Affiliation:
1. Imperial College London, UK
Abstract
We introduce a program logic for specifying a core sequential subset of the POSIX file system and for reasoning abstractly about client programs working with the file system. The challenge is to reason about the combination of local directory update and global pathname traversal (including '..' and symbolic links) which may overlap the directories being updated. Existing reasoning techniques are either based on first-order logic and do not scale, or on separation logic and can only handle linear pathnames (no '..' or symbolic links). We introduce fusion logic for reasoning about local update and global pathname traversal, introducing a novel effect frame rule to propagate the effect of a local update on overlapping pathnames. We apply our reasoning to the standard recursive remove utility (rm -r), discovering bugs in well-known implementations.
Funder
Engineering and Physical Sciences Research Council
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference24 articles.
1. POSIX.1-2008 IEEE 1003.1-2008 The Open Group Base Specifications Issue 7. URL http://pubs.opengroup. org/onlinepubs/9699919799/. POSIX.1-2008 IEEE 1003.1-2008 The Open Group Base Specifications Issue 7. URL http://pubs.opengroup. org/onlinepubs/9699919799/.
2. Verifying a File System Implementation
3. Models and Separation Logics for Resource Trees
4. Permission accounting in separation logic
5. Variables as Resource in Separation Logic
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献