309 lines
9.7 KiB
C
309 lines
9.7 KiB
C
/*
|
|
** 2018-03-21
|
|
**
|
|
** The author disclaims copyright to this source code. In place of
|
|
** a legal notice, here is a blessing:
|
|
**
|
|
** May you do good and not evil.
|
|
** May you find forgiveness for yourself and forgive others.
|
|
** May you share freely, never taking more than you give.
|
|
**
|
|
*************************************************************************
|
|
**
|
|
** This program attempts to verify the correctness of the SQLite query
|
|
** optimizer by fuzzing.
|
|
**
|
|
** The input is an SQL script, presumably generated by a fuzzer. The
|
|
** argument is the name of the input. If no files are named, standard
|
|
** input is read.
|
|
**
|
|
** The SQL script is run twice, once with optimization enabled, and again
|
|
** with optimization disabled. If the output is not equivalent, an error
|
|
** is printed and the program returns non-zero.
|
|
*/
|
|
|
|
/* Include the SQLite amalgamation, after making appropriate #defines.
|
|
*/
|
|
#define SQLITE_THREADSAFE 0
|
|
#define SQLITE_OMIT_LOAD_EXTENSION 1
|
|
#include "sqlite3.c"
|
|
|
|
/* Content of the read-only test database */
|
|
#include "optfuzz-db01.c"
|
|
|
|
/*
|
|
** Prepare a single SQL statement. Panic if anything goes wrong
|
|
*/
|
|
static sqlite3_stmt *prepare_sql(sqlite3 *db, const char *zFormat, ...){
|
|
char *zSql;
|
|
int rc;
|
|
sqlite3_stmt *pStmt = 0;
|
|
va_list ap;
|
|
|
|
va_start(ap, zFormat);
|
|
zSql = sqlite3_vmprintf(zFormat, ap);
|
|
va_end(ap);
|
|
rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0);
|
|
if( rc ){
|
|
printf("Error: %s\nSQL: %s\n",
|
|
sqlite3_errmsg(db), zSql);
|
|
exit(1);
|
|
}
|
|
sqlite3_free(zSql);
|
|
return pStmt;
|
|
}
|
|
|
|
/*
|
|
** Run SQL. Panic if anything goes wrong
|
|
*/
|
|
static void run_sql(sqlite3 *db, const char *zFormat, ...){
|
|
char *zSql;
|
|
int rc;
|
|
char *zErr = 0;
|
|
va_list ap;
|
|
|
|
va_start(ap, zFormat);
|
|
zSql = sqlite3_vmprintf(zFormat, ap);
|
|
va_end(ap);
|
|
rc = sqlite3_exec(db, zSql, 0, 0, &zErr);
|
|
if( rc || zErr ){
|
|
printf("Error: %s\nsqlite3_errmsg: %s\nSQL: %s\n",
|
|
zErr, sqlite3_errmsg(db), zSql);
|
|
exit(1);
|
|
}
|
|
sqlite3_free(zSql);
|
|
}
|
|
|
|
/*
|
|
** Run one or more SQL statements contained in zSql against database dbRun.
|
|
** Store the input in database dbOut.
|
|
*/
|
|
static int optfuzz_exec(
|
|
sqlite3 *dbRun, /* The database on which the SQL executes */
|
|
const char *zSql, /* The SQL to be executed */
|
|
sqlite3 *dbOut, /* Store results in this database */
|
|
const char *zOutTab, /* Store results in this table of dbOut */
|
|
int *pnStmt, /* Write the number of statements here */
|
|
int *pnRow, /* Write the number of rows here */
|
|
int bTrace /* Print query results if true */
|
|
){
|
|
int rc = SQLITE_OK; /* Return code */
|
|
const char *zLeftover; /* Tail of unprocessed SQL */
|
|
sqlite3_stmt *pStmt = 0; /* The current SQL statement */
|
|
sqlite3_stmt *pIns = 0; /* Statement to insert into dbOut */
|
|
const char *zCol; /* Single column value */
|
|
int nCol; /* Number of output columns */
|
|
char zLine[4000]; /* Complete row value */
|
|
|
|
run_sql(dbOut, "BEGIN");
|
|
run_sql(dbOut, "CREATE TABLE IF NOT EXISTS staging(x TEXT)");
|
|
run_sql(dbOut, "CREATE TABLE IF NOT EXISTS \"%w\"(x TEXT)", zOutTab);
|
|
pIns = prepare_sql(dbOut, "INSERT INTO staging(x) VALUES(?1)");
|
|
*pnRow = *pnStmt = 0;
|
|
while( rc==SQLITE_OK && zSql && zSql[0] ){
|
|
zLeftover = 0;
|
|
rc = sqlite3_prepare_v2(dbRun, zSql, -1, &pStmt, &zLeftover);
|
|
zSql = zLeftover;
|
|
assert( rc==SQLITE_OK || pStmt==0 );
|
|
if( rc!=SQLITE_OK ){
|
|
printf("Error with [%s]\n%s\n", zSql, sqlite3_errmsg(dbRun));
|
|
break;
|
|
}
|
|
if( !pStmt ) continue;
|
|
(*pnStmt)++;
|
|
nCol = sqlite3_column_count(pStmt);
|
|
run_sql(dbOut, "DELETE FROM staging;");
|
|
while( sqlite3_step(pStmt)==SQLITE_ROW ){
|
|
int i, j;
|
|
for(i=j=0; i<nCol && j<sizeof(zLine)-50; i++){
|
|
int eType = sqlite3_column_type(pStmt, i);
|
|
if( eType==SQLITE_NULL ){
|
|
zCol = "NULL";
|
|
}else{
|
|
zCol = (const char*)sqlite3_column_text(pStmt, i);
|
|
}
|
|
if( i ) zLine[j++] = ',';
|
|
if( eType==SQLITE_TEXT ){
|
|
sqlite3_snprintf(sizeof(zLine)-j, zLine+j, "'%q'", zCol);
|
|
}else{
|
|
sqlite3_snprintf(sizeof(zLine)-j, zLine+j, "%s", zCol);
|
|
}
|
|
j += (int)strlen(zLine+j);
|
|
}
|
|
/* Detect if any row is too large and throw an error, because we will
|
|
** want to go back and look more closely at that case */
|
|
if( j>=sizeof(zLine)-100 ){
|
|
printf("Excessively long output line: %d bytes\n" ,j);
|
|
exit(1);
|
|
}
|
|
if( bTrace ){
|
|
printf("%s\n", zLine);
|
|
}
|
|
(*pnRow)++;
|
|
sqlite3_bind_text(pIns, 1, zLine, j, SQLITE_TRANSIENT);
|
|
rc = sqlite3_step(pIns);
|
|
assert( rc==SQLITE_DONE );
|
|
rc = sqlite3_reset(pIns);
|
|
}
|
|
run_sql(dbOut,
|
|
"INSERT INTO \"%w\"(x) VALUES('### %q ###')",
|
|
zOutTab, sqlite3_sql(pStmt)
|
|
);
|
|
run_sql(dbOut,
|
|
"INSERT INTO \"%w\"(x) SELECT group_concat(x,char(10))"
|
|
" FROM (SELECT x FROM staging ORDER BY x)",
|
|
zOutTab
|
|
);
|
|
run_sql(dbOut, "COMMIT");
|
|
sqlite3_finalize(pStmt);
|
|
pStmt = 0;
|
|
}
|
|
sqlite3_finalize(pStmt);
|
|
sqlite3_finalize(pIns);
|
|
return rc;
|
|
}
|
|
|
|
/*
|
|
** Read the content of file zName into memory obtained from sqlite3_malloc64()
|
|
** and return a pointer to the buffer. The caller is responsible for freeing
|
|
** the memory.
|
|
**
|
|
** If parameter pnByte is not NULL, (*pnByte) is set to the number of bytes
|
|
** read.
|
|
**
|
|
** For convenience, a nul-terminator byte is always appended to the data read
|
|
** from the file before the buffer is returned. This byte is not included in
|
|
** the final value of (*pnByte), if applicable.
|
|
**
|
|
** NULL is returned if any error is encountered. The final value of *pnByte
|
|
** is undefined in this case.
|
|
*/
|
|
static char *readFile(const char *zName, int *pnByte){
|
|
FILE *in = fopen(zName, "rb");
|
|
long nIn;
|
|
size_t nRead;
|
|
char *pBuf;
|
|
if( in==0 ) return 0;
|
|
fseek(in, 0, SEEK_END);
|
|
nIn = ftell(in);
|
|
rewind(in);
|
|
pBuf = sqlite3_malloc64( nIn+1 );
|
|
if( pBuf==0 ) return 0;
|
|
nRead = fread(pBuf, nIn, 1, in);
|
|
fclose(in);
|
|
if( nRead!=1 ){
|
|
sqlite3_free(pBuf);
|
|
return 0;
|
|
}
|
|
pBuf[nIn] = 0;
|
|
if( pnByte ) *pnByte = nIn;
|
|
return pBuf;
|
|
}
|
|
|
|
int main(int argc, char **argv){
|
|
int nIn = 0; /* Number of input files */
|
|
char **azIn = 0; /* Names of input files */
|
|
sqlite3 *dbOut = 0; /* Database to hold results */
|
|
sqlite3 *dbRun = 0; /* Database used for tests */
|
|
int bTrace = 0; /* Show query results */
|
|
int bShowValid = 0; /* Just list inputs that are valid SQL */
|
|
int nRow, nStmt; /* Number of rows and statements */
|
|
int i, rc;
|
|
|
|
for(i=1; i<argc; i++){
|
|
const char *z = argv[i];
|
|
if( z[0]=='-' && z[1]=='-' ) z++;
|
|
if( strcmp(z,"-help")==0 ){
|
|
printf("Usage: %s [OPTIONS] FILENAME ...\n", argv[0]);
|
|
printf("Options:\n");
|
|
printf(" --help Show his message\n");
|
|
printf(" --output-trace Show each line of SQL output\n");
|
|
printf(" --valid-sql List FILEs that are valid SQL\n");
|
|
return 0;
|
|
}
|
|
else if( strcmp(z,"-output-trace")==0 ){
|
|
bTrace = 1;
|
|
}
|
|
else if( strcmp(z,"-valid-sql")==0 ){
|
|
bShowValid = 1;
|
|
}
|
|
else if( z[0]=='-' ){
|
|
printf("unknown option \"%s\". Use --help for details\n", argv[i]);
|
|
return 1;
|
|
}
|
|
else {
|
|
nIn++;
|
|
azIn = realloc(azIn, sizeof(azIn[0])*nIn);
|
|
if( azIn==0 ){
|
|
printf("out of memory\n");
|
|
exit(1);
|
|
}
|
|
azIn[nIn-1] = argv[i];
|
|
}
|
|
}
|
|
|
|
sqlite3_open(":memory:", &dbOut);
|
|
sqlite3_open(":memory:", &dbRun);
|
|
sqlite3_deserialize(dbRun, "main", data001, sizeof(data001),
|
|
sizeof(data001), SQLITE_DESERIALIZE_READONLY);
|
|
for(i=0; i<nIn; i++){
|
|
char *zSql = readFile(azIn[i], 0);
|
|
sqlite3_stmt *pCk;
|
|
sqlite3_exec(dbRun, "ROLLBACK", 0, 0, 0);
|
|
if( bShowValid ){
|
|
rc = sqlite3_exec(dbRun, zSql, 0, 0, 0);
|
|
if( rc==SQLITE_OK ) printf("%s\n", azIn[i]);
|
|
sqlite3_free(zSql);
|
|
continue;
|
|
}
|
|
sqlite3_test_control(SQLITE_TESTCTRL_OPTIMIZATIONS, dbRun, 0);
|
|
if( bTrace ) printf("%s: Optimized\n", azIn[i]);
|
|
rc = optfuzz_exec(dbRun, zSql, dbOut, "opt", &nStmt, &nRow, bTrace);
|
|
if( rc ){
|
|
printf("%s: optimized run failed: %s\n",
|
|
azIn[i], sqlite3_errmsg(dbRun));
|
|
}else{
|
|
sqlite3_test_control(SQLITE_TESTCTRL_OPTIMIZATIONS, dbRun, 0xffff);
|
|
if( bTrace ) printf("%s: Non-optimized\n", azIn[i]);
|
|
rc = optfuzz_exec(dbRun, zSql, dbOut, "noopt", &nStmt, &nRow, bTrace);
|
|
if( rc ){
|
|
printf("%s: non-optimized run failed: %s\n",
|
|
azIn[i], sqlite3_errmsg(dbRun));
|
|
exit(1);
|
|
}
|
|
pCk = prepare_sql(dbOut,
|
|
"SELECT (SELECT group_concat(x,char(10)) FROM opt)=="
|
|
" (SELECT group_concat(x,char(10)) FROM noopt)");
|
|
rc = sqlite3_step(pCk);
|
|
if( rc!=SQLITE_ROW ){
|
|
printf("%s: comparison failed\n", sqlite3_errmsg(dbOut));
|
|
exit(1);
|
|
}
|
|
if( !sqlite3_column_int(pCk, 0) ){
|
|
printf("%s: opt/no-opt outputs differ\n", azIn[i]);
|
|
pCk = prepare_sql(dbOut,
|
|
"SELECT group_concat(x,char(10)) FROM opt "
|
|
"UNION ALL "
|
|
"SELECT group_concat(x,char(10)) FROM noopt");
|
|
sqlite3_step(pCk);
|
|
printf("opt:\n%s\n", sqlite3_column_text(pCk,0));
|
|
sqlite3_step(pCk);
|
|
printf("noopt:\n%s\n", sqlite3_column_text(pCk,0));
|
|
exit(1);
|
|
}else{
|
|
printf("%s: %d stmts %d rows ok\n", azIn[i], nStmt, nRow);
|
|
}
|
|
sqlite3_finalize(pCk);
|
|
}
|
|
sqlite3_free(zSql);
|
|
}
|
|
sqlite3_close(dbRun);
|
|
sqlite3_close(dbOut);
|
|
free(azIn);
|
|
if( sqlite3_memory_used() ){
|
|
printf("Memory leak of %lld bytes\n", sqlite3_memory_used());
|
|
exit(1);
|
|
}
|
|
return 0;
|
|
}
|