dc.contributor.author | Chajed, Tej | |
dc.contributor.author | Chen, Haogang | |
dc.contributor.author | Chlipala, Adam | |
dc.contributor.author | Kaashoek, M. Frans | |
dc.contributor.author | Zeldovich, Nickolai | |
dc.contributor.author | Ziegler, Daniel Todd | |
dc.date.accessioned | 2019-10-18T13:28:41Z | |
dc.date.available | 2019-10-18T13:28:41Z | |
dc.date.issued | 2017-04 | |
dc.identifier.issn | 0001-0782 | |
dc.identifier.uri | https://hdl.handle.net/1721.1/122622 | |
dc.description.abstract | FSCQ is the frst fle system with a machine-checkable proof that its implementation meets a specifcation, even in the presence of fail-stop crashes. FSCQ provably avoids bugs that have plagued previous fle systems, such as performing disk writes without suffcient barriers or forgetting to zero out directory blocks. If a crash happens at an inopportune time, these bugs can lead to data loss. FSCQ's theorems prove that, under any sequence of crashes followed by reboots, FSCQ will recover its state correctly without losing data. To state FSCQ's theorems, this paper introduces the Crash Hoare logic (CHL), which extends traditional Hoare logic with a crash condition, a recovery procedure, and logical address spaces for specifying disk states at different abstraction levels. CHL also reduces the proof effort for developers through proof automation. Using CHL, we developed, specifed, and proved the correctness of the FSCQ fle system. Although FSCQ's design is relatively simple, experiments with FSCQ as a user-level fle system show that it is suffcient to run Unix applications with usable performance. FSCQ's specifcations and proofs required signifcantly more work than the implementation, but the work was manageable even for a small team of a few researchers. | en_US |
dc.description.sponsorship | National Science Foundation (U.S.) (Award CNS-1053143) | en_US |
dc.description.sponsorship | National Science Foundation (U.S.) (Award CCF-1253229) | en_US |
dc.language.iso | en | |
dc.publisher | Association for Computing Machinery (ACM) | en_US |
dc.relation.isversionof | http://dx.doi.org/10.1145/3051092 | en_US |
dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
dc.source | Prof. Chlipala via Phoebe Ayers | en_US |
dc.title | Certifying a file system using crash hoare logic | en_US |
dc.title.alternative | correctness in the presence of crashes | en_US |
dc.type | Article | en_US |
dc.identifier.citation | Chajed, Tej et al. "Certifying a file system using crash hoare logic: correctness in the presence of crashes." Communications of the ACM 60, 4 (April 2017): 75-84 © 2017 The Authors | en_US |
dc.contributor.department | Massachusetts Institute of Technology. Laboratory for Computer Science | en_US |
dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | en_US |
dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
dc.relation.journal | Communications of the ACM | en_US |
dc.eprint.version | Author's final manuscript | en_US |
dc.type.uri | http://purl.org/eprint/type/JournalArticle | en_US |
eprint.status | http://purl.org/eprint/status/PeerReviewed | en_US |
dc.date.updated | 2019-10-04T16:17:23Z | |
dspace.date.submission | 2019-10-04T16:17:24Z | |
mit.journal.volume | 60 | en_US |
mit.journal.issue | 4 | en_US |