Detecting deeply hidden, hard-to-trigger logical bugs in database management systems (DBMSs) remains a significant challenge. To address this, we propose CODDTest—the first DBMS testing technique inspired by compiler constant folding and propagation. Its core innovation lies in semantics-aware SQL query mutation: leveraging predicate semantic equivalence analysis to perform equivalent constant substitutions, thereby exposing result inconsistencies without requiring external oracles or cross-system comparisons. CODDTest is lightweight, efficient, and highly precise, capable of uncovering subtle logical flaws that evade state-of-the-art DBMS testing approaches. We evaluated it on five widely used DBMSs—including SQLite and MySQL—and discovered 45 previously unknown bugs. Among these, 24 are novel logical errors, and 11 were detected exclusively by CODDTest, demonstrating its unique capability to expose deep semantic inconsistencies in query processing and optimization logic.

Logic bugs are bugs that can cause database management systems (DBMSs) to silently produce incorrect results for given queries. Such bugs are severe, because they can easily be overlooked by both developers and users, and can cause applications that rely on the DBMSs to malfunction. In this work, we propose Constant-Optimization-Driven Database Testing (CODDTest) as a novel approach for detecting logic bugs in DBMSs. This method draws inspiration from two well-known optimizations in compilers: constant folding and constant propagation. Our key insight is that for a certain database state and query containing a predicate, we can apply constant folding on the predicate by replacing an expression in the predicate with a constant, anticipating that the results of this predicate remain unchanged; any discrepancy indicates a bug in the DBMS. We evaluated CODDTest on five mature and extensively-tested DBMSs-SQLite, MySQL, CockroachDB, DuckDB, and TiDB-and found 45 unique, previously unknown bugs in them. Out of these, 24 are unique logic bugs. Our manual analysis of the state-of-the-art approaches indicates that 11 logic bugs are detectable only by CODDTest. We believe that CODDTest is easy to implement, and can be widely adopted in practice.