Abstract
We introduce a program logic for specifying a core sequential subset of the POSIX file system and for reasoning abstractly about client programs working with the file system. The challenge is to reason about the combination of local directory update and global pathname traversal (including '..' and symbolic links) which may overlap the directories being updated. Existing reasoning techniques are either based on first-order logic and do not scale, or on separation logic and can only handle linear pathnames (no '..' or symbolic links). We introduce fusion logic for reasoning about local update and global pathname traversal, introducing a novel effect frame rule to propagate the effect of a local update on overlapping pathnames. We apply our reasoning to the standard recursive remove utility (rm -r), discovering bugs in well-known implementations.
- POSIX.1-2008, IEEE 1003.1-2008, The Open Group Base Specifications Issue 7. URL http://pubs.opengroup. org/onlinepubs/9699919799/.Google Scholar
- K. Arkoudas, K. Zee, V. Kuncak, and M. Rinard. Verifying a File System Implementation. In LNCS: Formal Methods and Software Engineering. Springer Berlin Heidelberg, 2004.Google Scholar
Cross Ref
- N. Biri and D. Galmiche. Models and separation logics for resource trees. Journal of Logic and Computation, 17(4):687– 726, 2007. Google Scholar
Digital Library
- R. Bornat, C. Calcagno, P. O’Hearn, and M. Parkinson. Permission Accounting in Separation Logic. In Proceedings of the 32Nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL, 2005. Google Scholar
Digital Library
- R. Bornat, C. Calcagno, and H. Yang. Variables as Resource in Separation Logic. Electronic Notes in Theoretical Computer Science, 155:247–276, 2006. Google Scholar
Digital Library
- J. Boyland. Checking Interference with Fractional Permissions. In Static Analysis, Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2003. Google Scholar
Digital Library
- C. Calcagno, P. Gardner, and U. Zarfaty. Context Logic and Tree Update. In Proceedings of the 32Nd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL, 2005. Google Scholar
Digital Library
- L. Cardelli and A. D. Gordon. Ambient logic. Mathematical Structures in Computer Science, 2003.Google Scholar
- P. da Rocha Pinto, T. Dinsdale-Young, M. Dodds, P. Gardner, and M. Wheelhouse. A Simple Abstraction for Complex Concurrent Indexes. In Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA, 2011. Google Scholar
Digital Library
- T. Dinsdale-Young, M. Dodds, P. Gardner, M. Parkinson, and V. Vafeiadis. Concurrent Abstract Predicates. In ECOOP. Springer Berlin Heidelberg, 2010. Google Scholar
Digital Library
- T. Dinsdale-Young, L. Birkedal, P. Gardner, M. Parkinson, and H. Yang. Views: Compositional Reasoning for Concurrent Programs. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL, 2013. Google Scholar
Digital Library
- M. Dodds, X. Feng, M. Parkinson, and V. Vafeiadis. Deny-Guarantee Reasoning. In Proceedings of the 18th European Symposium on Programming Languages and Systems: Held As Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, ESOP, 2009. Google Scholar
Digital Library
- G. Ernst, G. Schellhorn, D. Haneberg, J. Pfähler, and W. Reif. Verification of a Virtual Filesystem Switch. In Verified Software: Theories, Tools, Experiments, Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2014.Google Scholar
Digital Library
- K. Fisher, N. Foster, D. Walker, and K. Q. Zhu. Forest: A Language and Toolkit for Programming with Filestores. In Proceedings of the 16th ACM SIGPLAN International Conference on Functional Programming, ICFP, 2011. Google Scholar
Digital Library
- L. Freitas, Z. Fu, and J. Woodcock. POSIX File Store in Z/Eves: An Experiment in the Verified Software Repository. Engineering of Complex Computer Systems, IEEE International Conference, 2007. Google Scholar
Digital Library
- L. Freitas, J. Woodcock, and A. Butterfield. POSIX and the Verification Grand Challenge: A Roadmap. 2014 19th International Conference on Engineering of Complex Computer Systems, 0:153–162, 2008. Google Scholar
Digital Library
- P. Gardner, S. Maffeis, and G. D. Smith. Towards a Program Logic for JavaScript. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL, 2012. Google Scholar
Digital Library
- P. Gardner, G. Ntzik, and A. Wright. Local Reasoning for the POSIX File System. In Programming Languages and Systems, Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2014.Google Scholar
Digital Library
- W. H. Hesselink and M. Lali. Formalizing a Hierarchical File System. REFINE, 2009. Google Scholar
Digital Library
- A. Hobor and J. Villard. The Ramifications of Sharing in Data Structures. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL, 2013. Google Scholar
Digital Library
- R. Joshi and G. J. Holzmann. A Mini Challenge: Build a Verifiable Filesystem. Formal Aspects of Computing, 19(2): 269–272, 2007. Google Scholar
Cross Ref
- C. Morgan and B. Sufrin. Specification of the UNIX Filing System. Software Engineering, IEEE Transactions on, 1984. Google Scholar
Digital Library
- G. Ntzik and P. Gardner. Reasoning about the POSIX File System: Local Update and Global Pathnames. Technical report, Imperial College London, 2015. URL http://hdl. handle.net/10044/1/25816.Google Scholar
- J. C. Reynolds. Separation Logic: A Logic for Shared Mutable Data Structures. In Logic in Computer Science, 2002. Proceedings. 17th Annual IEEE Symposium on, 2002. Google Scholar
Digital Library
Index Terms
Reasoning about the POSIX file system: local update and global pathnames
Recommendations
Reasoning about the POSIX file system: local update and global pathnames
OOPSLA 2015: Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsWe introduce a program logic for specifying a core sequential subset of the POSIX file system and for reasoning abstractly about client programs working with the file system. The challenge is to reason about the combination of local directory update ...
Local Reasoning for the POSIX File System
Proceedings of the 23rd European Symposium on Programming Languages and Systems - Volume 8410We provide a program logic for specifying a core subset of the sequential POSIX file system, and for reasoning abstractly about client programs working with the file system.
A multiple-file write scheme for improving write performance of small files in Fast File System
Fast File System (FFS) stores files to disk in separate disk writes, each of which incurs a disk positioning (seek + rotation) limiting the write performance for small files. We propose a new scheme called co-writing to accelerate small file writes in ...






Comments