Speaker Interview: Andreas Seltenreich

Bug Squashing with SQLsmith   Thursday 14:40   Casablanca

Company Twitter: @credativ GitHub: anse1 Company website: credativ.com

Could you briefly introduce yourself?

I studied computer science, specializing in database systems and compilers. I got quite intimate with PostgreSQL back then, because with its architecture being close to the textbooks and its clean code base, it was fun to study it in depth. Being active on the community mailing lists helped fill the gap in solving real-world problems of applying database systems.

Professionally, I helped the University switching to PostgreSQL and free software in general for some of their internet services in form of a student job. Since 2014, I'm doing PostgreSQL and free software full-time as a consultant at credativ.

How do you engage with the PostgreSQL Community?

Currently, it's mostly dropping bug reports on the mailing list that were turned up by SQLsmith or our customers. Being somewhat familiar with the code by now, I can sometimes also come up with a patch myself instead of just a report.

Have you enjoyed previous pgconf.eu or FOSDEM conferences, either as attendee or as speaker?

Ja, but I don't really like travelling, so I usually let my colleagues attend these while I protect the castle. Getting my talks accepted thwarts this though (sorry Julian).

What will your talk be about, exactly? Why this topic?

It's about a fuzz testing tool I wrote to find bugs in SQL speaking database systems. PostgreSQL is known for its uncompromising reliability, and I felt this fame might be threatened with the addition of major and invasive features in recent years. SQLsmith was my way of soothing that feeling.

Another motivation for writing SQLsmith was that when extending Postgres for our customers' needs, I missed the additional testing dimension that Csmith provided back when I was extending a research compiler.

What is the audience for your talk?

Postgres developers needing more testing for their patches, Postgres users wanting to test their custom extensions, white/grey/black hats searching for security vulnerabilities, people interested in the nature of bugs turned up by fuzz testing, people working on competing SQL speaking databases that want to employ SQLsmith as well and people in need of the soothing feeling of more QA being done with Postgres.

What existing knowledge should the attendee have?

I think a general software engineering background is required to enjoy it.

What is the one feature in PostgreSQL 11 which you like most?

JIT. It's a strategic thing to marry databases with compilers. There were multiple parties building prototypes, and IMHO Andres' won deservedly, since I couldn't break it with SQLsmith yet.

Which other talk at this year’s conference would you like to see?

I'll probably attend all of the pink ones.