UNIX for the Impatient
The verifying compiler: A grand challenge for computing research
Journal of the ACM (JACM)
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
An overview of JML tools and applications
International Journal on Software Tools for Technology Transfer (STTT) - Special section on formal methods for industrial critical systems
Using model checking to find serious file system errors
ACM Transactions on Computer Systems (TOCS)
A mini challenge: build a verifiable filesystem
Formal Aspects of Computing
Modelling and Proof of a Tree-Structured File System in Event-B and Rodin
ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
POSIX file store in Z/Eves: An experiment in the verified software repository
Science of Computer Programming
Model-Checking the Linux Virtual File System
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Specification of the UNIX Filing System
IEEE Transactions on Software Engineering
Hi-index | 0.00 |
In this note, we define an abstract file system as a partial function from (absolute) paths to data. Such a file system determines the set of valid paths. It allows the file system to be read and written at a valid path, and it allows the system to be modified by the Unix operations for removal (rm), making of directories (mkdir), and moving (mv). We present abstract definitions (axioms) for these operations. This specification is refined towards a pointer implementation. To mitigate the problems attached to partial functions, we do this in two steps. First a refinement towards a pointer implementation with total functions, followed by one that allows partial functions. These two refinements are proved correct by means of a number of invariants. Indeed, the insight gained mainly consists of the invariants of the pointer implementation that are needed for the refinement functions. Finally, each of the three specification levels is enriched with a permission system for reading, writing, or executing, and the refinement relations between these permission systems are explored.