Simple garbage-collector-safety
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Type-based race detection for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Protocol Verification as a Hardware Design Aid
ICCD '92 Proceedings of the 1991 IEEE International Conference on Computer Design on VLSI in Computer & Processors
ACSD '01 Proceedings of the Second International Conference on Application of Concurrency to System Design
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
CMC: a pragmatic approach to model checking real code
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Memory resource management in VMware ESX server
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
Semantically-Smart Disk Systems
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Model checking large network protocol implementations
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Random testing of C calling conventions
Proceedings of the sixth international symposium on Automated analysis-driven debugging
Proceedings of the twentieth ACM symposium on Operating systems principles
Dealing with I/O Devices in the Context of Pervasive System Verification
ICCD '05 Proceedings of the 2005 International Conference on Computer Design
Application of automated environment generation to commercial software
Proceedings of the 2006 international symposium on Software testing and analysis
Limiting trust in the storage stack
Proceedings of the second ACM workshop on Storage security and survivability
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Automatic data environment construction for static device drivers analysis
Proceedings of the 2006 conference on Specification and verification of component-based systems
Controlling factors in evaluating path-sensitive error detection techniques
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Solving the starting problem: device drivers as self-describing artifacts
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Analysis and evolution of journaling file systems
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Parallel Randomized State-Space Search
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Randomized Differential Testing as a Prelude to Formal Verification
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Static specification inference using predicate mining
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Practical memory leak detection using guarded value-flow analysis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Discrete control for safe execution of IT automation workflows
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
McErlang: a model checker for a distributed functional programming language
ICFP '07 Proceedings of the 12th ACM SIGPLAN international conference on Functional programming
Zyzzyva: speculative byzantine fault tolerance
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Generalized file system dependencies
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
EXPLODE: a lightweight, general system for finding serious storage system errors
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Test automation for kernel code and disk arrays with virtual devices
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
DMTracker: finding bugs in large-scale parallel programs by detecting anomaly in data movements
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
Sprockets: safe extensions for distributed file systems
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
SafeStore: a durable and practical storage system
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Parity lost and parity regained
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
EIO: error handling is occasionally correct
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
D3S: debugging deployed distributed systems
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
A Mini Challenge: Build a Verifiable Filesystem
Verified Software: Theories, Tools, Experiments
Implications of a Data Structure Consistency Checking System
Verified Software: Theories, Tools, Experiments
Formal Modeling and Analysis of a Flash Filesystem in Alloy
ABZ '08 Proceedings of the 1st international conference on Abstract State Machines, B and Z
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
Model-Checking the Linux Virtual File System
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
LADIS '08 Proceedings of the 2nd Workshop on Large-Scale Distributed Systems and Middleware
MODIST: transparent model checking of unmodified distributed systems
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
ACM Computing Surveys (CSUR)
Recent improvements to the McErlang model checker
Proceedings of the 8th ACM SIGPLAN workshop on ERLANG
Model-based Kernel Testing for Concurrency Bugs through Counter Example Replay
Electronic Notes in Theoretical Computer Science (ENTCS)
Unit Testing of Flash Memory Device Driver through a SAT-Based Model Checker
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Error Detection in Concurrent Java Programs
Electronic Notes in Theoretical Computer Science (ENTCS)
SherLog: error diagnosis by connecting clues from run-time logs
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Why panic()?: improving reliability with restartable file systems
ACM SIGOPS Operating Systems Review
DARC: design and evaluation of an I/O controller for data protection
Proceedings of the 3rd Annual Haifa Experimental Systems Conference
Membrane: Operating system support for restartable file systems
ACM Transactions on Storage (TOS)
Membrane: operating system support for restartable file systems
FAST'10 Proceedings of the 8th USENIX conference on File and storage technologies
SQCK: a declarative file system checker
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Tolerating file-system mistakes with EnvyFS
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
FlowChecker: Detecting Bugs in MPI Libraries via Message Flow Checking
Proceedings of the 2010 ACM/IEEE International Conference for High Performance Computing, Networking, Storage and Analysis
ACM SIGOPS Operating Systems Review
Analyzing and improving Linux kernel memory protection: a model checking approach
Proceedings of the 26th Annual Computer Security Applications Conference
Making the common case the only case with anticipatory memory allocation
FAST'11 Proceedings of the 9th USENIX conference on File and stroage technologies
Life, death, and the critical transition: finding liveness bugs in systems code
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
High coverage testing of Haskell programs
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Practical software model checking via dynamic interface reduction
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
PREFAIL: a programmable tool for multiple-failure injection
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Towards reliable storage systems
Towards reliable storage systems
Making the common case the only case with anticipatory memory allocation
ACM Transactions on Storage (TOS)
Optimized execution of deterministic blocks in java pathfinder
ICFEM'06 Proceedings of the 8th international conference on Formal Methods and Software Engineering
Benchmarking and testing OSD for correctness and compliance
HVC'05 Proceedings of the First Haifa international conference on Hardware and Software Verification and Testing
FAST'12 Proceedings of the 10th USENIX conference on File and Storage Technologies
make test-zesti: a symbolic execution solution for improving regression testing
Proceedings of the 34th International Conference on Software Engineering
Verifying systems rules using rule-directed symbolic execution
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Parrot: a practical runtime for deterministic, stable, and reliable threads
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Troubleshooting interactive complexity bugs in wireless sensor networks using data mining techniques
ACM Transactions on Sensor Networks (TOSN)
Fault isolation and quick recovery in isolation file systems
HotStorage'13 Proceedings of the 5th USENIX conference on Hot Topics in Storage and File Systems
Ffsck: The Fast File-System Checker
ACM Transactions on Storage (TOS)
A Study of Linux File System Evolution
ACM Transactions on Storage (TOS)
Ffsck: the fast file system checker
FAST'13 Proceedings of the 11th USENIX conference on File and Storage Technologies
A study of Linux file system evolution
FAST'13 Proceedings of the 11th USENIX conference on File and Storage Technologies
| Hi-index | 0.00 |
This paper shows how to use model checking to find serious errors in file systems. Model checking is a formal verification technique tuned for finding corner-case errors by comprehensively exploring the state spaces defined by a system. File systems have two dynamics that make them attractive for such an approach. First, their errors are some of the most serious, since they can destroy persistent data and lead to unrecoverable corruption. Second, traditional testing needs an impractical, exponential number of test cases to check that the system will recover if it crashes at any point during execution. Model checking employs a variety of state-reducing techniques that allow it to explore such vast state spaces efficiently. We built a system, FiSC, for model checking file systems. We applied it to three widely-used, heavily-tested file systems: ext3 [13], JFS [21], and ReiserFS [27]. We found serious bugs in all of them, 32 in total. Most have led to patches within a day of diagnosis. For each file system, FiSC found demonstrable events leading to the unrecoverable destruction of metadata and entire directories, including the file system root directory "/".