Industry Practice of Coverage-Guided Enterprise-Level DBMS Fuzzing

by   Mingzhe Wang, et al.

As an infrastructure for data persistence and analysis, Database Management Systems (DBMSs) are the cornerstones of modern enterprise software. To improve their correctness, the industry has been applying blackbox fuzzing for decades. Recently, the research community achieved impressive fuzzing gains using coverage guidance. However, due to the complexity and distributed nature of enterprise-level DBMSs, seldom are these researches applied to the industry. In this paper, we apply coverage-guided fuzzing to enterprise-level DBMSs from Huawei and Bloomberg LP. In our practice of testing GaussDB and Comdb2, we found major challenges in all three testing stages. The challenges are collecting precise coverage, optimizing fuzzing performance, and analyzing root causes. In search of a general method to overcome these challenges, we propose Ratel, a coverage-guided fuzzer for enterprise-level DBMSs. With its industry-oriented design, Ratel improves the feedback precision, enhances the robustness of input generation, and performs an on-line investigation on the root cause of bugs. As a result, Ratel outperformed other fuzzers in terms of coverage and bugs. Compared to industrial black box fuzzers SQLsmith and SQLancer, as well as coverage-guided academic fuzzer Squirrel, Ratel covered 38.38 fuzzers in GaussDB, PostgreSQL, and Comdb2, respectively. More importantly, Ratel has discovered 32, 42, and 5 unknown bugs in GaussDB, Comdb2, and PostgreSQL.



There are no comments yet.


page 1


REST API Fuzzing by Coverage Level Guided Blackbox Testing

With the growth of web applications, REST APIs have become the primary c...

Efficient Binary-Level Coverage Analysis

Coverage analysis plays an important role in the software testing proces...

Nyx-Net: Network Fuzzing with Incremental Snapshots

Coverage-guided fuzz testing ("fuzzing") has become mainstream and we ha...

RERS-Fuzz : Combining Greybox Fuzzing with Interval Analysis for error reachability in reactive softwares

Fuzz Testing is a well-studied area in the field of Software Maintenance...

Feature Engineering for Scalable Application-Level Post-Silicon Debugging

We present systematic and efficient solutions for both observability enh...

TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities

The increasing complexity of modern processors poses many challenges to ...

SoK: The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing

Greybox fuzzing has been the most scalable and practical approach to sof...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.