Certifying a file system using crash hoare logic

Author(s)
Chajed, TejChen, HaogangChlipala, AdamKaashoek, M. FransZeldovich, Nickolai; ... Show more
Thumbnail
DownloadAccepted version (224.3Kb)
Alternative title
correctness in the presence of crashes
Terms of use
Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/
Metadata
Show full item record
Abstract
FSCQ is the frst fle system with a machine-checkable proof that its implementation meets a specifcation, even in the presence of fail-stop crashes. FSCQ provably avoids bugs that have plagued previous fle systems, such as performing disk writes without suffcient barriers or forgetting to zero out directory blocks. If a crash happens at an inopportune time, these bugs can lead to data loss. FSCQ's theorems prove that, under any sequence of crashes followed by reboots, FSCQ will recover its state correctly without losing data. To state FSCQ's theorems, this paper introduces the Crash Hoare logic (CHL), which extends traditional Hoare logic with a crash condition, a recovery procedure, and logical address spaces for specifying disk states at different abstraction levels. CHL also reduces the proof effort for developers through proof automation. Using CHL, we developed, specifed, and proved the correctness of the FSCQ fle system. Although FSCQ's design is relatively simple, experiments with FSCQ as a user-level fle system show that it is suffcient to run Unix applications with usable performance. FSCQ's specifcations and proofs required signifcantly more work than the implementation, but the work was manageable even for a small team of a few researchers.
Date issued
2017-04
URI
https://hdl.handle.net/1721.1/122622
Department
Massachusetts Institute of Technology. Laboratory for Computer ScienceMassachusetts Institute of Technology. Computer Science and Artificial Intelligence LaboratoryMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Journal
Communications of the ACM
Publisher
Association for Computing Machinery (ACM)
Citation
Chajed, Tej et al. "Certifying a file system using crash hoare logic: correctness in the presence of crashes." Communications of the ACM 60, 4 (April 2017): 75-84 © 2017 The Authors
Version: Author's final manuscript
ISSN
0001-0782
Collections