More about HKUST
Effective Bug Detection for Database Management Systems: Complex-Query Generation and Oracle Construction
Speaker: Zu-Ming Jiang
ETH Zurich
Title: "Effective Bug Detection for Database Management Systems:
Complex-Query Generation and Oracle Construction"
Date: Monday, 7 August 2023
Time: 4:00pm - 5:00pm
venue: Room 2463 (via lift 25/26), HKUST
Abstract:
Database management systems (DBMSs) are essential components of modern
software. Data-intensive applications rely on DBMSs to correctly and
efficiently store and fetch manipulated data. Important DBMS features,
like transactions, have been applied in many critical applications. To
ensure the security and reliability of DBMSs, some approaches are proposed
to find bugs in DBMSs. They generate SQL queries, feed these queries to
DBMSs, and check if these queries trigger unexpected behaviors (e.g.,
crash) of DBMSs. Several approaches construct oracles to demonstrate
whether the results of these queries are correct. However, existing
approaches are unable to generate complex queries (e.g., multiple
statements with complex SQL structures and features), and thus miss deep
bugs in DBMSs. Moreover, the oracle constructed by existing approaches
cannot be applied when the test queries are complex.
In this talk, I will introduce our recent research on addressing the above
challenges in database testing: 1) we proposed a stateful fuzzing
approach, which could generate complex and valid SQL queries by
dynamically interacting with the tested DBMS and utilizing DBMS state
information (e.g., DB schema); 2) we proposed a novel approach to detect
transactional bugs in DBMSs by constructing general oracles check the
correctness of transactions with complex SQL statements.
********************
Biography:
Zu-Ming Jiang (https://jzuming.github.io/) is a Ph.D. student at ETH
Zurich, advised by Prof. Zhendong Su. He obtained his Bachelor degree in
College of Electronic Engineering, Zhejiang University, in 2018, Master
degree in Department of Computer Science and Technology, Tsinghua
University, in 2021. He has designed several approaches and tools for
improving the security and reliability of system software and has found
hundreds of bugs there. Currently he is interested in database systems and
designing effective approaches for detecting various database bugs.
Facebook
LinkedIn
Instagram
YouTube
Contact Us