Fuzzing Graph Database Applications with Graph Transformations
Stefania Dumbrava (ENSIIE)
Melchior W. M. Oudemans (Student TU Delft)
Burcu Kulahcioglu Ozkan (TU Delft - Software Engineering)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Graph databases have surged in popularity, and applications increasingly employ them to store and retrieve interconnected data. However, testing graph database-backed applications has distinctive challenges. Due to the sheer dimension of the graph schema state space, testing applications using naive random graph instances is unlikely to cover a large portion of an application program. We present PGFuzz, a graph transformation-based greybox fuzzer for testing graph database-backed applications, that is, to the best of our knowledge, the first fuzzer to specifically target graph database applications. PGFuzz builds on top of state-of-the-art graph generators and utilizes graph transformations guided by code coverage to produce application test inputs. PGFuzz ’s graph transformations are schema-aware and support recently introduced graph schema, key, and cardinality constraints. We evaluate PGFuzz on graph database applications that we curate from open-source repositories and show that PGFuzz substantially improves the test coverage of graph database-backed applications compared to the state-of-the-art.