Bugs found in Database Management Systems
Postdoctoral researcher Manuel Rigger, advised by professor Zhendong Su, has created a tool SQLancer, that is able to automatically test Database Management Systems (DBMS) in order to find logic bugs in their implementation (bugs that cause the DBMS to fetch an incorrect result set). SQLancer has found over 400 bugs in databases including SQLite, MySQL, PostgreSQL, MariaDB, CockroachDB, and others. The bug-finding approaches implemented in SQLancer are described in three papers listed on this page.
Resmack: Grammar Fuzzing Thoughts - Part 1
Thoughts by James Johnson on resmack, the Rust-based grammar fuzzer he’s building.
resmack includes dynamic rules, where one rule can reference
another, local, named rule to generate a valid checksum. The post also
references the Rust grammar fuzzer
fzero by Brandon
Falk, which was in tl;dr sec #15.
CrashMonkey & Ace Systematically Testing File System Crash Consistency
Heisenbug 2019 talk by Jayashree Mohan:
We present a new approach to testing file-system crash consistency: bounded black-box crash testing (B3). B3 tests the file system in a black-box manner using workloads of file-system operations. Since the space of possible workloads is infinite, B3 bounds this space based on parameters such as the number of file-system operations or which operations to include, and exhaustively generates workloads within this bounded space. Each workload is tested on the target file system by simulating power-loss crashes while the workload is being executed and checking automatically if the file system recovers to a correct state after each crash.
CrashMonkey revealed 10 new crash-consistency bugs in widely-used, mature Linux file systems, seven of which existed in the kernel since 2014. It also revealed a data loss bug in a verified file system, FSCQ.
Fuzzing as a Service Companies
FuzzLabs - https://www.linkedin.com/posts/activity-6627914989107720192–5I5/