DeepAI
Log In Sign Up

Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing

03/01/2021
by   Mingzhe Wang, et al.
0

As an infrastructure for data persistence and analysis, Database Management Systems (DBMSs) are the cornerstones of modern enterprise software. To improve their correctness, the industry has been applying blackbox fuzzing for decades. Recently, the research community achieved impressive fuzzing gains using coverage guidance. However, due to the complexity and distributed nature of enterprise-level DBMSs, seldom are these researches applied to the industry. In this paper, we apply coverage-guided fuzzing to enterprise-level DBMSs from Huawei and Bloomberg LP. In our practice of testing GaussDB and Comdb2, we found major challenges in all three testing stages. The challenges are collecting precise coverage, optimizing fuzzing performance, and analyzing root causes. In search of a general method to overcome these challenges, we propose Ratel, a coverage-guided fuzzer for enterprise-level DBMSs. With its industry-oriented design, Ratel improves the feedback precision, enhances the robustness of input generation, and performs an on-line investigation on the root cause of bugs. As a result, Ratel outperformed other fuzzers in terms of coverage and bugs. Compared to industrial black box fuzzers SQLsmith and SQLancer, as well as coverage-guided academic fuzzer Squirrel, Ratel covered 38.38 fuzzers in GaussDB, PostgreSQL, and Comdb2, respectively. More importantly, Ratel has discovered 32, 42, and 5 unknown bugs in GaussDB, Comdb2, and PostgreSQL.

READ FULL TEXT
12/31/2021

REST API Fuzzing by Coverage Level Guided Blackbox Testing

With the growth of web applications, REST APIs have become the primary c...
09/26/2021

Defect Prediction Guided Search-Based Software Testing

Today, most automated test generators, such as search-based software tes...
11/04/2021

Nyx-Net: Network Fuzzing with Incremental Snapshots

Coverage-guided fuzz testing ("fuzzing") has become mainstream and we ha...
04/29/2020

Efficient Binary-Level Coverage Analysis

Coverage analysis plays an important role in the software testing proces...
12/07/2022

Increasing System Test Coverage in Production Automation Systems

An approach is introduced, which supports a testing technician in the id...
08/08/2022

Fuzzing Microservices In Industry: Experience of Applying EvoMaster at Meituan

With several microservice architectures comprising of thousands of web s...