Just a few days ago I found a serious security issue in SQLite: <a href="https://sqlite.org/forum/forumpost/07beac8056151b2f" rel="nofollow">https://sqlite.org/forum/forumpost/07beac8056151b2f</a><p>It was also promptly fixed, but it makes me feel like the millions of tests sound better than they are in reality …
I understand the comment about "intellectual honesty" about those pesky transient bugs.<p>It's really hard to know where a hard to reproduce bug is on the cost benefit spectrum - and that is the crux - not knowing enough about the bug to determine it's negative weight means you are essentially guessing both sides of the equation.<p>It's probably not the best idea, it waiting till users find it at east gives a good idea of the prior
I'd be interested to read some discussion on why this wasn't caught earlier. When you have some thing with supports read + write and supports access from multiple threads/processes, I'd expect "read as fast as possible from one thread, write as fast as possible from another" to be one of the most obvious tests to write.
The top comment is...sad yet funny:<p><pre><code> Euphorbium
December 11, 2022 at 2:31 pm
I think I hit the same bug in django, and it took them 5 years to fix it. Django tagline is “webframework for perfectionists with deadlines”. I was fired because of this bug.</code></pre>
Even though SQLite bugs are rare, those can be found occasionally.<p>I remember a bug finder took the sqlite documentation off their website. Collected all their keywords, made up millions of jumbled up queries of random combination between keywords and then ran those overnight to find 10 bugs where the engine crashed. And yes those were also reported and fixed quickly.
No such thing as software without bugs, but given the incredibly widespread use that SQLite sees the quality as evidenced by the fact that finding a bug is news by itself is extremely high. Something to strive for.
Lots of people saying that SQLite is super high quality and finding a bug is so rare. It’s not. I found one on a simple query utilising WHERE EXISTS [1]. Reporting it to a weird forum was also a horrible experience.<p>It’s high quality software, don’t get me wrong, but the infamous 100% test coverage doesn’t make it somehow immune to issues, or imply that the issues you do find are of a certain level of complexity. Nothing is back and white like that.<p>1. <a href="https://sqlite.org/forum/forumpost/452888d3b1?t=c&unf" rel="nofollow">https://sqlite.org/forum/forumpost/452888d3b1?t=c&unf</a>
> I found a bug in SQLite<p>Well, good thing it wasn't a bug in the C compiler you were building sqlite with... even those can come up occasionally.
My first time coming across rqlite. Looks awesome. I just finished writing a poor man’s centralized store of SQLite writing the DB file to Minio (s3 compliant) storage but of course has race conditions all over the place. Gonna take a look at replacing with rqlite.
Long long ago I lost my SMS database on my first Android phone to corruption.<p>The worst part was if the app encountered an error opening the database, it just deleted it and started over -- no chance of repair to rescue any of the data. I don't think this is done this way anymore.<p>After that I have installed SMS Backup+ first thing on every new phone.