Detecting Logical Bugs of DBMS with Coverage-based Guidance
Detecting Logical Bugs of DBMS with Coverage-based GuidanceBasic Information:
Title: Detecting Logical Bugs of DBMS with Coverage-based Guidance (使用基于覆盖率的引导检测DBMS的逻辑错误)
Authors: Yu Liang, Song Liu, Hong Hu
Affiliation: Pennsylvania State University (宾夕法尼亚州立大学)
Keywords: DBMS, logical bugs, coverage-based guidance, validity-oriented mutations, oracles (DBMS, 逻辑错误, 基于覆盖率的引导, 有效性导向的变异, 神谕)
URLs: Paper, GitHub Code
论文简要 :结构脉络大概如下:
引言:介绍了数据库管理系统(DBMS)的重要性和逻辑错误的危害,回顾了现有的检测逻辑错误的技术,如Oracle和覆盖率引导的模糊测试, ...
Squirrel Testing Database Management Systems withLanguage Validity and Coverage Feedback--对于DBMS的模糊测试技术介绍
Squirrel Testing Database Management Systems withLanguage Validity and Coverage Feedback——对于DBMS的模糊测试技术介绍数据库管理系统(DataBase Management System)与其他的大型复杂系统一样,存在着许多漏洞。 其 中的内存错误漏洞往往可能导致远程代码执行、数据泄露、拒绝服务攻击等。 由于数据库管理系统的重要性,这些攻击的影响往往十分重大。 本文将基于 Squirrel [1] 这篇文章,来介绍对于 DBMS 的模糊测试技术。 简单来说,对于 DBMS 的模糊测试的目标是找到一些 SQL 语句,将其输入到 DBMS 后会触发 DBMS 的异常行为(一般是崩溃)。
DBMS 在接收到一条 SQL 查询语句的时候,会依次进行词法分析、语法分析(上图中的 parse)、语义检查(validation)、语句优化和执行(optimization & execution)等流程。在词法分析阶段,DBMS 会识别 SQL 语句中的关键字、标识符等记号(token),然后在语法分 ...
LearnedSQLGen Constraint-aware SQL Generation using Reinforcement Learning
d9eba399523fe401e434f6396d459a7a735596707e1aa1664e34b3a934e193fbdb80fe50c533135c8471d55cad6aeab7aef889d3fefe218831e4e18066cde6fe1a75acb0b094125da698085a699febe1312d7c3b222b1cb6c6888ee829afc95d345381a1b586e0fec5fe281cb3b4009b8a0b36491d562836cb685e74fa465909a30d2f0ebfc7339aee1a69d1ea8fd9329786a3ed9bb96e181f7c32275a194a44404bfaa730c1037db70c890d8ae2bead988b8ab5bc68e853c762b0f4b77cad2c1f0abb0333e4928ae6f5e99883bcc3911e6ec6ddd3ddc023807804a9c6c5c82b73738e9cce0ca89cd53b60dbc5d1cd8640ab2d5802333d72b ...
Griffin Grammar-Free DBMS Fuzzing
d9eba399523fe401e434f6396d459a7a735596707e1aa1664e34b3a934e193fbbd6672ef6ed3ed3b4ddca8da199d3b98403bef08ebb0d61b685b5c38bdefe235994cab24950e6b5a2e1d2ecdaaf2acabcde6ff579c3039373d9d3bc655b6f61a2b9d960af96987db3b186a48ccc9f5c9065551094a2657e96912501308b113d4e4846b9409b6df4884556e9ddc36e660f8b86128cb0115c2dc587f938690b914f41febbf27c8cf4569332d88209f05dd171aa54e29d9a99a6b1ddcb6e10ddb06738c0d83bdab9b1288857fd93f7f040bb37b8e39fc2edaae771344bec2cbec4dab38c74601ed1a6a1e7d85161decb97122d31b13517f24998 ...
sql的编译与执行
d9eba399523fe401e434f6396d459a7a735596707e1aa1664e34b3a934e193fb331f6fbc8d7dd5c13c1fa801309fb4c0c03e1997e68ac22d094f9308c8dbf5e02ca2bbed5ebb211b8e0c5ca395eacfb86148afa6113344df01613d8664e37a8c3412a7e34fa53f734b4a21fac84b91d16d20a26d963e61a1cc11403155a14f5f540373107164dc91cb49e18ca56315a402758cd38d23c00fc14352e2c31893fe50cf645c4c0a1f078969929f95318ffcc04f7c9c4ee8487485047c859ed007d83fe05efea5e3a74d0a79275f69953477ccecec667c7a9cfb51bb23f599d8d9d1a2535ffb0f480e73f2f90981fddad83bd53ba245b3019317f ...
Finding Bugs in Database Systems via Query Partitioning
d9eba399523fe401e434f6396d459a7a735596707e1aa1664e34b3a934e193fbaf0085457712f06480285597e6b43164eb1f00259e920ffd45d1d7c588a6d4fab198ce0e4f99e4be2f775dcb0a40f5bbf2fa9aaa43719512b16037b2e477f684d4453dbb07b5bf455b4d319b41ea047f6676119f143270b75ee1ac3fa8329908008b226bd55a1091e65339d962844885ee4e7545f2273c9320d7601a8f365ef27a52a639a59b2e08ea26d1e36734e01ba83a4df7018e958c91854813f71393bac650a13b4bb45409568da64864479e862aeb8ffada4cd5b22417e49a3710ef2cd2212af739fa3920176cc9653ec35360919727d362497f389 ...
go-randgen使用
d9eba399523fe401e434f6396d459a7ac85bda134c4f41e6609feedbaf3c389fba46348d3ec296564d45b41eb8f0f11f76281198117168dad455214834306f91057278d85e67b247c16bc00fcaf92d6907c85f5b7d1150b613f03e250f3f3bbe5da3de5d9bd27783cc204a8283a66306d7c1eb7720eeea02c6032c36f7c02fbee4295155829b4ddb25a633b5e9316c9e317cd2e27d692e6e4e6d9de024517bc82f3705300613bff06860455cc89daab39f1b1d93b4a17c9f8bc76aaf1657c7ad3809e3db5aa6a9e18875a3e259c10fe735436a9d52aecc7104e352f85f12c5f113037a8e2e7a5aec5d27d485405551d3f00c934548455b9a6 ...
Detecting Optimization Bugs in Database Engines via Non-optimizing Reference Engine Construction
d9eba399523fe401e434f6396d459a7a735596707e1aa1664e34b3a934e193fb4ea225a4dc41580578bc12f87c828cb2246bd9cca6590a37f1f88613b45d5c7167f7c9c29df72ca94cd8806365f8ba8852f1def21df7f996e5752a7eb8ca2f70c50d99c1cd4569a43bf564cdabc105858925e98c0e954b73d15fb2f1a67f1bba2faa891b4a20cd13e831ec0ca4d32f59e460bacdd1a2daf3dfa512e1b8fee05a78957ab103cea692254e9a2ca555611f811b7f90aa898dd4c724c33bf234dd81d1c84e3fd28185df5a9ea1b78a1e5d78a46c9b714c3e8a4213e3cf2549508a0d1c95490df87a1a7b16947aedff6c95bf601661426fbcc92fc ...
什么是蜕变测试?
d9eba399523fe401e434f6396d459a7a4042f655514913c6a30e3fd1bd8964f269e4c8ef0fe509163d212e329c048b32c360d0b6199dd548ba7daaaa6742c566d465e4713ad8fa11a4a386b6cd93e542815dbe2642428a49d761e3211a39b7b299d53b8ab3d42543d8c141490c61a97a1279b80a40ddb53629ac3b4d1db663733bb13bd0f480a5fb6011cc5ddfdbc291760e9ade2e27ccd9e0cf776abb0064d75df8e6e161daf955ed5e764f34bc32d10cbb68549d0d75245add31fa5245f4b4a193eede220fcd16f7e32c9fefa2bfcc6b4e612f84e6f7cd6ba20a865808a3410fe3a3ef37da0bbb2cb40317cd4958e6687d2f314660bc05c ...
Testing database engines via pivoted query synthesis
d9eba399523fe401e434f6396d459a7a735596707e1aa1664e34b3a934e193fb3f1d6e29cca274d794e7a69e12aa53bac65a82f328a60b1ed2c2eee212fd50fd8d5994185a23625f28de1d8f7fcefa80f5ec6936fc8dda80ae00af6da28f4d87646c4aa7c77a92b1fe14717f0568742bbf023baa08bf16ac595f4919b5db626f189caca334ea3ceb33aff99687a2c83f112a4860e78ec278509db72abe85ff4a07fbc4fdcb5cca9e7e52737100572f070c86ed730de7cfdb0ed7ece812145de7c8d96e580affadb53e110c0a09978850d3b4788bac80a233948b20a956ff37299d8379632f57e438c63f23bd6f8353bdc3dbc6317731eb296 ...