search

albertZhangTJ / sqlancer-lancerfuzz

Detecting Logic Bugs in DBMS
http://www.sqlancer.com/
MIT License
1 stars 0 forks source link

Automatically generate oracle from grammar file #22

Open albertZhangTJ opened 6 months ago

albertZhangTJ commented 6 months ago

I guess we can leverage the existing member_var_ref mechanism to automatically generate oracles (at least for TLP).

albertZhangTJ commented 6 months ago

An example definition would be as follows (just an illustration of the idea, not necessarily accurate)

selectBase : ( { MEM_VAR("base_query"); } | SELECT columns FROM table) ';' ;
predicate : ( { MEM_VAR("predicate"); } | generate_predicate );
selectPos : ( { MEM_VAR("base_query"); } | SELECT columns FROM table) WHERE predicate ;
selectNeg : ( { MEM_VAR("base_query"); } | SELECT columns FROM table) WHERE NOT predicate ;
selectNul : ( { MEM_VAR("base_query"); } | SELECT columns FROM table) WHERE predicate IS NULL ;
selectUni : selectPos UNION selectNeg UNION selectNul ':' ;

And we can use the config file to tell the back end to compare the result of selectBase with selectUni

However we still need to solve one thing: The predicate needs access to the schema, no idea how to handle that for now, will come back and update this ASAP.