Prevent deep recursions on nested COLLATE operators.
[sqlite.git] / test / optfuzz.c
blob1992acac3a1668038c27c6bc858d1023ab4abfac
1 /*
2 ** 2018-03-21
3 **
4 ** The author disclaims copyright to this source code. In place of
5 ** a legal notice, here is a blessing:
6 **
7 ** May you do good and not evil.
8 ** May you find forgiveness for yourself and forgive others.
9 ** May you share freely, never taking more than you give.
11 *************************************************************************
13 ** This program attempts to verify the correctness of the SQLite query
14 ** optimizer by fuzzing.
16 ** The input is an SQL script, presumably generated by a fuzzer. The
17 ** argument is the name of the input. If no files are named, standard
18 ** input is read.
20 ** The SQL script is run twice, once with optimization enabled, and again
21 ** with optimization disabled. If the output is not equivalent, an error
22 ** is printed and the program returns non-zero.
25 /* Include the SQLite amalgamation, after making appropriate #defines.
27 #define SQLITE_THREADSAFE 0
28 #define SQLITE_OMIT_LOAD_EXTENSION 1
29 #define SQLITE_ENABLE_DESERIALIZE 1
30 #include "sqlite3.c"
32 /* Content of the read-only test database */
33 #include "optfuzz-db01.c"
36 ** Prepare a single SQL statement. Panic if anything goes wrong
38 static sqlite3_stmt *prepare_sql(sqlite3 *db, const char *zFormat, ...){
39 char *zSql;
40 int rc;
41 sqlite3_stmt *pStmt = 0;
42 va_list ap;
44 va_start(ap, zFormat);
45 zSql = sqlite3_vmprintf(zFormat, ap);
46 va_end(ap);
47 rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0);
48 if( rc ){
49 printf("Error: %s\nSQL: %s\n",
50 sqlite3_errmsg(db), zSql);
51 exit(1);
53 sqlite3_free(zSql);
54 return pStmt;
58 ** Run SQL. Panic if anything goes wrong
60 static void run_sql(sqlite3 *db, const char *zFormat, ...){
61 char *zSql;
62 int rc;
63 char *zErr = 0;
64 va_list ap;
66 va_start(ap, zFormat);
67 zSql = sqlite3_vmprintf(zFormat, ap);
68 va_end(ap);
69 rc = sqlite3_exec(db, zSql, 0, 0, &zErr);
70 if( rc || zErr ){
71 printf("Error: %s\nsqlite3_errmsg: %s\nSQL: %s\n",
72 zErr, sqlite3_errmsg(db), zSql);
73 exit(1);
75 sqlite3_free(zSql);
79 ** Run one or more SQL statements contained in zSql against database dbRun.
80 ** Store the input in database dbOut.
82 static int optfuzz_exec(
83 sqlite3 *dbRun, /* The database on which the SQL executes */
84 const char *zSql, /* The SQL to be executed */
85 sqlite3 *dbOut, /* Store results in this database */
86 const char *zOutTab, /* Store results in this table of dbOut */
87 int *pnStmt, /* Write the number of statements here */
88 int *pnRow, /* Write the number of rows here */
89 int bTrace /* Print query results if true */
91 int rc = SQLITE_OK; /* Return code */
92 const char *zLeftover; /* Tail of unprocessed SQL */
93 sqlite3_stmt *pStmt = 0; /* The current SQL statement */
94 sqlite3_stmt *pIns = 0; /* Statement to insert into dbOut */
95 const char *zCol; /* Single column value */
96 int nCol; /* Number of output columns */
97 char zLine[4000]; /* Complete row value */
99 run_sql(dbOut, "BEGIN");
100 run_sql(dbOut, "CREATE TABLE IF NOT EXISTS staging(x TEXT)");
101 run_sql(dbOut, "CREATE TABLE IF NOT EXISTS \"%w\"(x TEXT)", zOutTab);
102 pIns = prepare_sql(dbOut, "INSERT INTO staging(x) VALUES(?1)");
103 *pnRow = *pnStmt = 0;
104 while( rc==SQLITE_OK && zSql && zSql[0] ){
105 zLeftover = 0;
106 rc = sqlite3_prepare_v2(dbRun, zSql, -1, &pStmt, &zLeftover);
107 zSql = zLeftover;
108 assert( rc==SQLITE_OK || pStmt==0 );
109 if( rc!=SQLITE_OK ){
110 printf("Error with [%s]\n%s\n", zSql, sqlite3_errmsg(dbRun));
111 break;
113 if( !pStmt ) continue;
114 (*pnStmt)++;
115 nCol = sqlite3_column_count(pStmt);
116 run_sql(dbOut, "DELETE FROM staging;");
117 while( sqlite3_step(pStmt)==SQLITE_ROW ){
118 int i, j;
119 for(i=j=0; i<nCol && j<sizeof(zLine)-50; i++){
120 int eType = sqlite3_column_type(pStmt, i);
121 if( eType==SQLITE_NULL ){
122 zCol = "NULL";
123 }else{
124 zCol = (const char*)sqlite3_column_text(pStmt, i);
126 if( i ) zLine[j++] = ',';
127 if( eType==SQLITE_TEXT ){
128 sqlite3_snprintf(sizeof(zLine)-j, zLine+j, "'%q'", zCol);
129 }else{
130 sqlite3_snprintf(sizeof(zLine)-j, zLine+j, "%s", zCol);
132 j += (int)strlen(zLine+j);
134 /* Detect if any row is too large and throw an error, because we will
135 ** want to go back and look more closely at that case */
136 if( j>=sizeof(zLine)-100 ){
137 printf("Excessively long output line: %d bytes\n" ,j);
138 exit(1);
140 if( bTrace ){
141 printf("%s\n", zLine);
143 (*pnRow)++;
144 sqlite3_bind_text(pIns, 1, zLine, j, SQLITE_TRANSIENT);
145 rc = sqlite3_step(pIns);
146 assert( rc==SQLITE_DONE );
147 rc = sqlite3_reset(pIns);
149 run_sql(dbOut,
150 "INSERT INTO \"%w\"(x) VALUES('### %q ###')",
151 zOutTab, sqlite3_sql(pStmt)
153 run_sql(dbOut,
154 "INSERT INTO \"%w\"(x) SELECT group_concat(x,char(10))"
155 " FROM (SELECT x FROM staging ORDER BY x)",
156 zOutTab
158 run_sql(dbOut, "COMMIT");
159 sqlite3_finalize(pStmt);
160 pStmt = 0;
162 sqlite3_finalize(pStmt);
163 sqlite3_finalize(pIns);
164 return rc;
168 ** Read the content of file zName into memory obtained from sqlite3_malloc64()
169 ** and return a pointer to the buffer. The caller is responsible for freeing
170 ** the memory.
172 ** If parameter pnByte is not NULL, (*pnByte) is set to the number of bytes
173 ** read.
175 ** For convenience, a nul-terminator byte is always appended to the data read
176 ** from the file before the buffer is returned. This byte is not included in
177 ** the final value of (*pnByte), if applicable.
179 ** NULL is returned if any error is encountered. The final value of *pnByte
180 ** is undefined in this case.
182 static char *readFile(const char *zName, int *pnByte){
183 FILE *in = fopen(zName, "rb");
184 long nIn;
185 size_t nRead;
186 char *pBuf;
187 if( in==0 ) return 0;
188 fseek(in, 0, SEEK_END);
189 nIn = ftell(in);
190 rewind(in);
191 pBuf = sqlite3_malloc64( nIn+1 );
192 if( pBuf==0 ) return 0;
193 nRead = fread(pBuf, nIn, 1, in);
194 fclose(in);
195 if( nRead!=1 ){
196 sqlite3_free(pBuf);
197 return 0;
199 pBuf[nIn] = 0;
200 if( pnByte ) *pnByte = nIn;
201 return pBuf;
204 int main(int argc, char **argv){
205 int nIn = 0; /* Number of input files */
206 char **azIn = 0; /* Names of input files */
207 sqlite3 *dbOut = 0; /* Database to hold results */
208 sqlite3 *dbRun = 0; /* Database used for tests */
209 int bTrace = 0; /* Show query results */
210 int bShowValid = 0; /* Just list inputs that are valid SQL */
211 int nRow, nStmt; /* Number of rows and statements */
212 int i, rc;
214 for(i=1; i<argc; i++){
215 const char *z = argv[i];
216 if( z[0]=='-' && z[1]=='-' ) z++;
217 if( strcmp(z,"-help")==0 ){
218 printf("Usage: %s [OPTIONS] FILENAME ...\n", argv[0]);
219 printf("Options:\n");
220 printf(" --help Show his message\n");
221 printf(" --output-trace Show each line of SQL output\n");
222 printf(" --valid-sql List FILEs that are valid SQL\n");
223 return 0;
225 else if( strcmp(z,"-output-trace")==0 ){
226 bTrace = 1;
228 else if( strcmp(z,"-valid-sql")==0 ){
229 bShowValid = 1;
231 else if( z[0]=='-' ){
232 printf("unknown option \"%s\". Use --help for details\n", argv[i]);
233 return 1;
235 else {
236 nIn++;
237 azIn = realloc(azIn, sizeof(azIn[0])*nIn);
238 if( azIn==0 ){
239 printf("out of memory\n");
240 exit(1);
242 azIn[nIn-1] = argv[i];
246 sqlite3_open(":memory:", &dbOut);
247 sqlite3_open(":memory:", &dbRun);
248 sqlite3_deserialize(dbRun, "main", data001, sizeof(data001),
249 sizeof(data001), SQLITE_DESERIALIZE_READONLY);
250 for(i=0; i<nIn; i++){
251 char *zSql = readFile(azIn[i], 0);
252 sqlite3_stmt *pCk;
253 sqlite3_exec(dbRun, "ROLLBACK", 0, 0, 0);
254 if( bShowValid ){
255 rc = sqlite3_exec(dbRun, zSql, 0, 0, 0);
256 if( rc==SQLITE_OK ) printf("%s\n", azIn[i]);
257 sqlite3_free(zSql);
258 continue;
260 sqlite3_test_control(SQLITE_TESTCTRL_OPTIMIZATIONS, dbRun, 0);
261 if( bTrace ) printf("%s: Optimized\n", azIn[i]);
262 rc = optfuzz_exec(dbRun, zSql, dbOut, "opt", &nStmt, &nRow, bTrace);
263 if( rc ){
264 printf("%s: optimized run failed: %s\n",
265 azIn[i], sqlite3_errmsg(dbRun));
266 }else{
267 sqlite3_test_control(SQLITE_TESTCTRL_OPTIMIZATIONS, dbRun, 0xffff);
268 if( bTrace ) printf("%s: Non-optimized\n", azIn[i]);
269 rc = optfuzz_exec(dbRun, zSql, dbOut, "noopt", &nStmt, &nRow, bTrace);
270 if( rc ){
271 printf("%s: non-optimized run failed: %s\n",
272 azIn[i], sqlite3_errmsg(dbRun));
273 exit(1);
275 pCk = prepare_sql(dbOut,
276 "SELECT (SELECT group_concat(x,char(10)) FROM opt)=="
277 " (SELECT group_concat(x,char(10)) FROM noopt)");
278 rc = sqlite3_step(pCk);
279 if( rc!=SQLITE_ROW ){
280 printf("%s: comparison failed\n", sqlite3_errmsg(dbOut));
281 exit(1);
283 if( !sqlite3_column_int(pCk, 0) ){
284 printf("%s: opt/no-opt outputs differ\n", azIn[i]);
285 pCk = prepare_sql(dbOut,
286 "SELECT group_concat(x,char(10)) FROM opt "
287 "UNION ALL "
288 "SELECT group_concat(x,char(10)) FROM noopt");
289 sqlite3_step(pCk);
290 printf("opt:\n%s\n", sqlite3_column_text(pCk,0));
291 sqlite3_step(pCk);
292 printf("noopt:\n%s\n", sqlite3_column_text(pCk,0));
293 exit(1);
294 }else{
295 printf("%s: %d stmts %d rows ok\n", azIn[i], nStmt, nRow);
297 sqlite3_finalize(pCk);
299 sqlite3_free(zSql);
301 sqlite3_close(dbRun);
302 sqlite3_close(dbOut);
303 free(azIn);
304 if( sqlite3_memory_used() ){
305 printf("Memory leak of %lld bytes\n", sqlite3_memory_used());
306 exit(1);
308 return 0;