Database Management System (DBMS) fuzzing is an automated testing technique aimed at detecting errors and vulnerabilities in DBMSs by generating, mutating, and executing test cases. It not only reduces the time and cost of manual testing but also enhances detection coverage, providing valuable assistance in developing commercial DBMSs. Existing fuzzing surveys mainly focus on general-purpose software. However, DBMSs are different from them in terms of internal structure, input/output, and test objectives, requiring specialized fuzzing strategies. Therefore, this paper focuses on DBMS fuzzing and provides a comprehensive review and comparison of the methods in this field. We first introduce the fundamental concepts. Then, we systematically define a general fuzzing procedure and decompose and categorize existing methods. Furthermore, we classify existing methods from the testing objective perspective, covering various components in DBMSs. For representative works, more detailed descriptions are provided to analyze their strengths and limitations. To objectively evaluate the performance of each method, we present an open-source DBMS fuzzing toolkit, OpenDBFuzz. Based on this toolkit, we conduct a detailed experimental comparative analysis of existing methods and finally discuss future research directions.

翻译：数据库管理系统（DBMS）模糊测试是一种自动化测试技术，通过生成、变异和执行测试用例来检测DBMS中的错误与漏洞。它不仅能降低人工测试的时间与成本，还能提升检测覆盖率，为商业DBMS的开发提供重要支持。现有模糊测试综述主要聚焦于通用软件，然而DBMS在内部结构、输入输出以及测试目标方面与通用软件存在显著差异，需要专门的模糊测试策略。为此，本文聚焦DBMS模糊测试，对该领域的方法进行了全面综述与对比。我们首先介绍基本概念，随后系统性地定义通用模糊测试流程，并对现有方法进行分解与分类。进一步地，我们从测试目标视角对现有方法进行分类，涵盖DBMS中的各类组件。针对代表性工作，提供更详尽的描述以分析其优势与局限。为客观评估各方法性能，我们提出开源DBMS模糊测试工具包OpenDBFuzz。基于该工具包，我们对现有方法开展详细的实验对比分析，并最终探讨未来研究方向。