[DB Seminar] Spring 2020 DB Group: Finding Logic Bugs in Database Management Systems
Database Management Systems (DBMS) are used ubiquitously for storing and retrieving data. It is critical that they function correctly — incorrectly computed result sets (e.g., by omitting a row) can cause serious loss or damage. We refer to such defects as logic bugs. Despite their importance, finding logic bugs in production DBMS is a longstanding challenge. Existing techniques such as fuzzing and differential testing are ineffective in finding them. We have proposed a set of novel techniques to effectively detect logic bugs by tackling the two core technical issues: generating test queries and constructing test oracles. We designed, realized and evaluated these approaches on a range of widely-used, production-quality DBMS including SQLite, MySQL, PostgreSQL, CockroachDB, and TiDB. To date, we have reported over 400 unique previously unknown bugs in these systems, over 350 of which have been fixed by the developers. Notably, half of our reports were logic bugs, with the remaining errors and crash bugs. Our work has provided solid methodological and technical bases for effectively testing DBMS in practice and already started seeing industrial adoption.
Zoom Link: https://cmu.zoom.us/j/562649242
Manuel Rigger is a postdoctoral researcher in the Advanced Software Technologies (AST) Lab at ETH Zurich, mentored by Zhendong Su. He is working on programming language implementation, software reliability, and systems. In his recent work, he has been focusing on automatically testing Database Management Systems, part of which he found over 400 bugs in widely-used systems such as SQLite, MySQL, PostgreSQL, MariaDB, and CockroachDB. He completed his PhD at Johannes Kepler University Linz, mentored by Hanspeter Mössenböck, where he worked on the safe and efficient execution of unsafe languages (project Sulong). Part of his work was integrated into Oracle’s GraalVM to support the execution of LLVM IR on this platform.