Article

Dmitry Maslennikov · 1 hr ago 8m read

Open Exchange

Modern SQL engines are enormously complex pieces of software. Even when they appear stable and mature, subtle bugs can hide in their optimizers, type systems, predicate evaluation, or execution layers. These bugs rarely announce themselves loudly. Instead, they quietly produce incorrect results, behave inconsistently, or fail abruptly under specific combinations of SQL constructs.

This is precisely why tools like SQLancer exist. SQLancer automatically generates SQL queries and uses logical “oracles” to detect when a database behaves incorrectly. It has revealed hundreds of real bugs in widely used systems such as MySQL, PostgreSQL, SQLite, and DuckDB.

With this in mind, I attempted to bring SQLancer to InterSystems IRIS, starting with the NOREC oracle — a powerful method for detecting optimizer correctness issues. The journey, however, uncovered not just potential SQL correctness problems, but also a surprising number of driver-level and server-level failures that prevented SQLancer from running at full strength.

This article summarizes why SQLancer is important, how the NOREC oracle works, and what unexpected findings appeared while testing IRIS.

What is SQLancer?

SQLancer (SQL Testing via Differential Oracles) is a framework designed to uncover hidden correctness bugs in database systems — specifically bugs that cause a database to return wrong results without crashing or reporting an error. Instead of relying on handcrafted test cases or predefined expected outputs, SQLancer uses a powerful idea:

Generate random and syntactically valid SQL queries, run them against the database, and check whether different logically equivalent forms of the query produce the same results.

If they don’t, it indicates that the database engine evaluated the query incorrectly.

SQLancer has been remarkably successful in practice. It has found correctness bugs in virtually every major SQL system, including:

MySQL
PostgreSQL
SQLite
MariaDB
DuckDB
CockroachDB
TiDB
and many others

These bugs often involved query optimizers rewriting expressions incorrectly, mishandling NULLs, evaluating predicates inconsistently, or performing illegal simplifications.

Unlike typical fuzzers, SQLancer is not interested in simply causing crashes. Its primary goal is to reveal semantic defects — the hardest kind of bug to detect, and the most dangerous for real applications.

Bringing SQLancer to InterSystems IRIS means giving IRIS the same level of scrutiny that other major engines have already received.

How the NOREC Oracle Works

SQLancer supports multiple “oracles,” each representing a different strategy for detecting incorrect behavior. For the IRIS integration, the focus is on the NOREC oracle.

NOREC (short for “No Rewriting”) is based on a simple and elegant insight:

If you take a query and rewrite it into a form that prevents the optimizer from applying any complex transformations, then both versions should always return the same result.

In other words, NOREC compares:

The original query, which the optimizer is free to rewrite, reorder, simplify, and transform.
A rewritten version of the query, where all filtering is performed explicitly using a CASE expression inside the aggregate function.
This version deliberately avoids giving the optimizer opportunities to change semantics.

For example:

Original query:

SELECT SUM(x) FROM t WHERE a > 10 AND (b IS NULL OR b < 5);

NOREC-rewritten query:

SELECT SUM(
         CASE WHEN a > 10 AND (b IS NULL OR b < 5)
              THEN x
              ELSE 0
         END
       )
FROM t;

Because the rewritten query forces evaluation to occur row-by-row without shortcuts, it serves as a correctness baseline.

If the results differ between the original and rewritten form, several things may be wrong:

the optimizer incorrectly simplified or reordered the predicate
NULL handling differed between expressions
type conversions were inconsistent
the executor incorrectly evaluated the condition
the optimizer applied an illegal rewrite

The power of NOREC is that it does not require any knowledge of the expected value. The comparison is enough.

For decades, the hardest bugs in SQL engines have come not from syntax or crashes, but from optimizers making incorrect assumptions. NOREC is specifically designed to expose such issues.

Why Correctness Testing Matters for IRIS

InterSystems IRIS is often deployed in environments where correctness is not optional:

healthcare
banking and payments
supply chain and logistics
government services
high-reliability global systems

In such domains, a silent incorrect query result is far more dangerous than a crash.

A crash is disruptive, but it is visible. Someone can notice, investigate, and repair the situation.

A silent wrong answer, however:

corrupts analytics
misleads business logic
propagates into reports
influences decisions
hides undetected for years

Even small inconsistencies — one row missing due to an incorrect rewrite, a predicate evaluated incorrectly, or a NULL handled in a non-standard way — can have large downstream effects.

This is why tools like SQLancer matter.

By generating a wide variety of SQL queries — including strange, unexpected combinations of predicates — it forces the database engine into corners that normal workloads rarely reach. If IRIS behaves inconsistently or incorrectly, SQLancer can reveal the problem long before it affects a real production system.

During the early experiments for this project, the unexpected driver and server errors that surfaced indicate that IRIS under random SQL generation may expose robustness issues even before correctness oracles come into play. This finding alone reinforces the importance of deeper testing.

Correctness testing isn’t about proving that the database is broken.
It’s about building confidence that it behaves correctly even in the most obscure corner cases — a goal that every SQL engine benefits from.

Hot to run it

It requires Java 17, and InterSystems IRIS Enterprise (it uses many connections).

Clone github repository

https://github.com/caretdev/sqlancer-iris.git

Build the project

cd sqlancer-iris
mvn package -DskipTests

Run with oracle NOREC

cd target
java -jar sqlancer-iris*.jar iris --oracle norec --connection-url IRIS://_SYSTEM:SYS@localhost:1972/USER

It is possible to use other oracles as well:

WHERE
Fuzzer

When running it, tool will print all the SQL queries executed, and issues found during the run

Run Tests using testcontainers

This way it will create container with IRIS will start it and run tests against it.

mvn -Dtest=TestIRISNOREC clean test 
mvn -Dtest=TestIRISWHERE clean test 
mvn -Dtest=TestIRISFuzzer clean test

Findings so far

Invalid Message Count. Happening quite often and for any query.

java.sql.SQLException: Invalid Message Count (452); expected: 5 got: -1. Server returned: 406. Closing Connection
        at com.intersystems.jdbc.InStream.checkHeader(InStream.java:123)
        at com.intersystems.jdbc.InStream.readMessageInternal(InStream.java:241)
        at com.intersystems.jdbc.InStream.readMessage(InStream.java:173)
        at com.intersystems.jdbc.InStream.readMessage(InStream.java:148)
        at com.intersystems.jdbc.IRISStatement.sendDirectUpdateRequest(IRISStatement.java:458)
        at com.intersystems.jdbc.IRISStatement.Update(IRISStatement.java:439)
        at com.intersystems.jdbc.IRISStatement.execute(IRISStatement.java:740)
        at sqlancer.iris.IRISProvider.createDatabase(IRISProvider.java:123)
        at sqlancer.iris.IRISProvider.createDatabase(IRISProvider.java:1)
        at sqlancer.Main$DBMSExecutor.run(Main.java:450)
        at sqlancer.Main$2.run(Main.java:684)
        at sqlancer.Main$2.runThread(Main.java:666)
        at sqlancer.Main$2.run(Main.java:657)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)

Server closed communication device

Caused by: java.sql.SQLException: Communication error:  Server closed communication device
        at com.intersystems.jdbc.InStream.read(InStream.java:62)
        at com.intersystems.jdbc.InStream.readBuffer(InStream.java:74)
        at com.intersystems.jdbc.InStream.checkHeader(InStream.java:101)
        at com.intersystems.jdbc.InStream.readMessageInternal(InStream.java:241)
        at com.intersystems.jdbc.InStream.readMessage(InStream.java:173)
        at com.intersystems.jdbc.InStream.readMessage(InStream.java:148)
        at com.intersystems.jdbc.IRISStatement.sendDirectQueryRequest(IRISStatement.java:351)
        at com.intersystems.jdbc.IRISStatement.Query(IRISStatement.java:269)
        at com.intersystems.jdbc.IRISStatement.executeQuery(IRISStatement.java:170)

Unable to obtain group command lock. Usually happens during table creation

Caused by: java.sql.SQLException: [SQLCODE: <-400>:<Fatal error occurred>]
[Location: <ServerLoop>]
[%msg: <ERROR #7808: Unable to obtain group '8777833385654' command lock.>]
        at com.intersystems.jdbc.IRISConnection.getServerError(IRISConnection.java:1001)
        at com.intersystems.jdbc.IRISConnection.processError(IRISConnection.java:1146)
        at com.intersystems.jdbc.InStream.readMessageInternal(InStream.java:284)
        at com.intersystems.jdbc.InStream.readMessage(InStream.java:173)
        at com.intersystems.jdbc.InStream.readMessage(InStream.java:148)
        at com.intersystems.jdbc.IRISStatement.sendDirectUpdateRequest(IRISStatement.java:458)
        at com.intersystems.jdbc.IRISStatement.Update(IRISStatement.java:439)
        at com.intersystems.jdbc.IRISStatement.execute(IRISStatement.java:740)
        at sqlancer.common.query.SQLQueryAdapter.internalExecute(SQLQueryAdapter.java:140)

SQL: Property does not exists. looks like something unicode related

SELECT 1 WHERE ('') = ('_㉸^');

Totally fine SQL query, which gives strange error

SQL Error [400] [S1000]: [SQLCODE: <-400>:<Fatal error occurred>]
[Location: <ServerLoop - Query Open()>]
[%msg: <Unexpected error occurred:  <PROPERTY DOES NOT EXIST>%C0o+7^%sqlcq.USER.cls592.1 *i%c㉸4,%sqlcq.USER.cls592>]

How come, that literal value became a property

Unfortunately due to, too many errors that I have no control of quite difficult to continue any further development.

If you think that this tool worth of existing, and we need all already found bugs fixing as well as a new ones, please vote on the contest.

1 new Comment

Discussion (1)1

Job

APP IN SNAP · 1 hr ago

#Cloud #Testing #UI Development #Job Opportunity #Other

In today’s fast-moving digital landscape, every business — whether it's a growing startup, a mid-size agency, or a mature enterprise — is facing one universal truth: you cannot scale without the right technology.

Customers expect speed. Teams expect automation. Markets expect innovation. And competitors are already becoming faster, smarter, and more seamless than ever before.

This is where the difference between “just surviving” and “efficiently growing” becomes clear.
Businesses that invest in the right digital infrastructure win. Others slowly fall behind.

And because not every company has the internal expertise, resources, or time to build everything in-house, partnering with a trusted tech solutions provider becomes essential — not optional.

One company that is helping businesses evolve with confidence is App in Snap, a full-service technology firm delivering everything from enterprise-grade applications to cloud solutions, cybersecurity, UI/UX design, and modern full-stack development. If you want to explore how these services elevate a business, you can visit their official service page here: App in Snap.

The Digital Shift: Why Businesses Need More Than Just a Website

A decade ago, a professional website was enough to stay competitive.
Today? It’s only the foundation.

Businesses now need:

Modern, scalable software
Seamless mobile apps
Secure cloud environments
Strong digital marketing frameworks
Optimized UI/UX
Agile development workflows
Consistent product updates
Reliable cybersecurity measures

Each of these areas requires specialized skills, modern tools, and continuous upgrading — something that can overwhelm even a well-equipped internal team.

That’s exactly why companies rely on experienced technology partners.

What Makes a Good Digital Partner?

A strong technology partner does more than complete tasks. They:

1. Understand the business first

Technology is not “one size fits all.”
A good partner listens before building.

2. Offer full-cycle solutions

From product strategy to development, deployment, and maintenance, everything should be handled under one roof.

3. Deliver fast, secure, and scalable solutions

Business grows. Technology should grow with it.

4. Provide transparent communication

You should always know what’s happening with your project.

5. Commit to long-term success, not just one-time deliveries

The digital world evolves quickly — updates, upgrades, and improvements are ongoing.

These are exactly the standards that companies expect today, and this is where App in Snap shines.

How App in Snap Helps Businesses Build, Scale, and Modernize Their Digital Ecosystem

App in Snap isn’t just another IT company — it’s a team built around modern technology, business strategy, and long-term partnerships.

Below is a breakdown of how their services make a real impact.

1. Full Stack Web Development — Building Digital Foundations That Last

Modern web development is more than coding pages.
It’s about creating fast, secure, scalable digital platforms that support business growth.

App in Snap provides:

Frontend & backend development
API development
Custom dashboards
Scalable architectures
SEO-friendly, high-performance web apps
Cloud-integrated solutions

Whether you're building a customer portal, booking platform, internal ERP module, or a SaaS application, full-stack development is the backbone — and App in Snap builds systems that stay reliable even under heavy load.

2. Mobile App Development — Meeting Customers Where They Are

Today’s customers spend most of their digital time on mobile.
So a business that doesn’t have a mobile presence is already losing opportunities.

App in Snap creates:

iOS & Android apps
Cross-platform mobile apps
Secure mobile banking apps
Custom business apps
Workflow automation mobile tools

From idea to launch, the focus is always on performance, security, and a smooth user experience.

3. UI/UX Design — Because Experience Determines Conversion

Users decide within seconds whether they trust a digital product.

A clean, intuitive, beautiful design:

Builds trust
Improves engagement
Simplifies navigation
Boosts conversions
Strengthens brand identity

App in Snap approaches UI/UX from a user psychology perspective, ensuring every design is functional and visually appealing — not just “pretty.”

4. Cloud Services — The Backbone of Modern Scalability

Today’s business systems must be available anytime, anywhere.

Cloud adoption is no longer optional.
App in Snap helps companies move to private or public cloud to:

Reduce infrastructure costs
Improve scalability
Strengthen security
Enable remote operations
Increase speed and performance

Whether it’s AWS, Azure, private cloud setups, or hybrid environments, they build cloud ecosystems that are built for long-term growth.

5. Cybersecurity — Protecting Digital Trust

Cyber threats grow every day.
A single breach can cost millions or destroy brand reputation.

App in Snap offers:

Security assessments
Network protection
Application security
Data encryption
24/7 monitoring
Incident response

Security should never be an afterthought — and App in Snap ensures it becomes a core pillar of every digital solution.

6. Enterprise & ERP Solutions — Powering Operational Excellence

Businesses need systems that streamline operations, connect departments, and reduce manual tasks.

App in Snap builds:

Custom ERP systems
Inventory management modules
HR & payroll tools
Finance & accounting systems
Custom dashboards
Integrated workflow systems

With custom enterprise applications, businesses get exactly what they need — no unnecessary features, no limitations.

7. Digital Marketing & SEO — Bringing Customers to the Door

Even the best-built platform needs traffic.

App in Snap supports businesses with:

SEO
AEO (Answer Engine Optimization)
Paid campaigns
Content strategies
Social media management

The goal is simple:
Bring the right audience and convert them into customers.

Why Businesses Trust App in Snap

1. They deliver modern solutions

Using the latest frameworks, tools, and cloud technologies.

2. They focus on business growth

Technology is only useful when it drives revenue and efficiency.

3. They work like a long-term partner

Not like a “project vendor.”

4. They offer everything under one roof

No need to hire multiple teams — development, design, cloud, security, and marketing are all integrated.

5. Their approach is transparent and collaborative

Clear communication, predictable timelines, and reliable delivery.

Final Thoughts — Digital Success Starts With the Right Tech Partner

Every business today is either transforming or falling behind.
Those who invest in strong digital infrastructure, seamless apps, and secure cloud environments will win the future.

If you’re ready to build, modernize, or scale your digital ecosystem, partnering with a team that understands the full picture is essential.
And App in Snap is one of those partners that combines expertise, innovation, and real business focus.

To explore their services, you can visit App in Snap and discover how they can help your business grow in a competitive digital world.

Discussion (0)1

Announcement

Anastasia Dyubaylo · 3 hr ago

#Contest #IRIS contest

Hi Community,

It's voting time! Cast your votes for the best applications in our InterSystems "Bringing Ideas to Reality" Contest:

🔥 VOTE FOR THE BEST APPS 🔥

How to vote? Details below.

Experts nomination:

An experienced jury from InterSystems will choose the best apps to nominate for the prizes in the Experts Nomination.

Community nomination:

All active members of the Developer Community with a “trusted” status in their profile are eligible to vote in the Community nomination. To check your status, please click on your profile picture at the top right, and you will see it under your picture. To become a trusted member, you need to participate in the Community at least once.

Blind vote!

The number of votes for each app will be hidden from everyone. We will publish the leaderboard in the comments section of this post daily. Experts may vote any time so it is possible that the places change dramatically at the last moment. The same applies to bonus points.

The order of projects on the contest page will be determined by the order in which applications were submitted to the competition, with the earliest submissions appearing higher on the list.

P.S. Don't forget to subscribe to this post (click on the bell icon) to be notified of new comments.

To take part in the voting, you need:

Sign in to Open Exchange – DC credentials will work.
Make any valid contribution to the Developer Community – answer or ask questions, write an article, contribute applications on Open Exchange – and you'll be able to vote. Check this post on the options to make helpful contributions to the Developer Community.

If you change your mind, cancel the choice and give your vote to another application!

Support the application you like!

Note: Contest participants are allowed to fix bugs and make improvements to their applications during the voting week, so be sure to subscribe to application releases!

Discussion (0)1

Article

Muhammad Waseem · 4 hr ago 4m read

Open Exchange

#Contest #Python #SQL #InterSystems Ideas Portal #InterSystems IRIS #Open Exchange

Apache Airflow is the leading open-source platform to programmatically author, schedule, and monitor data pipelines and workflows using Python. Workflows are defined as code (DAGs), making them version-controlled, testable, and reusable. With a rich UI, 100+ built-in operators, dynamic task generation, and native support for cloud providers, Airflow powers ETL/ELT, ML pipelines, and batch jobs at companies like Airbnb, Netflix, and Spotify.

Airflow Application Layout

Airflow-Provider-IRIS Package

Airflow-Provider-IRIS enables seamless integration between Airflow workflows and the InterSystems IRIS data platform. It provides native connection support and operators for executing IRIS SQL and automating IRIS-driven tasks within modern ETL/ELT pipelines. Designed for reliability and ease of use, this provider helps data engineers and developers build scalable, production-ready workflows.

🚀 Features

✔️ IrisHook – for managing IRIS connections
✔️ IrisSQLOperator – for running SQL queries
✔️ Support for both SELECT/CTE and DML statements
✔️ Native Airflow connection UI customization
✔️ Examples for real-world ETL patterns

📦Installation

The airflow-provider-iris package can be installed separately in any Airflow environment using the following command:

pip install airflow-provider-iris

For detailed documentation, usage examples, and a complete list of operators/hooks, see the published provider package:

iris-airflow-provider Application

iris-airflow-provider is an Open Exchange application that demonstrates the capabilities and usage of the airflow-provider-iris Python package through ready-to-run examples and sample DAGs.

Navigate to http://localhost:8080/ to access the application [Credentials: airflow/airflow]

Add IRIS connection

Go to Admin → Connections and click on the Add Connection button

Fill in the fields and click the Save button at the bottom of the form to create the connection.

Use your InterSystems IRIS connection by setting the iris_conn_id parameter in any of the provided operators.

In the Airflow DAG example below, the IrisSQLOperator uses the iris_conn_id parameter to connect to the IRIS instance :

# New_Test_DAG.py
from datetime import datetime
from airflow import DAG
from airflow_provider_iris.operators.iris_operator import IrisSQLOperator

# Define the DAG for running a simple SQL command against InterSystems IRIS.
with DAG(
    dag_id="01_IRIS_Raw_SQL_Demo_Local",
    start_date=datetime(2025, 12, 1),
    schedule=None,               # Run manually; no automatic scheduling
    catchup=False,               # Do not backfill previous dates
    tags=["iris-contest"],       # Tag to group the DAG in Airflow UI
) as dag:

    # Create a demo table if it does not already exist.
    # This operator connects to the specified IRIS instance and executes the SQL.
    create_table = IrisSQLOperator(
        task_id="create_table",
        iris_conn_id="ContainerInstance",   # Airflow connection configured for IRIS
        sql="""
            CREATE TABLE IF NOT EXISTS Test.AirflowDemo (
                ID INTEGER IDENTITY PRIMARY KEY,
                Message VARCHAR(200),
                RunDate TIMESTAMP DEFAULT CURRENT_TIMESTAMP
            )
        """,
    )

A DAG (Directed Acyclic Graph) is a Python script that defines an Airflow workflow as a collection of tasks, their dependencies, and execution schedule. Airflow automatically discovers and loads any Python file placed in the designated DAGs folder.

View/Run Sample Dags

The application comes with three pre-loaded DAGs.

Open the Airflow UI and click on the DAGs tab.
Use the toggle button next to each DAG to enable or disable it.

To run a DAG manually, click the Trigger DAG button (▶ arrow) on the right side of the DAG row.
Click the name of DAG (e.g., 01_IRIS_Raw_SQL_Demo) to view its details, graph, and run history.

The 01_IRIS_Raw_SQL_Demo DAG consists of three tasks:

Create Table
Insert Data
Retrieve Data

Select a task and click the task box to open its details. Click on the Details tab to see its details.

Click on the Code tab to see the task’s source code.

Click on the Log tab to see the Log details.

If the DAG runs successfully, verify the results in the InterSystems Management Portal.
Navigate to http://localhost:32783/csp/sys/exp/%25CSP.UI.Portal.SQL.Home.zen?$NAMESPACE=USER [Credentials: _SYSTEM/SYS]

For more details, please visit iris-provider-iris open exchange application page.

Thanks

1 new Comment

Discussion (1)1

Digest

Toshihiko Minamoto · 5 hr ago

#Developer Community Official #Digest

記事

#InterSystems IRIS

マルチプラットフォーム環境でCSPファイルをVSCodeで編集する場合の注意点

Hiroshi Sato順

#InterSystems IRIS for Health

OMOP Odyssey - Databricks AI/BI Genie を使ってノーコードでCDM検索（アイオロス島編）

Toshihiko Minamoto順

お知らせ