Certifying a file system using crash hoare logic-Reference-Cited by-同舟云学术

Certifying a file system using crash hoare logic

Published:2017-03-24 Issue:4 Volume:60 Page:75-84
ISSN:0001-0782
Container-title:Communications of the ACM
language:en
Short-container-title:Commun. ACM

Author:

Chajed Tej¹,Chen Haogang¹,Chlipala Adam¹,Kaashoek M. Frans¹,Zeldovich Nickolai¹,Ziegler Daniel¹

Affiliation:

1. MIT CSAIL, Cambridge, MA

Abstract

FSCQ is the first file system with a machine-checkable proof that its implementation meets a specification, even in the presence of fail-stop crashes. FSCQ provably avoids bugs that have plagued previous file systems, such as performing disk writes without sufficient barriers or forgetting to zero out directory blocks. If a crash happens at an inopportune time, these bugs can lead to data loss. FSCQ's theorems prove that, under any sequence of crashes followed by reboots, FSCQ will recover its state correctly without losing data. To state FSCQ's theorems, this paper introduces the Crash Hoare logic (CHL), which extends traditional Hoare logic with a crash condition, a recovery procedure, and logical address spaces for specifying disk states at different abstraction levels. CHL also reduces the proof effort for developers through proof automation. Using CHL, we developed, specified, and proved the correctness of the FSCQ file system. Although FSCQ's design is relatively simple, experiments with FSCQ as a user-level file system show that it is sufficient to run Unix applications with usable performance. FSCQ's specifications and proofs required significantly more work than the implementation, but the work was manageable even for a small team of a few researchers.

Funder

NSF

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3051092

Reference39 articles.

1. Cogent

2. Bobbio J. et al. Haskell bindings for the FUSE library 2014. https://github.com/m15k/hfuse. Bobbio J. et al. Haskell bindings for the FUSE library 2014. https://github.com/m15k/hfuse.

3. Using Crash Hoare logic for certifying the FSCQ file system

4. Chinner D. xfs: Fix double free in xlog_recover_commit_trans Sept. 2014. http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=88b863db97a18a04c90ebd57d84e1b7863114dcb. Chinner D. xfs: Fix double free in xlog_recover_commit_trans Sept. 2014. http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=88b863db97a18a04c90ebd57d84e1b7863114dcb.

5. Chinner D. xfs: xfs_dir_fsync() returns positive errno May 2014. https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=43ec1460a2189fbee87980dd3d3e64cba2f11e1f. Chinner D. xfs: xfs_dir_fsync() returns positive errno May 2014. https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=43ec1460a2189fbee87980dd3d3e64cba2f11e1f.

Cited by 9 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Proving and Disproving Equivalence of Functional Programming Assignments;Proceedings of the ACM on Programming Languages;2023-06-06

2. WaVe: a verifiably secure WebAssembly sandboxing runtime;2023 IEEE Symposium on Security and Privacy (SP);2023-05

3. From Verified Scala to STIX File System Embedded Code Using Stainless;Lecture Notes in Computer Science;2022

4. Rearchitecting in-memory object stores for low latency;Proceedings of the VLDB Endowment;2021-11

5. Towards Sophisticated Air Traffic Control System Using Formal Methods;Modelling and Simulation in Engineering;2018-09-10