Public Feedback by Companies
Alibaba
Great job @RiggerManuel @zhendongsu , I would like to share this Chinese post to Alibaba. We have many database products. Your series of work would help them a lot. https://t.co/HXrUfNdAML
— Tianxiao Gu (@Xiaotiangu) June 9, 2020
Cockroach Labs
I’m a big fan of @RiggerManuel’s work here and a big fan of metamorphic testing. A good heaping dose of awesome sauce for improving the quality SQL databases.
— Peter Mattis (@petermattis) May 22, 2020
I've said it before and I'll say it again: we @CockroachDB thank @RiggerManuel for his hard work finding real bugs in our product. This paper is great and you should give it a read. Lots of practical examples and testing innovation here! https://t.co/k0qD2UeMNR
— Large Data Bank (@JordanALewis) May 22, 2020
🤓 This paper is an excellent place to find techniques for testing against databases. 👇👇👇 https://t.co/OERITGOJPb
— CockroachDB (@CockroachDB) May 22, 2020
I second this. Manuel, you're doing the database industry a great service. Thank you! https://t.co/6OpeNkLkH9
— Large Data Bank (@JordanALewis) April 13, 2020
DuckDB
Thanks! Amazing how many bugs your testing uncovers :) and with the short reproducible examples the bugs almost fix themselves!
— Mark Raasveldt (@mark8264) April 13, 2020
MonetDB
Thanks for providing this great tool to the community! The MonetDB team loves new challenges to improve the code.
— MonetDB Team (@MonetDB) June 10, 2020
MySQL
@RiggerManuel thank you from the @MySQL Team for the bugs reported /cc @sqlancer_dbms
— lefred (@lefred) June 8, 2020
PingCAP
Today we open-sourced the @Golang implementation of SQLancer, a tool for auto-detecting #DBMS logic bugs. So far it has worked greatly on #TiDB. https://t.co/Nk1XwnnJfS
— zhouqiang (@zhouqiang_cl) June 5, 2020
Much thanks to @RiggerManuel and @zhendongsu for their great work on https://t.co/Y0DLXJGEL1
/cc @PingCAP
Incorrect optimizations in #DBMS can result in logic bugs that are hard to detect. In Dr. @RiggerManuel's latest paper, he proposed Non-Optimizing
— PingCAP (@PingCAP) May 26, 2020
Reference Engine Construction (NoREC), a fully-automatic approach to detect optimization bugs. Read now: https://t.co/z8NR82O5BY pic.twitter.com/88o8PSR8BS
Here comes the secret weapon. 🛠️
— PingCAP (@PingCAP) May 18, 2020
Pivoted Query Synthesis, proposed by Dr. @RiggerManuel, is an effective and general approach to locate #DBMS logic bugs. Read more: 👉https://t.co/zFdj4Qk3Bn https://t.co/oLBDLLd4FQ pic.twitter.com/t0c1VILckH
👏Amazed by our outstanding bug hunter Dr.@RiggerManuel. So far, he has reported 28 P1/P2 bugs in Bug Hunting Contest for #TiDB 4.0 RC. Thanks for making #TiDB better!🍻
— PingCAP (@PingCAP) May 13, 2020
Actually, his hunting ranges much farther than us. Check out his #DBMS bug collection: https://t.co/nFxwu3bBcU pic.twitter.com/In68vKYM5W
SQLite
One fuzzing researcher of particular note is Manuel Rigger, currently (as this paragraph is written on 2019-12-21) at ETH Zurich. Most fuzzers only look for assertion faults, crashes, undefined behavior (UB), or other easily detected anomalies. Dr. Rigger's fuzzers, on the other hand, are able to find cases where SQLite computes an incorrect answer. Rigger has found many such cases. Most of these finds are fairly obscure corner cases involving type conversions and affinity transformations, and a good number of the finds are against unreleased features. Nevertheless, his finds are still important as they are real bugs, and the SQLite developers are grateful to be able to identify and fix the underlying problems. Rigger's work is currently unpublished. When it is released, it could be as influential as Zalewski's invention of AFL and profile-guided fuzzing.