}] sl@0: sl@0: do_test fuzz-1.8 { sl@0: # Problems with opcode OP_ToText (did not account for MEM_Zero). sl@0: # Also MemExpandBlob() was marking expanded blobs as nul-terminated. sl@0: # They are not. sl@0: execsql { sl@0: SELECT CAST(zeroblob(1000) AS text); sl@0: } sl@0: } {{}} sl@0: sl@0: do_test fuzz-1.9 { sl@0: # This was causing a NULL pointer dereference of Expr.pList. sl@0: execsql { sl@0: SELECT 1 FROM (SELECT * FROM sqlite_master WHERE random()) sl@0: } sl@0: } {} sl@0: sl@0: do_test fuzz-1.10 { sl@0: # Bug in calculation of Parse.ckOffset causing an assert() sl@0: # to fail. Probably harmless. sl@0: execsql { sl@0: SELECT coalesce(1, substr( 1, 2, length('in' IN (SELECT 1)))) sl@0: } sl@0: } {1} sl@0: sl@0: do_test fuzz-1.11 { sl@0: # The literals (A, B, C, D) are not important, they are just used sl@0: # to make the EXPLAIN output easier to read. sl@0: # sl@0: # The problem here is that the EXISTS(...) expression leaves an sl@0: # extra value on the VDBE stack. This is confusing the parent and sl@0: # leads to an assert() failure when OP_Insert encounters an integer sl@0: # when it expects a record blob. sl@0: # sl@0: # Update: Any query with (LIMIT 0) was leaking stack. sl@0: # sl@0: execsql { sl@0: SELECT 'A' FROM (SELECT 'B') ORDER BY EXISTS ( sl@0: SELECT 'C' FROM (SELECT 'D' LIMIT 0) sl@0: ) sl@0: } sl@0: } {A} sl@0: sl@0: do_test fuzz-1.12.1 { sl@0: # Create a table with a single row. sl@0: execsql { sl@0: CREATE TABLE abc(b); sl@0: INSERT INTO abc VALUES('ABCDE'); sl@0: } sl@0: sl@0: # The following query was crashing. The later subquery (in the FROM) sl@0: # clause was flattened into the parent, but the code was not repairng sl@0: # the "b" reference in the other sub-query. When the query was executed, sl@0: # that "b" refered to a non-existant vdbe table-cursor. sl@0: # sl@0: execsql { sl@0: SELECT 1 IN ( SELECT b UNION SELECT 1 ) FROM (SELECT b FROM abc); sl@0: } sl@0: } {1} sl@0: do_test fuzz-1.12.2 { sl@0: # Clean up after the previous query. sl@0: execsql { sl@0: DROP TABLE abc; sl@0: } sl@0: } {} sl@0: sl@0: sl@0: do_test fuzz-1.13 { sl@0: # The problem here was that when there were more expressions in sl@0: # the ORDER BY list than the result-set list. The temporary b-tree sl@0: # used for sorting was being misconfigured in this case. sl@0: # sl@0: execsql { sl@0: SELECT 'abcd' UNION SELECT 'efgh' ORDER BY 1 ASC, 1 ASC; sl@0: } sl@0: } {abcd efgh} sl@0: sl@0: do_test fuzz-1.14.1 { sl@0: execsql { sl@0: CREATE TABLE abc(a, b, c); sl@0: INSERT INTO abc VALUES(123, 456, 789); sl@0: } sl@0: sl@0: # The [a] reference in the sub-select was causing a problem. Because sl@0: # the internal walkSelectExpr() function was not considering compound sl@0: # SELECT operators. sl@0: execsql { sl@0: SELECT 1 FROM abc sl@0: GROUP BY c HAVING EXISTS (SELECT a UNION SELECT 123); sl@0: } sl@0: } {1} sl@0: do_test fuzz-1.14.2 { sl@0: execsql { sl@0: DROP TABLE abc; sl@0: } sl@0: } {} sl@0: sl@0: #---------------------------------------------------------------- sl@0: # Test some fuzzily generated expressions. sl@0: # sl@0: do_fuzzy_test fuzz-2 -template { SELECT [Expr] } sl@0: sl@0: do_test fuzz-3.1 { sl@0: execsql { sl@0: CREATE TABLE abc(a, b, c); sl@0: CREATE TABLE def(a, b, c); sl@0: CREATE TABLE ghi(a, b, c); sl@0: } sl@0: } {} sl@0: set ::TableList [list abc def ghi] sl@0: sl@0: #---------------------------------------------------------------- sl@0: # Test some fuzzily generated SELECT statements. sl@0: # sl@0: do_fuzzy_test fuzz-3.2 -template {[Select]} sl@0: sl@0: #---------------------------------------------------------------- sl@0: # Insert a small amount of data into the database and then run sl@0: # some more generated SELECT statements. sl@0: # sl@0: do_test fuzz-4.1 { sl@0: execsql { sl@0: INSERT INTO abc VALUES(1, 2, 3); sl@0: INSERT INTO abc VALUES(4, 5, 6); sl@0: INSERT INTO abc VALUES(7, 8, 9); sl@0: INSERT INTO def VALUES(1, 2, 3); sl@0: INSERT INTO def VALUES(4, 5, 6); sl@0: INSERT INTO def VALUES(7, 8, 9); sl@0: INSERT INTO ghi VALUES(1, 2, 3); sl@0: INSERT INTO ghi VALUES(4, 5, 6); sl@0: INSERT INTO ghi VALUES(7, 8, 9); sl@0: CREATE INDEX abc_i ON abc(a, b, c); sl@0: CREATE INDEX def_i ON def(c, a, b); sl@0: CREATE INDEX ghi_i ON ghi(b, c, a); sl@0: } sl@0: } {} sl@0: do_fuzzy_test fuzz-4.2 -template {[Select]} sl@0: sl@0: #---------------------------------------------------------------- sl@0: # Test some fuzzy INSERT statements: sl@0: # sl@0: do_test fuzz-5.1 {execsql BEGIN} {} sl@0: do_fuzzy_test fuzz-5.2 -template {[Insert]} -errorlist table sl@0: integrity_check fuzz-5.2.integrity sl@0: do_test fuzz-5.3 {execsql COMMIT} {} sl@0: integrity_check fuzz-5.4.integrity sl@0: sl@0: #---------------------------------------------------------------- sl@0: # Now that there is data in the database, run some more SELECT sl@0: # statements sl@0: # sl@0: set ::ColumnList [list a b c] sl@0: set E {{no such col} {ambiguous column name}} sl@0: do_fuzzy_test fuzz-6.1 -template {[Select]} -errorlist $E sl@0: sl@0: #---------------------------------------------------------------- sl@0: # Run some SELECTs, INSERTs, UPDATEs and DELETEs in a transaction. sl@0: # sl@0: set E {{no such col} {ambiguous column name} {table}} sl@0: do_test fuzz-7.1 {execsql BEGIN} {} sl@0: do_fuzzy_test fuzz-7.2 -template {[Statement]} -errorlist $E sl@0: integrity_check fuzz-7.3.integrity sl@0: do_test fuzz-7.4 {execsql COMMIT} {} sl@0: integrity_check fuzz-7.5.integrity sl@0: sl@0: #---------------------------------------------------------------- sl@0: # Many CREATE and DROP TABLE statements: sl@0: # sl@0: set E [list table duplicate {no such col} {ambiguous column name} {use DROP}] sl@0: do_fuzzy_test fuzz-8.1 -template {[CreateOrDropTableOrView]} -errorlist $E sl@0: sl@0: close $::log sl@0: finish_test