Verifying a high-performance crash-safe file system using a tree specification

Chen, Haogang; Chajed, Tej; Konradi, Alex; Wang, Stephanie; İleri, Atalay; Chlipala, Adam; Kaashoek, M. Frans; Zeldovich, Nickolai

Author(s)

Chen, Haogang; Chajed, Tej; Konradi, Alex; Wang, Stephanie; İleri, Atalay; ... Show more

DownloadPublished version (1.098Mb)

Terms of use

Creative Commons Attribution 4.0 International license https://creativecommons.org/licenses/by/4.0/

Metadata

Show full item record

Abstract

© 2017 Copyright is held by the owner/author(s). DFSCQ is the first file system that (1) provides a precise specification for fsync and fdatasync, which allow applications to achieve high performance and crash safety, and (2) provides a machine-checked proof that its implementation meets this specification. DFSCQ’s specification captures the behavior of sophisticated optimizations, including log-bypass writes, and DFSCQ’s proof rules out some of the common bugs in file-system implementations despite the complex optimizations. The key challenge in building DFSCQ is to write a specification for the file system and its internal implementation without exposing internal file-system details. DFSCQ introduces a metadata-prefix specification that captures the properties of fsync and fdatasync, which roughly follows the behavior of Linux ext4. This specification uses a notion of tree sequences—logical sequences of file-system tree states—for succinct description of the possible states after a crash and to describe how data writes can be reordered with respect to metadata updates. This helps application developers prove the crash safety of their own applications, avoiding application-level bugs such as forgetting to invoke fsync on both the file and the containing directory. An evaluation shows that DFSCQ achieves 103 MB/s on large file writes to an SSD and durably creates small files at a rate of 1,618 files per second. This is slower than Linux ext4 (which achieves 295 MB/s for large file writes and 4,977 files/s for small file creation) but much faster than two recent verified file systems, Yggdrasil and FSCQ. Evaluation results from application-level benchmarks, including TPC-C on SQLite, mirror these microbenchmarks.

Date issued

2017-10

URI

https://hdl.handle.net/1721.1/137398

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory

Publisher

Association for Computing Machinery (ACM)

Citation

Chen, Haogang, Chajed, Tej, Konradi, Alex, Wang, Stephanie, İleri, Atalay et al. 2017. "Verifying a high-performance crash-safe file system using a tree specification."

Version: Final published version

Collections

MIT Open Access Articles