testing database management systems via pivoted query
play

Testing Database Management Systems via Pivoted Query Synthesis - PowerPoint PPT Presentation

Testing Database Management Systems via Pivoted Query Synthesis Manuel Rigger Oct 18., 2019 Workshop on Dependable and Secure Software Systems 2019 @RiggerManuel @ast_eth Database Management Systems PostgreSQL 2 Database Management Systems


  1. Intuition • Simpler conceptually and implementation-wise • Same effectiveness as checking all rows • Precise oracle for a single row 43

  2. Approach

  3. Database Generation Randomly Generate Database 45

  4. Database Generation Randomly To explore “ all possible database states ” Generate we randomly create databases Database 46

  5. Pivot Row Selection Randomly Select Generate Pivot Row Database 47

  6. Query Generation Generate Randomly Select Query for the Generate Pivot Row Pivot Row Database SELECT picture, description FROM animal_pictures WHERE animal = 'Cat' AND description LIKE '%cute%' animal description picture Cat plants Cat (cute!) 48

  7. Verifying the Result Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database result set SELECT picture, description FROM animal_pictures DBMS WHERE animal = 'Cat' AND description LIKE '%cute%' pivot row 49

  8. Verifying the Result Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database result set SELECT picture, description FROM animal_pictures DBMS WHERE animal = 'Cat' AND description LIKE '%cute%' pivot row ✓ pivot row ∈ result set 50

  9. Verifying the Result Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database result set SELECT picture, description FROM animal_pictures DBMS WHERE animal = 'Cat' AND description LIKE '%cute%' pivot row 51

  10. Verifying the Result Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database result set SELECT picture, description FROM animal_pictures DBMS WHERE animal = 'Cat' AND description LIKE '%cute%' pivot row  pivot row ∉ result set 52

  11. Verifying the Result Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database  pivot row ∉ result set The “ containment oracle ” is PQS’ primary oracle 53

  12. Approach Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database 54

  13. Approach Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database 55

  14. Approach Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database 56

  15. Approach How do we generate this query? Generate Verify that Randomly Select Query for the the Pivot Row Generate Pivot Row Pivot Row is contained Database 57

  16. How do we Generate Queries? SELECT picture, description FROM animal_pictures WHERE Generate an expression that yields TRUE for the pivot row 58

  17. How do we Generate Queries? Modify Use in Randomly Evaluate expression to WHERE Generate Expression on yield TRUE clause Expression Pivot Row 59

  18. Random Expression Generation animal_pictures animal description picture We first generate a random expression https://www.sqlite.org/syntax/expr.html 60

  19. Random Expression Generation animal = 'Cat' AND description LIKE '%cute%' AND = LIKE descrip 'Cat' animal '%cute%' tion 61

  20. Random Expression Generation animal = 'Cat' AND description LIKE '%cute%' AND Evaluate the tree based on the pivot row = LIKE descrip 'Cat' animal '%cute%' tion 62

  21. Random Expression Evaluation Constant nodes return their assigned literal AND values = LIKE 'Cat' '%cute%' descrip 'Cat' animal '%cute%' tion 63

  22. Random Expression Evaluation Column references return the values from the pivot row AND 'Cat = LIKE plants (cute!)' 'Cat' 'Cat' '%cute%' descrip 'Cat' animal '%cute%' tion 64

  23. Random Expression Evaluation Compound nodes compute their result AND based on their children TRUE TRUE 'Cat = LIKE plants (cute!)' 'Cat' 'Cat' '%cute%' descrip 'Cat' animal '%cute%' tion 65

  24. Random Expression Evaluation TRUE AND TRUE TRUE 'Cat = LIKE plants (cute!)' 'Cat' 'Cat' '%cute%' descrip 'Cat' animal '%cute%' tion 66

  25. Query Synthesis SELECT picture, description FROM animal_pictures WHERE animal = 'Cat' AND description LIKE '%cute%' 67

  26. Random Expression Evaluation TRUE What about when the expression does not evaluate to TRUE ? AND TRUE TRUE 'Cat = LIKE plants (cute!)' 'Cat' 'Cat' '%cute%' descrip 'Cat' animal '%cute%' tion 68

  27. Random Expression Evaluation What about when the expression FALSE does not evaluate to TRUE ? animal = 'Dog' = 'Dog' 'Cat' 'Dog' animal 69

  28. Random Expression Rectification switch (result) { case TRUE: result = randexpr; case FALSE: result = NOT randexpr; case NULL: result = randexpr ISNULL; } 70

  29. Random Expression Rectification switch (result) { case TRUE: FALSE result = randexpr; animal = 'Dog' case FALSE: result = NOT randexpr; case NULL: result = randexpr ISNULL; } 71

  30. Random Expression Rectification switch (result) { case TRUE: TRUE result = randexpr; NOT(animal = 'Dog') case FALSE: result = NOT randexpr; case NULL: result = randexpr ISNULL; } 72

  31. How do we Generate Queries? SELECT picture, description FROM animal_pictures WHERE NOT(animal = 'Dog') 73

  32. Evaluation

  33. Tested DBMS PostgreSQL 75

  34. Tested DBMS PostgreSQL We tested these (and other DBMS) in a period of 3-4 months 76

  35. DBMS 77

  36. DBMS 78

  37. DBMS 79

  38. Bugs Overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 14 85 80

  39. Bugs Overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 14 85 99 real bugs : addressed by code or documentation fixes, or verified as bugs 81

  40. Bugs Overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 14 85 The SQLite developers quickly responded to all our bug reports → we focused on this DBMS 82

  41. Bugs Overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 14 85 All MySQL bug reports were verified quickly 83

  42. Bugs Overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 14 85 MySQL’s trunk is not available , and it has a long release cycle 84

  43. Bugs Overview Real Bugs DBMS Fixed Verified SQLite 65 0 MySQL 15 10 PostgreSQL 5 4 Sum 14 85 We found the fewest bugs in PostgreSQL and not all could be easily addressed 85

  44. Oracles Real Bugs DBMS Containment Error SEGFAULT SQLite 46 17 2 MySQL 14 10 1 PostgreSQL 1 7 1 Sum 61 34 4 86

  45. Oracles Real Bugs Containment Oracle DBMS Containment Error SEGFAULT SQLite 46 17 2 MySQL 14 10 1 PostgreSQL 1 7 1 Sum 61 34 4 Our Containment oracle allowed us to detect most errors 87

  46. Result: Bug in SQLite3 Real Bugs Containment CREATE TABLE t0(c1 TEXT PRIMARY KEY) WITHOUT ROWID; Oracle CREATE INDEX i0 ON t0(c1 COLLATE NOCASE); INSERT INTO t0(c1) VALUES ('A'); INSERT INTO t0(c1) VALUES ('a'); 88

  47. Result: Bug in SQLite3 Real Bugs Containment CREATE TABLE t0(c1 TEXT PRIMARY KEY) WITHOUT ROWID; Oracle CREATE INDEX i0 ON t0(c1 COLLATE NOCASE); INSERT INTO t0(c1) VALUES ('A'); INSERT INTO t0(c1) VALUES ('a'); An index is an auxiliary data structure that should not affect the query’s result 89

  48. Result: Bug in SQLite3 Real Bugs Containment CREATE TABLE t0(c1 TEXT PRIMARY KEY) WITHOUT ROWID; Oracle CREATE INDEX i0 ON t0(c1 COLLATE NOCASE); c1 INSERT INTO t0(c1) VALUES ('A'); INSERT INTO t0(c1) VALUES ('a'); 'A' 'a' 90

  49. Result: Bug in SQLite3 Real Bugs Containment CREATE TABLE t0(c1 TEXT PRIMARY KEY) WITHOUT ROWID; Oracle CREATE INDEX i0 ON t0(c1 COLLATE NOCASE); c1 INSERT INTO t0(c1) VALUES ('A'); INSERT INTO t0(c1) VALUES ('a'); 'A' 'a' c1 SELECT * FROM t0; 'A' 91

  50. Result: Bug in SQLite3 Real Bugs Containment CREATE TABLE t0(c1 TEXT PRIMARY KEY) WITHOUT ROWID; Oracle CREATE INDEX i0 ON t0(c1 COLLATE NOCASE); c1 INSERT INTO t0(c1) VALUES ('A'); INSERT INTO t0(c1) VALUES ('a'); 'A' 'a' c1 'A'  SELECT * FROM t0; SQLite failed to fetch 'a' ! 92

  51. Result: Bug in PostgreSQL Real Bugs t0 CREATE TABLE t0(c0 INT PRIMARY KEY, c1 INT); c0 c1 CREATE TABLE t1(c0 INT) INHERITS (t0); Containment Oracle t1 c0 c1 93

  52. Result: Bug in PostgreSQL Real Bugs t0 CREATE TABLE t0(c0 INT PRIMARY KEY, c1 INT); c0 c1 CREATE TABLE t1(c0 INT) INHERITS (t0); Containment Oracle INSERT INTO t0(c0, c1) VALUES(0, 0); 0 0 t1 c0 c1 94

  53. Result: Bug in PostgreSQL Real Bugs t0 CREATE TABLE t0(c0 INT PRIMARY KEY, c1 INT); c0 c1 CREATE TABLE t1(c0 INT) INHERITS (t0); Containment Oracle INSERT INTO t0(c0, c1) VALUES(0, 0); 0 0 INSERT INTO t1(c0, c1) VALUES(0, 1); 0 1 t1 c0 c1 0 1 95

  54. Result: Bug in PostgreSQL Real Bugs t0 CREATE TABLE t0(c0 INT PRIMARY KEY, c1 INT); c0 c1 CREATE TABLE t1(c0 INT) INHERITS (t0); Containment Oracle INSERT INTO t0(c0, c1) VALUES(0, 0); 0 0 INSERT INTO t1(c0, c1) VALUES(0, 1); 0 1 t1 The inheritance relationship c0 c1 causes the row to be inserted 0 1 both in t0 and t1 96

  55. Result: Bug in PostgreSQL Real Bugs t0 CREATE TABLE t0(c0 INT PRIMARY KEY, c1 INT); c0 c1 CREATE TABLE t1(c0 INT) INHERITS (t0); Containment Oracle INSERT INTO t0(c0, c1) VALUES(0, 0); 0 0 INSERT INTO t1(c0, c1) VALUES(0, 1); 0 1 t1 c0 c1 c0 c1 SELECT c0, c1 FROM t0 0 1 GROUP BY c0, c1; 0 0 97

  56. Result: Bug in PostgreSQL Real Bugs t0 CREATE TABLE t0(c0 INT PRIMARY KEY, c1 INT); c0 c1 CREATE TABLE t1(c0 INT) INHERITS (t0); Containment Oracle INSERT INTO t0(c0, c1) VALUES(0, 0); 0 0 INSERT INTO t1(c0, c1) VALUES(0, 1); 0 1 t1 c0 c1 c0 c1 SELECT c0, c1 FROM t0 0 1 GROUP BY c0, c1; 0 0  PostgreSQL failed to fetch the row 0 | 1 98

  57. Result: Bug in MySQL Real Bugs t0 CREATE TABLE t0(c0 TINYINT); Containment c0 INSERT INTO t0(c0) VALUES(NULL); Oracle NULL 99

  58. Result: Bug in MySQL Real Bugs t0 CREATE TABLE t0(c0 TINYINT); Containment c0 INSERT INTO t0(c0) VALUES(NULL); Oracle NULL SELECT * FROM t0 WHERE c0 NOT(t0.c0 <=> 2035382037); FALSE 100

Recommend


More recommend