Abstract
An abstract file system is defined here as a partial function from (absolute) paths to data. Such a file system determines the set of valid paths. It allows the file system to be read and written at a valid path, and it allows the system to be modified by the Unix operations for creation, removal, and moving of files and directories. We present abstract definitions (axioms) for these operations. This specification is refined towards a pointer implementation. The challenge is to have a natural abstraction function from the implementation to the specification, to define operations on the concrete store that behave exactly in the same way as the corresponding functions on the abstract store, and to prove these facts. To mitigate the problems attached to partial functions, we do this in two steps: first a refinement towards a pointer implementation with total functions, followed by one that allows partial functions. These two refinements are proved correct by means of a number of invariants. Indeed, the insights gained consist, on the one hand, of the invariants of the pointer implementation that are needed for the refinement functions, and on the other hand of the precise enabling conditions of the operations on the different levels of abstraction. Each of the three specification levels is enriched with a permission system for reading, writing, or executing, and the refinement relations between these permission systems are explored. Files and directories are distinguished from the outset, but this rarely affects our part of the specifications. All results have been verified with the proof assistant PVS, in particular, that the invariants are preserved by the operations, and that, where the invariants hold, the operations commute with the refinement functions.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Abrahams PW, Larson BR (1996) Unix for the impatient. Addison-Wesley, Reading
Arkoudas K, Zee K, Kuncak V, Rinard M (2004) Verifying a file system implementation. In: Sixth international conference on formal engineering methods (ICFEM04). LNCS, vol 3308, pp 8–12
Burdy L, Cheon Y, Cok DR, Ernst MD, Kiniry JR, Leino GTKRM, Poll E (2003) An overview of jml tools and applications. Int J Softw Tools Technol Transf 7(3): 73–89
Butterfield A, Freitas L, Woodcock J (2009) Mechanising a formal model of flash memory. Sci Comput Programm 74: 219–237
Bidoit M, Gaudel M-C, Mauboussin A (1987) How to make algebraic specifications more understandable? In: Wirsing M, Bergstra JA (eds) Algebraic methods: theory, tools and applications. Lect. Notes in Computer Science, vol 394. pp 31–69
Damchoom K, Butler MJ, Abrial J-R (2008) Modelling and proof of a tree-structured file system in Event-B and Rodin. In: ICFEM, pp 25–44
Fu Z (2006) A refinement of the UNIX filing system using Z/Eves. Master’s thesis, University of York, October 2006
Freitas L, Woodcock J, Butterfield A (2008) POSIX and the verification grand challenge: A roadmap. In: ICECCS ’08: proceedings of the 13th IEEE international conference on engineering of complex computer systems. IEEE Computer Society, Washington, DC, pp 153–162
Freitas L, Woodcock J, Fu Z (2009) POSIX file store in Z/Eves: an experiment in the verified software repository. Sci Comput Program 74(4): 238–257
Geambasu R, Birrell A, MacCormick J (2008) Experiences with formal specification of fault-tolerant file systems. In: IEEE international conference on dependable systems and networks with FTCS and DCC, pp 96–101, June 2008
Galloway A, Luttgen G, Muhlberg JT, Siminiceanu R (2009) Model-checking the Linux virtual file system. In: VMCAI, pp 74–88
Hesselink WH, Lali MI (2009) Formalizing a hierarchical file system. Electron Notes Theor Comput Sci 59: 67–85
Hesselink WH, Lali MI (2009) PVS proof script of “file system formalization”. http://www.cs.rug.nl/~wim/mechver/fs/index.html
Hoare CAR (2003) The verifying compiler: A grand challenge for computing research. J ACM 50: 63–69
Huth M, Ryan M (2004) Logic in Computer Science: Modelling and reasoning about systems, 2nd ed. Cambridge University Press, London
Hughes J (1989) Specifying a visual file system in Z. Technical report. Department of Computing Science, University of Glasgow, 3 p
Joshi R, Holzmann GJ (2007) A Mini Challenge: build a verifiable filesystem. Formal Aspects Comput 19: 4
Kang E, Jackson D (2008) Formal modeling and analysis of a flash filesystem in alloy. In: ABZ ’08: proceedings of the 1st international conference on abstract state machines, B and Z. Springer, Berlin, pp 294–308
Lamport L (1993) How to write a proof. Am Math Mon 102: 600–608
Lutz R (1993) Analyzing software requirements errors in safety-critical embedded systems. In: IEEE international symposium on requirements engineering. CA, pp 126–133, January 1993
Morgan C, Sufrin B (1984) Specification of the UNIX filing system. IEEE Trans Softw Eng SE-10: 128–142
Owre S, Shankar N, Rushby JM, Stringer-Calvert DWJ (2001) PVS version 2.4. System Guide, Prover Guide, PVS Language Reference. http://pvs.csl.sri.com
Pecheur C (1999) Advanced modelling and verification techniques applied to a cluster file system. In: Proceedings of the 14th IEEE international conference on automated software engineering. IEEE Computer Society, Washington, DC, USA, pp 119–126
Schierl A, Schellhorn G, Haneberg D, Reif W (2009) Abstract specification of the UBIFS file system for flash memory. In: Cavalcanti A, Dams D (eds) FM. Lecture notes in computer science, vol 5850. Springer, Berlin, pp 190–206
Taverne P, Pronk C (2009) RAFFS: Model checking a robust abstract flash file store. In: Breitman K, Cavalcanti A (eds) Formal methods and software engineering. 11th international conference on formal engineering methods. LNCS, vol 5885. ICFEM 2009, Springer, Berlin, pp 226–245, December 2009
Woodcock J, Banach R (2007) The verification grand challenge. Comput Soc India Commun 661–668
Wenzel M (2001) Some aspects of Unix file-system security. Isabelle/Isar proof document. T.U. Munchen
Yang J, Twohey P, Engler D, Musuvathi M (2006) Using model checking to find serious file system errors. ACM Trans Comput Syst 24(4): 393–423
Open Access
This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
Author information
Authors and Affiliations
Corresponding author
Additional information
Eerke Boiten, John Derrick, Dong Jin Song and Steve Reeves
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Hesselink, W.H., Lali, M.I. Formalizing a hierarchical file system. Form Asp Comp 24, 27–44 (2012). https://doi.org/10.1007/s00165-010-0171-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-010-0171-2