A Verified POSIX-Compliant Flash File System - Modular Verification Technology & Crash Tolerance

  • In the Flashix project, a file system for flash memory has been developed. It is proven functionally correct and tolerates system crashes such as abrupt power cuts at any point in time during its execution. The development approach is based in incremental and modular refinement. This dissertaion reports on the verification approach, the practical development, and the results. The first contribution is a refinement theory with strong guarantees for compositionality built in. It is based on the observations that can be made of a sequential interface of subcomponents that have an encapsulated state. In order to be able to study the effect of power cuts, which may hit the system in any intermediate state of its execution, the foundations are a fine grained, trace-based semantics that exposes such steps. The integration of subcomponents with their context is done via operation calls with explicit input and output parameters. At such calls, the steps of the program defining the operationIn the Flashix project, a file system for flash memory has been developed. It is proven functionally correct and tolerates system crashes such as abrupt power cuts at any point in time during its execution. The development approach is based in incremental and modular refinement. This dissertaion reports on the verification approach, the practical development, and the results. The first contribution is a refinement theory with strong guarantees for compositionality built in. It is based on the observations that can be made of a sequential interface of subcomponents that have an encapsulated state. In order to be able to study the effect of power cuts, which may hit the system in any intermediate state of its execution, the foundations are a fine grained, trace-based semantics that exposes such steps. The integration of subcomponents with their context is done via operation calls with explicit input and output parameters. At such calls, the steps of the program defining the operation are collapsed into an atomic view, which provides the lever for a substitution theorem for submachine refinement. The second contribution is an extension of the theory that permits to specify and verify the effect of system crashes and their subsequent recovery. This extension is fully compatible with the incremental and modular approach used for the functional verification. Furthermore, two different views of the atomicity of operations are considered, namely a white box semantics that is adequate for implementation level components, and a black box semantics that is adequate for specification level components. Several proof methods for compositional refinement in the presence of crashes are derived. A reduction theorem permits to gradually switch to the much simpler black box view. The third contribution consists of formal models of concepts for flash file system that capture the implementation challenges at a high degree of abstraction, while at the same time these models do not introduce unrealistic conceptual simplifications. Specifically, a formal model of the POSIX standard for file systems is presented. Exploiting the modular theory for refinement under crashes, a verified implementation is described that separates generic aspects from the flash specific details. The models in the refinement hierarchy comprise a coherent working system, from which code is generated that can run on real flash hardware.show moreshow less

Download full text files

Export metadata

Statistics

Number of document requests

Additional Services

Share in Twitter Search Google Scholar
Metadaten
Author:Gidon Ernst
URN:urn:nbn:de:bvb:384-opus4-38873
Frontdoor URLhttps://opus.bibliothek.uni-augsburg.de/opus4/3887
Advisor:Wolfgang Reif
Type:Doctoral Thesis
Language:English
Publishing Institution:Universität Augsburg
Granting Institution:Universität Augsburg, Fakultät für Angewandte Informatik
Date of final exam:2016/11/28
Release Date:2017/01/13
Tag:formal methods; flash file system; modular verification; crash tolerance; refinement
GND-Keyword:Flash-Speicher; Dateisystem; Systemzusammenbruch; Stromausfall; Formale Spezifikationstechnik; Verifikation; Schrittweise Verfeinerung
Institutes:Fakultät für Angewandte Informatik
Fakultät für Angewandte Informatik / Institut für Software & Systems Engineering
Dewey Decimal Classification:0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 004 Datenverarbeitung; Informatik
Licence (German):Deutsches Urheberrecht mit Print on Demand