Sedar: Obtaining High-Quality Seeds for DBMS Fuzzing via Cross-DBMS SQL Transfer
Effective DBMS fuzzing relies on high-quality initial seeds, which serve as the starting point for mutation. These initial seeds should incorporate various DBMS features to explore the state space thoroughly. While built-in test cases are typically used as initial seeds, many DBMSs lack comprehensive test cases, making it difficult to apply state-of-the-art fuzzing techniques directly.
To address this, we propose Sedar which produces initial seeds for a target DBMS by transferring test cases from other DBMSs. The underlying insight is that many DBMSs share similar functionalities, allowing seeds that cover deep execution paths in one DBMS to be adapted for other DBMSs. The challenge lies in converting these seeds to a format supported by the grammar of the target database. Sedar follows a three-step process to generate seeds. First, it executes existing SQL test cases within the DBMS they were designed for and captures the schema information during execution. Second, it utilizes large language models (LLMs) along with the captured schema information to guide the generation of new test cases based on the responses from the LLM. Lastly, to ensure that the test cases can be properly parsed and mutated by fuzzers, Sedar temporarily comments out unparsable sections for the fuzzers and uncomments them after mutation. We integrate Sedar into the DBMS fuzzers Squirrel and Griffin, targeting DBMSs such as Virtuoso, MonetDB, DuckDB, and ClickHouse. Evaluation results demonstrate significant improvements in both fuzzers. Specifically, compared to Squirrel and Griffin with non-transferred seeds, Sedar enhances code coverage by 72.46%-214.84% and 21.40%-194.46%; compared to Squirrel and Griffin with native test cases of these DBMSs as initial seeds, incorporating the transferred seeds of Sedar results in an improvement in code coverage by 4.90%-16.20% and 9.73%-28.41%. Moreover, Sedar discovers 70 new vulnerabilities, with 60 out of them being uniquely found by Sedar with transferred seeds, and 19 of them have been assigned with CVEs.
Fri 19 AprDisplayed time zone: Lisbon change
14:00 - 15:30 | Testing: various bug types 3Research Track / Demonstrations / Software Engineering Education and Training at Fernando Pessoa Chair(s): Fernando Brito e Abreu ISCTE-IUL | ||
14:00 15mTalk | Testing Graph Database Systems via Equivalent Query Rewriting Research Track Qiuyang Mang The Chinese University of Hong Kong, Shenzhen, Aoyang Fang Chinese University of Hong Kong, Shenzhen, BoXi Yu The Chinese University of Hong Kong, Shenzhen, Hanfei Chen The Chinese University of Hong Kong, Shenzhen, Pinjia He Chinese University of Hong Kong, Shenzhen | ||
14:15 15mTalk | ROSInfer: Statically Inferring Behavioral Component Models for ROS-based Robotics Systems Research Track Tobias Dürschmid Carnegie Mellon University, USA, Christopher Steven Timperley Carnegie Mellon University, David Garlan Carnegie Mellon University, Claire Le Goues Carnegie Mellon University DOI | ||
14:30 15mTalk | Finding XPath Bugs in XML Document Processors via Differential Testing Research Track Shuxin Li Southern University of Science and Technology, Manuel Rigger National University of Singapore | ||
14:45 15mTalk | Sedar: Obtaining High-Quality Seeds for DBMS Fuzzing via Cross-DBMS SQL Transfer Research Track Jingzhou Fu School of Software, Tsinghua University, Jie Liang , Zhiyong Wu Tsinghua University, China, Yu Jiang Tsinghua University | ||
15:00 15mTalk | Automatically Detecting Reflow Accessibility Issues in Responsive Web Pages Research Track Paul T. Chiou University of Southern California, Robert Winn University of Southern California, Ali S. Alotaibi University of Southern California, William G.J. Halfond University of Southern California Media Attached | ||
15:15 7mTalk | Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist Demonstrations Sajad Khatiri USI-Lugnao & Zurich University of Applied Sciences, Sebastiano Panichella Zurich University of Applied Sciences, Paolo Tonella USI Lugano DOI Pre-print | ||
15:22 7mTalk | eFish'nSea: Unity Game Set for Learning Software Performance Issues Root Causes and Resolutions Software Engineering Education and Training Andrew Quinlan Stevens Institute of Technology, Ryan Mercadante Stevens Institute of Technology, Vincent Tufo Stevens Institute of Technology, Jonathan Morrone Stevens Institute of Technology, Lu Xiao Stevens Institute of Technology | ||