1db83f823Sdrh# 2007 May 10 2def0fec8Sdanielk1977# 3def0fec8Sdanielk1977# The author disclaims copyright to this source code. In place of 4def0fec8Sdanielk1977# a legal notice, here is a blessing: 5def0fec8Sdanielk1977# 6def0fec8Sdanielk1977# May you do good and not evil. 7def0fec8Sdanielk1977# May you find forgiveness for yourself and forgive others. 8def0fec8Sdanielk1977# May you share freely, never taking more than you give. 9def0fec8Sdanielk1977# 10def0fec8Sdanielk1977#*********************************************************************** 11def0fec8Sdanielk1977# This file implements regression tests for SQLite library. The 12db83f823Sdrh# focus of this file is generating semi-random strings of SQL 131e4eaeb5Sdanielk1977# (a.k.a. "fuzz") and sending it into the parser to try to 141e4eaeb5Sdanielk1977# generate errors. 15def0fec8Sdanielk1977# 161e4eaeb5Sdanielk1977# The tests in this file are really about testing fuzzily generated 171e4eaeb5Sdanielk1977# SQL parse-trees. The majority of the fuzzily generated SQL is 181e4eaeb5Sdanielk1977# valid as far as the parser is concerned. 191e4eaeb5Sdanielk1977# 201e4eaeb5Sdanielk1977# The most complicated trees are for SELECT statements. 211e4eaeb5Sdanielk1977# 22f0d0a8dcSdanielk1977# $Id: fuzz.test,v 1.19 2009/04/28 11:10:39 danielk1977 Exp $ 23def0fec8Sdanielk1977 24def0fec8Sdanielk1977set testdir [file dirname $argv0] 25def0fec8Sdanielk1977source $testdir/tester.tcl 26def0fec8Sdanielk1977 27fa2bb6daSdanielk1977set ::REPEATS 5000 285453b8daSdanielk1977 295453b8daSdanielk1977# If running quick.test, don't do so many iterations. 30430e74cdSdanif {[info exists ::G(isquick)]} { 31430e74cdSdan if {$::G(isquick)} { set ::REPEATS 20 } 3215d7982aSdanielk1977} 331f7c83e2Sdanielk1977 34c9cf901dSdanielk1977source $testdir/fuzz_common.tcl 3566cd1822Sdrhexpr srand(0) 36bcfc4bc7Sdanielk1977 37f75232f7Sdanielk1977#---------------------------------------------------------------- 38f75232f7Sdanielk1977# These tests caused errors that were first caught by the tests 39f75232f7Sdanielk1977# in this file. They are still here. 40def0fec8Sdanielk1977do_test fuzz-1.1 { 41def0fec8Sdanielk1977 execsql { 42def0fec8Sdanielk1977 SELECT 'abc' LIKE X'ABCD'; 43def0fec8Sdanielk1977 } 44def0fec8Sdanielk1977} {0} 45def0fec8Sdanielk1977do_test fuzz-1.2 { 46def0fec8Sdanielk1977 execsql { 47def0fec8Sdanielk1977 SELECT 'abc' LIKE zeroblob(10); 48def0fec8Sdanielk1977 } 49def0fec8Sdanielk1977} {0} 50def0fec8Sdanielk1977do_test fuzz-1.3 { 51def0fec8Sdanielk1977 execsql { 52def0fec8Sdanielk1977 SELECT zeroblob(10) LIKE 'abc'; 53def0fec8Sdanielk1977 } 54def0fec8Sdanielk1977} {0} 55def0fec8Sdanielk1977do_test fuzz-1.4 { 56def0fec8Sdanielk1977 execsql { 57def0fec8Sdanielk1977 SELECT (- -21) % NOT (456 LIKE zeroblob(10)); 58def0fec8Sdanielk1977 } 59def0fec8Sdanielk1977} {0} 60f75232f7Sdanielk1977do_test fuzz-1.5 { 61f75232f7Sdanielk1977 execsql { 62f75232f7Sdanielk1977 SELECT (SELECT ( 63f75232f7Sdanielk1977 SELECT (SELECT -2147483648) FROM (SELECT 1) ORDER BY 1 64f75232f7Sdanielk1977 )) 65def0fec8Sdanielk1977 } 66f75232f7Sdanielk1977} {-2147483648} 67f75232f7Sdanielk1977do_test fuzz-1.6 { 68f75232f7Sdanielk1977 execsql { 69f75232f7Sdanielk1977 SELECT 'abc', zeroblob(1) FROM (SELECT 1) ORDER BY 1 70f75232f7Sdanielk1977 } 71f75232f7Sdanielk1977} [execsql {SELECT 'abc', zeroblob(1)}] 72f75232f7Sdanielk1977 73f75232f7Sdanielk1977do_test fuzz-1.7 { 74f75232f7Sdanielk1977 execsql { 75d908f5abSdanielk1977 SELECT ( SELECT zeroblob(1000) FROM ( 76d908f5abSdanielk1977 SELECT * FROM (SELECT 'first') ORDER BY NOT 'in') 77639f45ffSdanielk1977 ) 78f75232f7Sdanielk1977 } 79d908f5abSdanielk1977} [execsql {SELECT zeroblob(1000)}] 80def0fec8Sdanielk1977 81bcfc4bc7Sdanielk1977do_test fuzz-1.8 { 821f7c83e2Sdanielk1977 # Problems with opcode OP_ToText (did not account for MEM_Zero). 831f7c83e2Sdanielk1977 # Also MemExpandBlob() was marking expanded blobs as nul-terminated. 841f7c83e2Sdanielk1977 # They are not. 85bcfc4bc7Sdanielk1977 execsql { 86bcfc4bc7Sdanielk1977 SELECT CAST(zeroblob(1000) AS text); 87bcfc4bc7Sdanielk1977 } 88bcfc4bc7Sdanielk1977} {{}} 89bcfc4bc7Sdanielk1977 901f7c83e2Sdanielk1977do_test fuzz-1.9 { 911f7c83e2Sdanielk1977 # This was causing a NULL pointer dereference of Expr.pList. 921f7c83e2Sdanielk1977 execsql { 931f7c83e2Sdanielk1977 SELECT 1 FROM (SELECT * FROM sqlite_master WHERE random()) 941f7c83e2Sdanielk1977 } 951f7c83e2Sdanielk1977} {} 961f7c83e2Sdanielk1977 971f7c83e2Sdanielk1977do_test fuzz-1.10 { 981f7c83e2Sdanielk1977 # Bug in calculation of Parse.ckOffset causing an assert() 991f7c83e2Sdanielk1977 # to fail. Probably harmless. 1001f7c83e2Sdanielk1977 execsql { 1011f7c83e2Sdanielk1977 SELECT coalesce(1, substr( 1, 2, length('in' IN (SELECT 1)))) 1021f7c83e2Sdanielk1977 } 1031f7c83e2Sdanielk1977} {1} 1041f7c83e2Sdanielk1977 1051e4eaeb5Sdanielk1977do_test fuzz-1.11 { 1061e4eaeb5Sdanielk1977 # The literals (A, B, C, D) are not important, they are just used 1071e4eaeb5Sdanielk1977 # to make the EXPLAIN output easier to read. 1081e4eaeb5Sdanielk1977 # 1091e4eaeb5Sdanielk1977 # The problem here is that the EXISTS(...) expression leaves an 1101e4eaeb5Sdanielk1977 # extra value on the VDBE stack. This is confusing the parent and 1111e4eaeb5Sdanielk1977 # leads to an assert() failure when OP_Insert encounters an integer 1121e4eaeb5Sdanielk1977 # when it expects a record blob. 1131e4eaeb5Sdanielk1977 # 1141e4eaeb5Sdanielk1977 # Update: Any query with (LIMIT 0) was leaking stack. 1151e4eaeb5Sdanielk1977 # 1161e4eaeb5Sdanielk1977 execsql { 1171e4eaeb5Sdanielk1977 SELECT 'A' FROM (SELECT 'B') ORDER BY EXISTS ( 1181e4eaeb5Sdanielk1977 SELECT 'C' FROM (SELECT 'D' LIMIT 0) 1191e4eaeb5Sdanielk1977 ) 1201e4eaeb5Sdanielk1977 } 1211e4eaeb5Sdanielk1977} {A} 1221e4eaeb5Sdanielk1977 123fa2bb6daSdanielk1977do_test fuzz-1.12.1 { 124fa2bb6daSdanielk1977 # Create a table with a single row. 125fa2bb6daSdanielk1977 execsql { 126fa2bb6daSdanielk1977 CREATE TABLE abc(b); 127fa2bb6daSdanielk1977 INSERT INTO abc VALUES('ABCDE'); 128fa2bb6daSdanielk1977 } 129fa2bb6daSdanielk1977 130fa2bb6daSdanielk1977 # The following query was crashing. The later subquery (in the FROM) 131fa2bb6daSdanielk1977 # clause was flattened into the parent, but the code was not repairng 132fa2bb6daSdanielk1977 # the "b" reference in the other sub-query. When the query was executed, 133fa2bb6daSdanielk1977 # that "b" refered to a non-existant vdbe table-cursor. 134fa2bb6daSdanielk1977 # 135fa2bb6daSdanielk1977 execsql { 136fa2bb6daSdanielk1977 SELECT 1 IN ( SELECT b UNION SELECT 1 ) FROM (SELECT b FROM abc); 137fa2bb6daSdanielk1977 } 138fa2bb6daSdanielk1977} {1} 139fa2bb6daSdanielk1977do_test fuzz-1.12.2 { 140fa2bb6daSdanielk1977 # Clean up after the previous query. 141fa2bb6daSdanielk1977 execsql { 142fa2bb6daSdanielk1977 DROP TABLE abc; 143fa2bb6daSdanielk1977 } 144fa2bb6daSdanielk1977} {} 145fa2bb6daSdanielk1977 146a670b226Sdanielk1977 147a670b226Sdanielk1977do_test fuzz-1.13 { 148a670b226Sdanielk1977 # The problem here was that when there were more expressions in 149a670b226Sdanielk1977 # the ORDER BY list than the result-set list. The temporary b-tree 150a670b226Sdanielk1977 # used for sorting was being misconfigured in this case. 151a670b226Sdanielk1977 # 152a670b226Sdanielk1977 execsql { 153a670b226Sdanielk1977 SELECT 'abcd' UNION SELECT 'efgh' ORDER BY 1 ASC, 1 ASC; 154a670b226Sdanielk1977 } 155a670b226Sdanielk1977} {abcd efgh} 156a670b226Sdanielk1977 15715d7982aSdanielk1977do_test fuzz-1.14.1 { 15815d7982aSdanielk1977 execsql { 15915d7982aSdanielk1977 CREATE TABLE abc(a, b, c); 16015d7982aSdanielk1977 INSERT INTO abc VALUES(123, 456, 789); 16115d7982aSdanielk1977 } 16215d7982aSdanielk1977 16315d7982aSdanielk1977 # The [a] reference in the sub-select was causing a problem. Because 16415d7982aSdanielk1977 # the internal walkSelectExpr() function was not considering compound 16515d7982aSdanielk1977 # SELECT operators. 16615d7982aSdanielk1977 execsql { 16715d7982aSdanielk1977 SELECT 1 FROM abc 16815d7982aSdanielk1977 GROUP BY c HAVING EXISTS (SELECT a UNION SELECT 123); 16915d7982aSdanielk1977 } 17015d7982aSdanielk1977} {1} 17115d7982aSdanielk1977do_test fuzz-1.14.2 { 17215d7982aSdanielk1977 execsql { 17315d7982aSdanielk1977 DROP TABLE abc; 17415d7982aSdanielk1977 } 17515d7982aSdanielk1977} {} 17615d7982aSdanielk1977 17766cd1822Sdrh# Making sure previously discovered errors have been fixed. 17866cd1822Sdrh# 17966cd1822Sdrhdo_test fuzz-1.15 { 18066cd1822Sdrh execsql { 18166cd1822Sdrh SELECT hex(CAST(zeroblob(1000) AS integer)) 18266cd1822Sdrh } 18366cd1822Sdrh} {30} 18466cd1822Sdrh 18566cd1822Sdrhdo_test fuzz-1.16.1 { 18666cd1822Sdrh execsql { 18766cd1822Sdrh CREATE TABLE abc(a, b, c); 18866cd1822Sdrh CREATE TABLE def(a, b, c); 18966cd1822Sdrh CREATE TABLE ghi(a, b, c); 19066cd1822Sdrh } 19166cd1822Sdrh} {} 19266cd1822Sdrhdo_test fuzz-1.16.2 { 19366cd1822Sdrh catchsql { 19466cd1822Sdrh SELECT DISTINCT EXISTS( 19566cd1822Sdrh SELECT 1 19666cd1822Sdrh FROM ( 19766cd1822Sdrh SELECT C FROM (SELECT 1) 19866cd1822Sdrh ) 19966cd1822Sdrh WHERE (SELECT c) 20066cd1822Sdrh ) 20166cd1822Sdrh FROM abc 20266cd1822Sdrh } 20366cd1822Sdrh} {0 {}} 20466cd1822Sdrhdo_test fuzz-1.16.3 { 20566cd1822Sdrh catchsql { 20666cd1822Sdrh SELECT DISTINCT substr(-456 ISNULL,zeroblob(1000), EXISTS( 20766cd1822Sdrh SELECT DISTINCT EXISTS( 20866cd1822Sdrh SELECT DISTINCT b FROM abc 20966cd1822Sdrh ORDER BY EXISTS ( 21066cd1822Sdrh SELECT DISTINCT 2147483647 UNION ALL SELECT -2147483648 21166cd1822Sdrh ) ASC 21266cd1822Sdrh ) 21366cd1822Sdrh FROM ( 21466cd1822Sdrh SELECT c, c FROM ( 21566cd1822Sdrh SELECT 456, 'injection' ORDER BY 56.1 ASC, -56.1 DESC 21666cd1822Sdrh ) 21766cd1822Sdrh ) 21866cd1822Sdrh GROUP BY (SELECT ALL (SELECT DISTINCT 'hardware')) 21966cd1822Sdrh HAVING ( 22066cd1822Sdrh SELECT DISTINCT c 22166cd1822Sdrh FROM ( 22266cd1822Sdrh SELECT ALL -2147483648, 'experiments' 22366cd1822Sdrh ORDER BY -56.1 ASC, -56.1 DESC 22466cd1822Sdrh ) 22566cd1822Sdrh GROUP BY (SELECT DISTINCT 456) IN 22666cd1822Sdrh (SELECT DISTINCT 'injection') NOT IN (SELECT ALL -456) 22766cd1822Sdrh HAVING EXISTS ( 22866cd1822Sdrh SELECT ALL 'injection' 22966cd1822Sdrh ) 23066cd1822Sdrh ) 23166cd1822Sdrh UNION ALL 23266cd1822Sdrh SELECT a IN ( 23366cd1822Sdrh SELECT -2147483647 23466cd1822Sdrh UNION ALL 23566cd1822Sdrh SELECT ALL 'injection' 23666cd1822Sdrh ) 23766cd1822Sdrh FROM sqlite_master 23866cd1822Sdrh ) -- end EXISTS 23966cd1822Sdrh ) /* end SUBSTR() */, c NOTNULL ISNULL 24066cd1822Sdrh FROM abc 24166cd1822Sdrh ORDER BY CAST(-56.1 AS blob) ASC 24266cd1822Sdrh } 24366cd1822Sdrh} {0 {}} 24466cd1822Sdrhdo_test fuzz-1.16.4 { 24566cd1822Sdrh execsql { 24666cd1822Sdrh DROP TABLE abc; DROP TABLE def; DROP TABLE ghi; 24766cd1822Sdrh } 24866cd1822Sdrh} {} 24966cd1822Sdrh 250de58ddb7Sdrhdo_test fuzz-1.17 { 251de58ddb7Sdrh catchsql { 252de58ddb7Sdrh SELECT 'hardware', 56.1 NOTNULL, random()&0 253de58ddb7Sdrh FROM ( 254de58ddb7Sdrh SELECT ALL lower(~ EXISTS ( 255de58ddb7Sdrh SELECT 1 NOT IN (SELECT ALL 1) 256de58ddb7Sdrh )), CAST(456 AS integer), -2147483647 257de58ddb7Sdrh FROM ( 258de58ddb7Sdrh SELECT DISTINCT -456, CAST(1 AS integer) ISNULL 259de58ddb7Sdrh FROM (SELECT ALL 2147483647, typeof(2147483649)) 260de58ddb7Sdrh ) 261de58ddb7Sdrh ) 262de58ddb7Sdrh GROUP BY CAST(CAST('experiments' AS blob) AS blob) 263de58ddb7Sdrh HAVING random() 264de58ddb7Sdrh } 265de58ddb7Sdrh} {0 {hardware 1 0}} 266de58ddb7Sdrh 267813f31eaSdrhdo_test fuzz-1.18 { 268813f31eaSdrh catchsql { 269813f31eaSdrh SELECT -2147483649 << upper('fault' NOT IN ( 270813f31eaSdrh SELECT ALL ( 271813f31eaSdrh SELECT ALL -1 272813f31eaSdrh ORDER BY -2147483649 273813f31eaSdrh LIMIT ( 274813f31eaSdrh SELECT ALL ( 275813f31eaSdrh SELECT 0 EXCEPT SELECT DISTINCT 'experiments' ORDER BY 1 ASC 276813f31eaSdrh ) 277813f31eaSdrh ) 278813f31eaSdrh OFFSET EXISTS ( 279813f31eaSdrh SELECT ALL 280813f31eaSdrh (SELECT ALL -2147483648) NOT IN ( 281813f31eaSdrh SELECT ALL 123456789.1234567899 282813f31eaSdrh ) IN (SELECT 2147483649) 283813f31eaSdrh FROM sqlite_master 284813f31eaSdrh ) NOT IN (SELECT ALL 'The') 285813f31eaSdrh ) 286813f31eaSdrh )) 287813f31eaSdrh } 288a153643bSdan} {0 {{}}} 289813f31eaSdrh 290f0d0a8dcSdanielk1977# At one point the following INSERT statement caused an assert() to fail. 291f0d0a8dcSdanielk1977# 292f0d0a8dcSdanielk1977do_test fuzz-1.19 { 293f0d0a8dcSdanielk1977 execsql { CREATE TABLE t1(a) } 294f0d0a8dcSdanielk1977 catchsql { 295f0d0a8dcSdanielk1977 INSERT INTO t1 VALUES( 296f0d0a8dcSdanielk1977 CASE WHEN NULL THEN NULL ELSE ( SELECT 0 ORDER BY 456 ) END 297f0d0a8dcSdanielk1977 ) 298f0d0a8dcSdanielk1977 } 299f0d0a8dcSdanielk1977} {1 {1st ORDER BY term out of range - should be between 1 and 1}} 300f0d0a8dcSdanielk1977do_test fuzz-1.20 { 301f0d0a8dcSdanielk1977 execsql { DROP TABLE t1 } 302f0d0a8dcSdanielk1977} {} 303f0d0a8dcSdanielk1977 304f75232f7Sdanielk1977#---------------------------------------------------------------- 305f75232f7Sdanielk1977# Test some fuzzily generated expressions. 306f75232f7Sdanielk1977# 307bcfc4bc7Sdanielk1977do_fuzzy_test fuzz-2 -template { SELECT [Expr] } 308f75232f7Sdanielk1977 309f75232f7Sdanielk1977do_test fuzz-3.1 { 310f75232f7Sdanielk1977 execsql { 311f75232f7Sdanielk1977 CREATE TABLE abc(a, b, c); 312bcfc4bc7Sdanielk1977 CREATE TABLE def(a, b, c); 313bcfc4bc7Sdanielk1977 CREATE TABLE ghi(a, b, c); 314f75232f7Sdanielk1977 } 315f75232f7Sdanielk1977} {} 316f75232f7Sdanielk1977set ::TableList [list abc def ghi] 317f75232f7Sdanielk1977 318f75232f7Sdanielk1977#---------------------------------------------------------------- 319f75232f7Sdanielk1977# Test some fuzzily generated SELECT statements. 320f75232f7Sdanielk1977# 321bcfc4bc7Sdanielk1977do_fuzzy_test fuzz-3.2 -template {[Select]} 322f75232f7Sdanielk1977 323bcfc4bc7Sdanielk1977#---------------------------------------------------------------- 324bcfc4bc7Sdanielk1977# Insert a small amount of data into the database and then run 325bcfc4bc7Sdanielk1977# some more generated SELECT statements. 326bcfc4bc7Sdanielk1977# 327bcfc4bc7Sdanielk1977do_test fuzz-4.1 { 328bcfc4bc7Sdanielk1977 execsql { 329bcfc4bc7Sdanielk1977 INSERT INTO abc VALUES(1, 2, 3); 330bcfc4bc7Sdanielk1977 INSERT INTO abc VALUES(4, 5, 6); 331bcfc4bc7Sdanielk1977 INSERT INTO abc VALUES(7, 8, 9); 332bcfc4bc7Sdanielk1977 INSERT INTO def VALUES(1, 2, 3); 333bcfc4bc7Sdanielk1977 INSERT INTO def VALUES(4, 5, 6); 334bcfc4bc7Sdanielk1977 INSERT INTO def VALUES(7, 8, 9); 335bcfc4bc7Sdanielk1977 INSERT INTO ghi VALUES(1, 2, 3); 336bcfc4bc7Sdanielk1977 INSERT INTO ghi VALUES(4, 5, 6); 337bcfc4bc7Sdanielk1977 INSERT INTO ghi VALUES(7, 8, 9); 338bcfc4bc7Sdanielk1977 CREATE INDEX abc_i ON abc(a, b, c); 339bcfc4bc7Sdanielk1977 CREATE INDEX def_i ON def(c, a, b); 340bcfc4bc7Sdanielk1977 CREATE INDEX ghi_i ON ghi(b, c, a); 341bcfc4bc7Sdanielk1977 } 342bcfc4bc7Sdanielk1977} {} 343bcfc4bc7Sdanielk1977do_fuzzy_test fuzz-4.2 -template {[Select]} 344bcfc4bc7Sdanielk1977 345bcfc4bc7Sdanielk1977#---------------------------------------------------------------- 346bcfc4bc7Sdanielk1977# Test some fuzzy INSERT statements: 347bcfc4bc7Sdanielk1977# 348bcfc4bc7Sdanielk1977do_test fuzz-5.1 {execsql BEGIN} {} 349bcfc4bc7Sdanielk1977do_fuzzy_test fuzz-5.2 -template {[Insert]} -errorlist table 350bcfc4bc7Sdanielk1977integrity_check fuzz-5.2.integrity 351bcfc4bc7Sdanielk1977do_test fuzz-5.3 {execsql COMMIT} {} 352bcfc4bc7Sdanielk1977integrity_check fuzz-5.4.integrity 353bcfc4bc7Sdanielk1977 3541f7c83e2Sdanielk1977#---------------------------------------------------------------- 3551e4eaeb5Sdanielk1977# Now that there is data in the database, run some more SELECT 3561f7c83e2Sdanielk1977# statements 3571f7c83e2Sdanielk1977# 3581f7c83e2Sdanielk1977set ::ColumnList [list a b c] 3591f7c83e2Sdanielk1977set E {{no such col} {ambiguous column name}} 3601f7c83e2Sdanielk1977do_fuzzy_test fuzz-6.1 -template {[Select]} -errorlist $E 3611f7c83e2Sdanielk1977 3621f7c83e2Sdanielk1977#---------------------------------------------------------------- 3631f7c83e2Sdanielk1977# Run some SELECTs, INSERTs, UPDATEs and DELETEs in a transaction. 3641f7c83e2Sdanielk1977# 3651f7c83e2Sdanielk1977set E {{no such col} {ambiguous column name} {table}} 3661f7c83e2Sdanielk1977do_test fuzz-7.1 {execsql BEGIN} {} 3671f7c83e2Sdanielk1977do_fuzzy_test fuzz-7.2 -template {[Statement]} -errorlist $E 3681f7c83e2Sdanielk1977integrity_check fuzz-7.3.integrity 3691f7c83e2Sdanielk1977do_test fuzz-7.4 {execsql COMMIT} {} 3701f7c83e2Sdanielk1977integrity_check fuzz-7.5.integrity 371bcfc4bc7Sdanielk1977 3721e4eaeb5Sdanielk1977#---------------------------------------------------------------- 37315d7982aSdanielk1977# Many CREATE and DROP TABLE statements: 3741e4eaeb5Sdanielk1977# 375*8443505dSdanset E [list table view duplicate {no such col} {ambiguous column name} {use DROP}] 37615d7982aSdanielk1977do_fuzzy_test fuzz-8.1 -template {[CreateOrDropTableOrView]} -errorlist $E 3771e4eaeb5Sdanielk1977 378bcfc4bc7Sdanielk1977close $::log 379def0fec8Sdanielk1977finish_test 380