go-sqlancer icon indicating copy to clipboard operation
go-sqlancer copied to clipboard
verified publisher icon PingCAP-QE

Automatically analyzes bugs

Open Hexilee opened this issue 5 years ago • 0 comments

Analyzing fuzz-bugs manually is boring and ineffective, we need some tools to find the minimally reproducible SQL automatically.

For example, we find the following tow queries behave differently in TiDB:

--Origin
SELECT
    tmp1.id_3 AS col_1,
    tmp1.col_int_3 AS col_2,
    tmp1.col_float_3 AS col_3,
    tmp2.id_0 AS col_4,
    tmp2.col_int_0 AS col_5,
    tmp3.id_2 AS col_6,
    tmp3.col_varchar_2 AS col_7,
    tmp4.id_1 AS col_8,
    tmp4.col_float_1 AS col_9
FROM
    (
        (
            table_int_float AS tmp1
            RIGHT JOIN table_int AS tmp2 ON !("N" <= tmp1.id_3)
        )
        JOIN table_varchar AS tmp3 ON !(
            ""
            AND 1
        )
    )
    RIGHT JOIN table_float AS tmp4 ON !(tmp1.col_float_3 IS NULL)
WHERE
    (8.835640563878916e-01 != "Keu+~E") IS NOT NULL;

--TLP Transformed
SELECT
    tmp1.id_3 AS col_1,
    tmp1.col_int_3 AS col_2,
    tmp1.col_float_3 AS col_3,
    tmp2.id_0 AS col_4,
    tmp2.col_int_0 AS col_5,
    tmp3.id_2 AS col_6,
    tmp3.col_varchar_2 AS col_7,
    tmp4.id_1 AS col_8,
    tmp4.col_float_1 AS col_9
FROM
    (
        (
            table_int_float AS tmp1
            RIGHT JOIN table_int AS tmp2 ON !("N" <= tmp1.id_3)
        )
        JOIN table_varchar AS tmp3 ON !(
            ""
            AND 1
        )
    )
    RIGHT JOIN table_float AS tmp4 ON !(tmp1.col_float_3 IS NULL)
WHERE
    (8.835640563878916e-01 != "Keu+~E") IS NOT NULL
    AND (
        !(
            (NULLIF("<'T", NULL))
            XOR (
                CASE
                    WHEN "2024-01-31 01:40:35" THEN tmp3.col_varchar_2
                END
            )
        )
    ) IS TRUE
UNION
ALL
SELECT
    tmp1.id_3 AS col_1,
    tmp1.col_int_3 AS col_2,
    tmp1.col_float_3 AS col_3,
    tmp2.id_0 AS col_4,
    tmp2.col_int_0 AS col_5,
    tmp3.id_2 AS col_6,
    tmp3.col_varchar_2 AS col_7,
    tmp4.id_1 AS col_8,
    tmp4.col_float_1 AS col_9
FROM
    (
        (
            table_int_float AS tmp1
            RIGHT JOIN table_int AS tmp2 ON !("N" <= tmp1.id_3)
        )
        JOIN table_varchar AS tmp3 ON !(
            ""
            AND 1
        )
    )
    RIGHT JOIN table_float AS tmp4 ON !(tmp1.col_float_3 IS NULL)
WHERE
    (8.835640563878916e-01 != "Keu+~E") IS NOT NULL
    AND (
        !(
            (NULLIF("<'T", NULL))
            XOR (
                CASE
                    WHEN "2024-01-31 01:40:35" THEN tmp3.col_varchar_2
                END
            )
        )
    ) IS FALSE
UNION
ALL
SELECT
    tmp1.id_3 AS col_1,
    tmp1.col_int_3 AS col_2,
    tmp1.col_float_3 AS col_3,
    tmp2.id_0 AS col_4,
    tmp2.col_int_0 AS col_5,
    tmp3.id_2 AS col_6,
    tmp3.col_varchar_2 AS col_7,
    tmp4.id_1 AS col_8,
    tmp4.col_float_1 AS col_9
FROM
    (
        (
            table_int_float AS tmp1
            RIGHT JOIN table_int AS tmp2 ON !("N" <= tmp1.id_3)
        )
        JOIN table_varchar AS tmp3 ON !(
            ""
            AND 1
        )
    )
    RIGHT JOIN table_float AS tmp4 ON !(tmp1.col_float_3 IS NULL)
WHERE
    (8.835640563878916e-01 != "Keu+~E") IS NOT NULL
    AND (
        !(
            (NULLIF("<'T", NULL))
            XOR (
                CASE
                    WHEN "2024-01-31 01:40:35" THEN tmp3.col_varchar_2
                END
            )
        )
    ) IS NULL;

How to find the minimally reproducible query?

Hexilee avatar Jun 28 '20 10:06 Hexilee