Detecting DBMS Bugs with Context-Sensitive Instantiation and Multi-Plan Execution

• URL: http://arxiv.org/abs/2312.04941v1
• Date: Fri, 8 Dec 2023 10:15:56 GMT
• Title: Detecting DBMS Bugs with Context-Sensitive Instantiation and Multi-Plan Execution
• Authors: Jiaqi Li, Ke Wang, Yaoguang Chen, Yajin Zhou, Lei Wu, Jiashui Wang,
• Abstract summary: This paper aims to solve the two challenges, including how to generate semantically correctsql queries in a test case, and how to propose effective oracles to capture logic bugs. We have implemented a prototype system called Kangaroo and applied three widely used and well-tested semantic codes. The comparison between our system with the state-of-the-art systems shows that our system outperforms them in terms of the number of generated semantically valid queries, the explored code paths during testing, and the detected bugs.
• Score: 11.18715154222032
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: DBMS bugs can cause serious consequences, posing severe security and privacy concerns. This paper works towards the detection of memory bugs and logic bugs in DBMSs, and aims to solve the two innate challenges, including how to generate semantically correct SQL queries in a test case, and how to propose effective oracles to capture logic bugs. To this end, our system proposes two key techniques. The first key technique is called context-sensitive instantiation, which considers all static semantic requirements (including but not limited to the identifier type used by existing systems) to generate semantically valid SQL queries. The second key technique is called multi-plan execution, which can effectively capture logic bugs. Given a test case, multi-plan execution makes the DBMS execute all query plans instead of the default optimal one, and compares the results. A logic bug is detected if a difference is found among the execution results of the executed query plans. We have implemented a prototype system called Kangaroo and applied it to three widely used and well-tested DBMSs, including SQLite, PostgreSQL, and MySQL. Our system successfully detected 50 new bugs. The comparison between our system with the state-of-the-art systems shows that our system outperforms them in terms of the number of generated semantically valid SQL queries, the explored code paths during testing, and the detected bugs.

Related papers

• Finding Logic Bugs in Spatial Database Engines via Affine Equivalent Inputs [6.291508085458252]
  Spatial Database Management Systems (SDBMSs) aim to store, manipulate, and retrieve spatial data. The presence of logic bugs in SDBMSs can lead to incorrect results. Detecting logic bugs in SDBMSs is challenging due to the lack of ground truth for identifying incorrect results.
  arXiv  Detail & Related papers  (2024-10-16T12:18:16Z)
• Tool-Assisted Agent on SQL Inspection and Refinement in Real-World Scenarios [28.55596803781757]
  Database mismatches are more prevalent in real-world scenarios. We introduce Spider-Mismatch, a new dataset constructed to reflect the condition mismatch problems encountered in real-world scenarios. Our method achieves the highest performance on the averaged results of the Spider and Spider-Realistic datasets in few-shot settings.
  arXiv  Detail & Related papers  (2024-08-30T03:38:37Z)
• SQLaser: Detecting DBMS Logic Bugs with Clause-Guided Fuzzing [17.421408394486072]
  Database Management Systems (DBMSs) are vital components in modern data-driven systems. Their complexity often leads to logic bugs, which can lead to incorrect query results, data exposure, unauthorized access, etc. Existing detection employs two strategies: rule-based bug detection and coverage-guided fuzzing.
  arXiv  Detail & Related papers  (2024-07-05T06:56:33Z)
• AMBROSIA: A Benchmark for Parsing Ambiguous Questions into Database Queries [56.82807063333088]
  We introduce a new benchmark, AMBROSIA, which we hope will inform and inspire the development of text-to-open programs. Our dataset contains questions showcasing three different types of ambiguity (scope ambiguity, attachment ambiguity, and vagueness) In each case, the ambiguity persists even when the database context is provided. This is achieved through a novel approach that involves controlled generation of databases from scratch.
  arXiv  Detail & Related papers  (2024-06-27T10:43:04Z)
• Testing Database Engines via Query Plan Guidance [6.789710498230718]
  We propose the concept of Query Plan Guidance (QPG) for guiding automated testing towards "interesting" test cases. We apply our method to three mature, widely-used, and diverse database systems-DBite, TiDB, and Cockroach-and found 53 unique, previously unknown bugs.
  arXiv  Detail & Related papers  (2023-12-29T08:09:47Z)
• UNITE: A Unified Benchmark for Text-to-SQL Evaluation [72.72040379293718]
  We introduce a UNIfied benchmark for Text-to-domain systems. It is composed of publicly available text-to-domain datasets and 29K databases. Compared to the widely used Spider benchmark, we introduce a threefold increase in SQL patterns.
  arXiv  Detail & Related papers  (2023-05-25T17:19:52Z)
• Wav2SQL: Direct Generalizable Speech-To-SQL Parsing [55.10009651476589]
  Speech-to-Spider (S2Spider) aims to convert spoken questions intosql queries given databases. We propose the first direct speech-to-speaker parsing model Wav2 which avoids error compounding across cascaded systems. Experimental results demonstrate that Wav2 avoids error compounding and achieves state-of-the-art results by up to 2.5% accuracy improvement over the baseline.
  arXiv  Detail & Related papers  (2023-05-21T19:26:46Z)
• Uni-Parser: Unified Semantic Parser for Question Answering on Knowledge Base and Database [86.03294330305097]
  We propose a unified semantic element for question answering (QA) on both knowledge bases (KB) and databases (DB) We introduce the primitive (relation and entity in KB, table name, column name and cell value in DB) as an essential element in our framework. We leverage the generator to predict final logical forms by altering and composing topranked primitives with different operations.
  arXiv  Detail & Related papers  (2022-11-09T19:33:27Z)
• S$^2$SQL: Injecting Syntax to Question-Schema Interaction Graph Encoder for Text-to-SQL Parsers [66.78665327694625]
  We propose S$2$, injecting Syntax to question- encoder graph for Text-to- relational parsing. We also employ the decoupling constraint to induce diverse edge embedding, which further improves the network's performance. Experiments on the Spider and robustness setting Spider-Syn demonstrate that the proposed approach outperforms all existing methods when pre-training models are used.
  arXiv  Detail & Related papers  (2022-03-14T09:49:15Z)
• "What makes my queries slow?": Subgroup Discovery for SQL Workload Analysis [1.3124513975412255]
  We introduce an original approach rooted on Subgroup Discovery. We show how to instantiate and develop this generic data-mining framework. We also provide a visualization tool for interactive knowledge discovery.
  arXiv  Detail & Related papers  (2021-08-09T09:44:13Z)
• Photon: A Robust Cross-Domain Text-to-SQL System [189.1405317853752]
  We present Photon, a robust, modular, cross-domain NLIDB that can flag natural language input to which a mapping cannot be immediately determined. The proposed method effectively improves the robustness of text-to-native system against untranslatable user input.
  arXiv  Detail & Related papers  (2020-07-30T07:44:48Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.