Formalizing a Hierarchical File System

Authors:
Wim H. Hesselink;M. I. Lali
Affiliations:
Dept. of Computing Science, University of Groningen, P.O.Box 407, 9700 AK Groningen, The Netherlands;Dept. of Computing Science, University of Groningen, P.O.Box 407, 9700 AK Groningen, The Netherlands
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2009

Citing 10
Cited 0

UNIX for the Impatient

UNIX for the Impatient
The verifying compiler: A grand challenge for computing research

Journal of the ACM (JACM)
Logic in Computer Science: Modelling and Reasoning about Systems

Logic in Computer Science: Modelling and Reasoning about Systems
An overview of JML tools and applications

International Journal on Software Tools for Technology Transfer (STTT) - Special section on formal methods for industrial critical systems
Using model checking to find serious file system errors

ACM Transactions on Computer Systems (TOCS)
A mini challenge: build a verifiable filesystem

Formal Aspects of Computing
Modelling and Proof of a Tree-Structured File System in Event-B and Rodin

ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
POSIX file store in Z/Eves: An experiment in the verified software repository

Science of Computer Programming
Model-Checking the Linux Virtual File System

VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Specification of the UNIX Filing System

IEEE Transactions on Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this note, we define an abstract file system as a partial function from (absolute) paths to data. Such a file system determines the set of valid paths. It allows the file system to be read and written at a valid path, and it allows the system to be modified by the Unix operations for removal (rm), making of directories (mkdir), and moving (mv). We present abstract definitions (axioms) for these operations. This specification is refined towards a pointer implementation. To mitigate the problems attached to partial functions, we do this in two steps. First a refinement towards a pointer implementation with total functions, followed by one that allows partial functions. These two refinements are proved correct by means of a number of invariants. Indeed, the insight gained mainly consists of the invariants of the pointer implementation that are needed for the refinement functions. Finally, each of the three specification levels is enriched with a permission system for reading, writing, or executing, and the refinement relations between these permission systems are explored.