Simple garbage-collector-safety
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Type-based race detection for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Protocol Verification as a Hardware Design Aid
ICCD '92 Proceedings of the 1991 IEEE International Conference on Computer Design on VLSI in Computer & Processors
Redo Recovery after System Crashes
VLDB '95 Proceedings of the 21th International Conference on Very Large Data Bases
ACSD '01 Proceedings of the Second International Conference on Application of Concurrency to System Design
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
CMC: a pragmatic approach to model checking real code
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Memory resource management in VMware ESX server
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Semantically-Smart Disk Systems
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Proceedings of the twentieth ACM symposium on Operating systems principles
Model checking large network protocol implementations
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Model checking concurrent linux device drivers
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Mechanising a formal model of flash memory
Science of Computer Programming
Transparent checkpoints of closed distributed systems in Emulab
Proceedings of the 4th ACM European conference on Computer systems
Error propagation analysis for file systems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
CrystalBall: predicting and preventing inconsistencies in deployed distributed systems
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Writing an OS Kernel in a Strictly and Statically Typed Language
Formal to Practical Security
Formalizing a Hierarchical File System
Electronic Notes in Theoretical Computer Science (ENTCS)
RAFFS: Model Checking a Robust Abstract Flash File Store
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Predicting and preventing inconsistencies in deployed distributed systems
ACM Transactions on Computer Systems (TOCS)
Integrated static analysis for Linux device driver verification
IFM'07 Proceedings of the 6th international conference on Integrated formal methods
Lightweight, high-resolution monitoring for troubleshooting production systems
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Finding and reproducing Heisenbugs in concurrent programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Language-based verification will change the world
Proceedings of the FSE/SDP workshop on Future of software engineering research
Abstract specification and formalization of an operating system kernel in Z
ACM SIGOPS Operating Systems Review
WiDS checker: combating bugs in distributed systems
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
jVPFS: adding robustness to a secure stacked file system with untrusted local storage components
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Using declarative invariants for protecting file-system integrity
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
Automated information flow analysis of virtualized infrastructures
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Bootstrapping energy debugging on smartphones: a first look at energy bugs in mobile devices
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Block storage virtualization with commodity secure digital cards
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Scalable testing of file system checkers
Proceedings of the 7th ACM european conference on Computer Systems
Recon: verifying file system consistency at runtime
FAST'12 Proceedings of the 10th USENIX conference on File and Storage Technologies
Recon: Verifying file system consistency at runtime
ACM Transactions on Storage (TOS)
Be conservative: enhancing failure diagnosis with proactive logging
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Predicting aging-related bugs using software complexity metrics
Performance Evaluation
Security Verification of Hardware-enabled Attestation Protocols
MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops
File systems deserve verification too!
Proceedings of the Seventh Workshop on Programming Languages and Operating Systems
Checking the integrity of transactional mechanisms
FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies
| Hi-index | 0.00 |
This article shows how to use model checking to find serious errors in file systems. Model checking is a formal verification technique tuned for finding corner-case errors by comprehensively exploring the state spaces defined by a system. File systems have two dynamics that make them attractive for such an approach. First, their errors are some of the most serious, since they can destroy persistent data and lead to unrecoverable corruption. Second, traditional testing needs an impractical, exponential number of test cases to check that the system will recover if it crashes at any point during execution. Model checking employs a variety of state-reducing techniques that allow it to explore such vast state spaces efficiently.We built a system, FiSC, for model checking file systems. We applied it to four widely-used, heavily-tested file systems: ext3, JFS, ReiserFS and XFS. We found serious bugs in all of them, 33 in total. Most have led to patches within a day of diagnosis. For each file system, FiSC found demonstrable events leading to the unrecoverable destruction of metadata and entire directories, including the file system root directory “/”.