Tech Talk – Finding Logic Bugs in Database Management Systems by Manuel Rigger from ETH Zurich
Date: Tuesday 22 March @ 09:30 – 10:30 (UK time)
Presenter: Manuel Rigger firstname.lastname@example.org
Affiliation: ETH Zurich
Manuel Rigger will join the National University of Singapore in summer 2022 as an Assistant Professor. Currently, he is a postdoctoral researcher in the Advanced Software Technologies (AST) Lab at ETH Zurich, mentored by Zhendong Su. His research goal is to make software more reliable by developing practical and principled approaches to tackle important challenges related to correctness, performance, and security. He draws on and contributes to the software engineering, systems, programming languages, and compilers fields.
Database Management Systems (DBMS) are used ubiquitously for storing and retrieving data. It is critical that they function correctly — incorrectly computed result sets (e.g., by omitting a row) can cause serious loss or damage. We refer to such defects as logic bugs. Despite their importance, finding logic bugs in production DBMS is a longstanding challenge. Existing techniques such as fuzzing and differential testing are ineffective in finding them. We have proposed a set of novel techniques to effectively detect logic bugs by tackling the two core technical issues: generating test queries and constructing test oracles. We designed, realized and evaluated these approaches on a range of widely-used, production-quality DBMS. To date, we have reported over 450 unique previously unknown bugs in these systems, over 350 of which have been fixed by the developers. Notably, half of our reports were logic bugs, with the remaining errors and crash bugs. Our work has provided solid methodological and technical bases for effectively testing DBMS in practice.
- SQLancer: https://github.com/sqlancer/sqlancer
- Lab @ NUS: https://mrigger.github.io/
- Ternary Logic Partitioning (TLP) Paper: https://www.manuelrigger.at/preprints/TLP.pdf
Meeting Link: https://welink.zhumu.com/j/886911476
Everyone is welcome.