Detecting DBMS Bugs with Context-Sensitive Instantiation and Multi-Plan Execution

Kavli Affiliate: Ke Wang

| First 5 Authors: Jiaqi Li, Ke Wang, Yaoguang Chen, Yajin Zhou, Lei Wu

| Summary:

DBMS bugs can cause serious consequences, posing severe security and privacy
concerns. This paper works towards the detection of memory bugs and logic bugs
in DBMSs, and aims to solve the two innate challenges, including how to
generate semantically correct SQL queries in a test case, and how to propose
effective oracles to capture logic bugs. To this end, our system proposes two
key techniques. The first key technique is called context-sensitive
instantiation, which considers all static semantic requirements (including but
not limited to the identifier type used by existing systems) to generate
semantically valid SQL queries. The second key technique is called multi-plan
execution, which can effectively capture logic bugs. Given a test case,
multi-plan execution makes the DBMS execute all query plans instead of the
default optimal one, and compares the results. A logic bug is detected if a
difference is found among the execution results of the executed query plans. We
have implemented a prototype system called Kangaroo and applied it to three
widely used and well-tested DBMSs, including SQLite, PostgreSQL, and MySQL. Our
system successfully detected 50 new bugs. The comparison between our system
with the state-of-the-art systems shows that our system outperforms them in
terms of the number of generated semantically valid SQL queries, the explored
code paths during testing, and the detected bugs.

| Search Query: ArXiv Query: search_query=au:”Ke Wang”&id_list=&start=0&max_results=3

Read More