收稿日期: 2023-06-29
网络出版日期: 2023-09-20
基金资助
国家自然科学基金(62072179); 基础软硬件性能与可靠性测评工业和信息化部重点实验室开放课题;面向OLTP数据库的功能测试合作项目
Generating diverse database isolation level test cases with fuzzy testing
Received date: 2023-06-29
Online published: 2023-09-20
在现代信息系统中, 数据库管理系统扮演着至关重要的角色. 隔离级别测试对数据库管理系统而言具有重要意义, 它确保并发操作的隔离性和数据的一致性, 从而防止数据损坏和安全风险的发生, 并为用户提供可靠的数据访问保障. 模糊测试是一种广泛应用于软件和系统测试的方法, 通过搜索测试空间并生成多样化的测试案例, 探索系统的边界条件、异常情况和潜在问题, 以发现可能的漏洞. 本文介绍了针对数据库隔离级别进行模糊测试的工具SilverBlade, 旨在提升生成测试案例的多样性, 深入探索隔离级别测试空间. 为了有效搜索庞大的测试空间, 设计了结构化的测试输入结构, 将测试空间拆分成并发事务组合和并发事务执行交互模式两个子空间进行搜索. 为了更全面地测试隔离级别核心实现测试空间, 还设计了基于深度和广度的自适应搜索方式, 用于有效变异测试案例. 实验结果表明, SilverBlade能够生成多样性的测试案例, 并能够在流行的数据库管理系统PostgreSQL中更广泛地覆盖数据库隔离级别核心实现代码. 与对比工具相比, SilverBlade在提高隔离级别关键区域的测试覆盖率方面表现更佳.
卢皙钰, 刘维, 翁思扬, 李可强, 张蓉. 基于模糊测试生成多样化的数据库隔离级别测试案例[J]. 华东师范大学学报(自然科学版), 2023, 2023(5): 51-64. DOI: 10.3969/j.issn.1000-5641.2023.05.005
Database management systems play a vital role in modern information systems. Isolation level testing is important for database management systems to ensure the isolation of concurrent operations and data consistency to prevent data corruption, inconsistency and security risks, and to provide reliable data access to users. Fuzzy testing is a method widely used in software and system testing. By searching the test space and generating diverse test cases, it explores the boundary conditions, anomalies and potential problems of the system to find possible vulnerabilities. This article introduces SilverBlade, a tool for fuzzy testing of database isolation levels, that aims to improve the diversity of generated test cases and explore the isolation level test space in depth-wise. To effectively search the huge test space, this study designed a structured test input that splits the test space into two subspaces of concurrent transaction combination and execution interaction modes for searching. To test the isolation-level core implementation test space more comprehensively, an adaptive search method based on depth and breadth was also designed for effective mutation test cases. The experimental results show that SilverBlade is able to generate diverse test cases and provide broader coverage of the core implementation code of the database isolation level in the popular database management system PostgreSQL. Compared to similar tools, SilverBlade performed better at improving test coverage in critical areas of the isolation level.
| 1 | SILBERSCHATZ A, KORTH H F, SUDARSHAN S. Database System Concepts [M]. 6th ed. New York: McGraw-Hill Education, 2010. |
| 2 | BERENSON H, BERNSTEIN P, GRAY J, et al.. A critique of ANSI SQL isolation levels. ACM SIGMOD Record, 1995, 24 (2): 1- 10. |
| 3 | GRAY J, REUTER A. Transaction Processing: Concepts and Techniques [M]. London: Elsevier, 1992. |
| 4 | WU Y, ARULRAJ J, LIN J, et al.. An empirical evaluation of in-memory multi-version concurrency control. Proceedings of the VLDB Endowment, 2017, 10 (7): 781- 792. |
| 5 | BERNSTEIN P A, HADZILACOS V, GOODMAN N. Concurrency Control and Recovery in Database Systems [M]. Boston: Addison-Wesley, 1987. |
| 6 | 李海翔. 数据库事务处理的艺术: 事务管理与并发控制 [M]. 北京: 机械工业出版社, 2017. |
| 7 | BEIZER B. Black-box Testing: Techniques for Functional Testing of Software and Systems [M]. Hoboken: Wiley, 1995. |
| 8 | ZHU H, HALL P A V, MAY J H R.. Software unit test coverage and adequacy. ACM Computing Surveys, 1997, 29 (4): 366- 427. |
| 9 | ZHU X, WEN S, CAMTEPE S, et al.. Fuzzing: A survey for roadmap. ACM Computing Surveys, 2022, 54 (11s): 230. |
| 10 | GODEFROID P.. Fuzzing: Hack, art, and science. Communications of the ACM, 2020, 63 (2): 70- 76. |
| 11 | LIANG H, PEI X, JIA X, et al.. Fuzzing: State of the art. IEEE Transactions on Reliability, 2018, 67 (3): 1199- 1218. |
| 12 | MANèS V J M, HAN H S, HAN C, et al.. The art, science, and engineering of fuzzing: A survey. IEEE Transactions on Software Engineering, 2019, 47 (11): 2312- 2331. |
| 13 | ZHANG Y, ZHANG J, ZHANG D, et al. Survey of directed fuzzy technology [C]// Proceedings of the 2018 IEEE 9th International Conference on Software Engineering and Service Science. 2018: 696-699. |
| 14 | LI J, ZHAO B, ZHANG C.. Fuzzing: A survey. Cybersecurity, 2018, (1): 6. |
| 15 | ZHONG R, CHEN Y, HU H, et al. Squirrel: Testing database management systems with language validity and coverage feedback [C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020: 955-970. |
| 16 | WANG M, WU Z, XU X, et al. Industry practice of coverage-guided enterprise-level DBMS fuzzing [C]// Proceedings of the 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice. 2021: 328-337. |
| 17 | LIANG Y, LIU S, HU H. Detecting logical bugs of DBMS with coverage-based guidance [C]// Proceedings of the 31st USENIX Security Symposium. 2022: 4309-4326. |
| 18 | SLUTZ D R. Massive stochastic testing of SQL [C]// Proceedings of the 24th International Conference on Very Large Data Bases. 1998: 618-622. |
| 19 | ANDREAS S. SQLSmith [EB/OL]. (2022-03-03)[2023-05-15].https://github.com/anse1/sqlsmith. |
| 20 | RIGGER M, SU Z. Testing database engines via pivoted query synthesis [C]// Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation. 2020: 667-682. |
| 21 | PORTS D R K, GRITTNER K.. Serializable snapshot isolation in postgreSQL. Proceedings of the VLDB Endowment, 2012, 5 (12): 1850- 1861. |
| 22 | 彭智勇, 彭煜玮. PostgreSQL数据库内核分析 [M]. 北京: 机械工业出版社, 2012. |
| 23 | 张树杰. PostgreSQL技术内幕: 事务处理深度探索 [M]. 北京: 电子工业出版社, 2021. |
| 24 | CORDELLA L P, FOGGIA P, SANSONE C, et al.. A (sub)graph isomorphism algorithm for matching large graphs. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2004, 26 (10): 1367- 1372. |
| 25 | ULLMANN J R.. An algorithm for subgraph isomorphism. Journal of the ACM, 1976, 23 (1): 31- 42. |
/
| 〈 |
|
〉 |
中国综合性科技类核心期刊(北大核心)