SQLancer: Automatically Finding Bugs in Databases
Abstract: This talk presents our work on automatic testing of Database Management Systems (DBMS), part of which we found over 400 bugs in widely-used DBMS such as SQLite, MySQL, and PostgreSQL. While crash bugs in DBMS can be detected via fuzzers such as AFL, we aim to detect correctness bugs, which cause a DBMS to produce an incorrect result set for a given query. These bugs are more difficult to detect, since it is unclear how an effective test oracle could be created that could judge whether a given result set is correct. We designed three practical approaches for finding correctness bugs that we implemented as a tool called SQLancer. Besides providing a general overview of the bug-finding techniques, we will also present a number of interesting and surprising bugs that we found in the DBMS that we tested.
The discussion following this talk will be moderated by Amir Shaikhha.
Manuel Rigger is a postdoctoral researcher in the Advanced Software Technologies (AST) Lab at ETH Zurich, mentored by Zhendong Su. He is working on programming language implementation, software reliability, and systems. He completed his PhD at Johannes Kepler University Linz, mentored by Hanspeter Mössenböck, and is known for his work on Sulong to support the safe execution of LLVM-based languages.
Tue 17 NovDisplayed time zone: Central Time (US & Canada) change
03:00 - 03:40
|SQLancer: Automatically Finding Bugs in Databases|
Manuel Rigger ETH ZurichMedia Attached