Turso is rewriting SQLite in Rust
Find a bug to win $1,000
SQLite, while legendary, has remained closed to community contributions. We at Turso are changing that by building a modern
SQLite alternative in Rust - one that's open source and community-driven. Our goal isn't just features, but
rock-solid reliability through Deterministic Simulation Testing.
We are so confident in the long-term ability of the DST to find the rarest bugs that even at the current early stage, we are offering cash bounties for those who can find cases where a bug survived this testing. During the alpha phase of the project, we still expect some bugs to exist, and we'll offer
$1,000
for any bugs that lead to data loss or data corruption. As our releases progress, we will continuously expand the scope of bugs and size of the bounty.
Leaderboard
Submissions are closed
All bounties have been awarded to the winners
How to participate
Got questions? Join us on Discord
Follow the CONTRIBUTING.md guide to build the Turso CLI locally. You'll need Rust installed and the repo cloned.
Explore the simulator directory to learn how Turso's Deterministic Simulation Testing works and what kinds of bugs it currently detects.
Improve the simulator to expose a bug that slipped through. A qualifying bug causes data loss or corruption that cannot be recovered by a future patch in features enabled by default in the latest release.
Open a pull request adding the DST scenarios that catch the bug. Once your PR is merged, you receive an $800 reward. Experimental or gated features are not eligible.
Patch the underlying issue you uncovered and earn an additional $200 bringing the total reward to $1,000.
Media
Discussions
SQLite is the most well tested software on Earth, any rewrite WILL contain bugs that don't exist in SQLite. Not only has SQLite been tested to run on almost any conceivable device, but its testsuite must be able to reproduce the issue before any bug is closed. This together with its 20 yr+ age makes SQLite closest to perfection of any program written. Making it "more secure" using Rust simply doesn't make sense when you're competing with perfection.
Given the code quality and rigid testing, SQLite is probably the last project that should be rewritten. It'd be great to see all other C code rewritten first!
This is going to sound pedantic, but SQLite is not Open Source. It's Public Domain. The distinction is subtle, but it is important.
> SQLite's test suite is proprietary huh TIL. Kinda makes sense, but also kinda sucks. So if you try to contribute to SQLite you can't run the tests yourself to see if you broke anything?"
well you can't contribute to SQLite, the code is "open-source" but the project is maintained by a set number of people
Start contributing
