Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Finding Logic Bugs in Spatial Database Engines via Affine Equivalent Inputs

Wenjing Deng, Qiuyang Mang, Chengyu Zhang, Manuel Rigger

TL;DR

Experimental results demonstrate that the geometry-aware generator significantly outperforms a naive random-shape generator in detecting unique bugs, and AEI can identify 14 logic bugs in SDBMSs that were totally overlooked by previous methodologies.

Abstract

Spatial Database Management Systems (SDBMSs) aim to store, manipulate, and retrieve spatial data. SDBMSs are employed in various modern applications, such as geographic information systems, computer-aided design tools, and location-based services. However, the presence of logic bugs in SDBMSs can lead to incorrect results, substantially undermining the reliability of these applications. Detecting logic bugs in SDBMSs is challenging due to the lack of ground truth for identifying incorrect results. In this paper, we propose an automated geometry-aware generator to generate high-quality SQL statements for SDBMSs and a novel concept named Affine Equivalent Inputs (AEI) to validate the results of SDBMSs. We implemented them as a tool named Spatter (Spatial DBMSs Tester) for finding logic bugs in four popular SDBMSs: PostGIS, DuckDB Spatial, MySQL, and SQL Server. Our testing campaign detected 34 previously unknown and unique bugs in these SDBMS, of which 30 have been confirmed, and 18 have been already fixed. Our testing efforts have been well appreciated by the developers. Experimental results demonstrate that the geometry-aware generator significantly outperforms a naive random-shape generator in detecting unique bugs, and AEI can identify 14 logic bugs in SDBMSs that were overlooked by previous methodologies.

Finding Logic Bugs in Spatial Database Engines via Affine Equivalent Inputs

TL;DR

Experimental results demonstrate that the geometry-aware generator significantly outperforms a naive random-shape generator in detecting unique bugs, and AEI can identify 14 logic bugs in SDBMSs that were totally overlooked by previous methodologies.

Abstract

Spatial Database Management Systems (SDBMSs) aim to store, manipulate, and retrieve spatial data. SDBMSs are employed in various modern applications, such as geographic information systems, computer-aided design tools, and location-based services. However, the presence of logic bugs in SDBMSs can lead to incorrect results, substantially undermining the reliability of these applications. Detecting logic bugs in SDBMSs is challenging due to the lack of ground truth for identifying incorrect results. In this paper, we propose an automated geometry-aware generator to generate high-quality SQL statements for SDBMSs and a novel concept named Affine Equivalent Inputs (AEI) to validate the results of SDBMSs. We implemented them as a tool named Spatter (Spatial DBMSs Tester) for finding logic bugs in four popular SDBMSs: PostGIS, DuckDB Spatial, MySQL, and SQL Server. Our testing campaign detected 34 previously unknown and unique bugs in these SDBMS, of which 30 have been confirmed, and 18 have been already fixed. Our testing efforts have been well appreciated by the developers. Experimental results demonstrate that the geometry-aware generator significantly outperforms a naive random-shape generator in detecting unique bugs, and AEI can identify 14 logic bugs in SDBMSs that were overlooked by previous methodologies.

Paper Structure

This paper contains 58 sections, 1 theorem, 5 equations, 8 figures, 5 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Geometry Types
  4. Topological Relationship Queries
  5. Definition of formal topological relationships
  6. Named topological relationships
  7. Affine Transformations
  8. Affine Equivalent Inputs
  9. Proof of our intuition
  10. Definition of AEI
  11. Spatter
  12. Geometry-Aware Generator
  13. Random-shape strategy
  14. Derivative strategy
  15. Generation process
  16. ...and 43 more sections

Key Result

proposition 1

For a geometry pair $(g_1, g_2)$, and its affine equivalent geometry pair $(g_1',g_2')$, we have $R(g_1, g_2) = R(g_1', g_2')$.

Figures (8)

  • Figure 1: Visualizations of the geometries in Listing \ref{['lst:precision-issue']} and Listing \ref{['lst:AEI_example']} are shown in (a) and (b) respectively. The geometry pairs in (a) and (b) are affine equivalent.
  • Figure 2: Examples of 2D geometries and their geometry types, interiors, and boundaries.
  • Figure 3: DE-9IM code of POLYGON g1 and LINESTRING g2 is . The letter indicates that the intersection is an empty set. The numbers , , and represent the dimension of the intersection.
  • Figure 4: Examples of affine transformation.
  • Figure 5: Overview of Spatter
  • ...and 3 more figures

Theorems & Definitions (7)

  • definition 1: Boundary, Interior, and Exterior of Cells
  • definition 2: Boundary, Interior, Exterior of Cell Complexes
  • definition 3: Formal Topological Relationship
  • definition 4: Affine Transformations on Cells
  • definition 5: Affine Equivalent Geometry Pairs
  • proposition 1
  • definition 6: Affine Equivalent Inputs