Skip to main content
Log in

Verifying compiled file system code

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

This article presents a case study on retrospective verification of the Linux Virtual File System (VFS), which is aimed at checking violations of API usage rules and memory properties. Since VFS maintains dynamic data structures and is written in a mixture of C and inlined assembly, modern software model checkers cannot be applied. Our case study centres around our novel automated software verification tool, the SOCA Verifier, which symbolically executes and analyses compiled code. We describe how this verifier deals with complex features such as memory access, pointer aliasing and computed jumps in the VFS implementation, while reducing manual modelling to a minimum. Our results show that the SOCA Verifier is capable of analysing the complex Linux VFS implementation reliably and efficiently, thereby going beyond traditional testing tools and into niches that current software model checkers do not reach. This testifies to the SOCA Verifier’s suitability as an effective and efficient bug-finding tool during the development of operating system components.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Barry R (2010) FreeRTOS: A portable, open source, mini real time kernel. http://www.freertos.org/

  2. Ball T, Bounimova E, Cook B, Levin V, Lichtenberg J, McGarvey C, Ondrusek B, Rajamani SK, Ustuner A (2006) Thorough static analysis of device drivers. SIGOPS Oper Syst Rev 40(4): 73–85

    Article  Google Scholar 

  3. Bovet D, Cesati M (2005) Understanding the Linux Kernel. O’Reilly, Sebastopol

    Google Scholar 

  4. Butterfield A, Catháin AÓ (2009) Concurrent models of flash memory device behaviour. In: SBMF ’09. LNCS, vol 5902. Springer, Berlin, pp 70–83

  5. Ball T, Majumdar R, Millstein T, Rajamani SK (2001) Automatic predicate abstraction of C programs. SIGPLAN Notices 36(5): 203–213

    Article  Google Scholar 

  6. Ball T, Rajamani SK (2001) Automatically validating temporal safety properties of interfaces. In: SPIN ’01. LNCS, vol 2057. Springer, Berlin, pp 102–122

  7. Balakrishnan G, Reps T (2006) Recency-abstraction for heap-allocated storage. In: SAS ’06. LNCS, vol 4134. Springer, Berlin, pp 221–239

  8. Balakrishnan G, Reps T, Melski D, Teitelbaum T (2008) WYSINWYX: What you see is not what you execute. In: VSTTE ’08. LNCS, vol 4171. Springer, Berlin, pp 202–213

  9. Chaki S, Clarke E, Groce A, Ouaknine J, Strichman O, Yorav K (2004) Efficient verification of sequential and concurrent C programs. FMSD 25(2-3): 129–166

    MATH  Google Scholar 

  10. Cytron R, Ferrante J, Rosen BK, Wegman MN, Zadeck FK (1991) Efficiently computing static single assignment form and the control dependence graph. ACM Trans Program Lang Syst 13(4): 451–490

    Article  Google Scholar 

  11. Cadar C, Ganesh V, Pawlowski PM, Dill DL, Engler DR (2006) EXE: Automatically generating inputs of death. In: CCS ’06. ACM, pp 322–335

  12. Ciardo G, Jones RL, Miner AS, Siminiceanu RI (2006) Logic and stochastic modeling with SMART. Perform Eval 63(6): 578–608

    Article  Google Scholar 

  13. Clarke E, Kroening D, Lerda F (2004) A tool for checking ANSI-C programs. In: TACAS ’04. LNCS, vol 2988. Springer, Berlin, pp 168–176

  14. Corbet J, Rubini A, Kroah-Hartmann G (2005) Linux device drivers, 3rd edn. O’Reilly, Sebastopol

    Google Scholar 

  15. Damchoom K, Butler M (2009) Applying event and machine decomposition to a flash-based filestore in Event-B. In: SBMF ’09. LNCS, vol 5902. Springer, Berlin, pp 134–152

  16. Dutertre B, de Moura L (2006) The Yices SMT solver. Technical Report 01/2006, SRI International, http://yices.csl.sri.com/tool-paper.pdf

  17. D’Silva V, Kroening D, Weissenbacher G (2008) A survey of automated techniques for formal software verification. IEEE Trans Comput-Aided Des Integr Circuits Syst 27(7): 1165–1178

    Article  Google Scholar 

  18. Ferdinand C, Martin F, Cullmann C, Schlickling M, Stein I, Thesing S, Heckmann R (2007) New developments in WCET analysis. In: Program Analysis and Compilation, Theory and Practice. LNCS, vol 4444. Springer, Berlin, pp 12–52

  19. Ferreira MA, Oliveira JN (2009) An integrated formal methods tool-chain and its application to verifying a file system model. In: SBMF ’09. LNCS, vol 5902. Springer, Berlin, pp 153–169

  20. Godefroid P, de Halleux P, Nori AV, Rajamani SK, Schulte W, Tillmann N, Levin MY (2008) Automating software testing using program analysis. IEEE Softw 25(5): 30–37

    Article  Google Scholar 

  21. Godefroid P, Klarlund N, Sen K (2005) DART: Directed automated random testing. In: PLDI ’05. ACM, pp 213–223

  22. Galloway A, Lüttgen G, Mühlberg JT, Siminiceanu R (2009) Model-checking the Linux Virtual File System. In: VMCAI ’09. LNCS, vol 5403. Springer, Berlin, pp 74–88

  23. Gulavani BS, Rajamani SK (2006) Counterexample driven refinement for abstract interpretation. In: TACAS ’06. LNCS, vol 3920. Springer, Berlin, pp 474–488

  24. Henzinger TA, Jhala R, Majumdar R, Necula GC, Sutre G, Weimer W (2002) Temporal-safety proofs for systems code. In: CAV ’02. LNCS, vol. 2402. Springer, Berlin, pp 382–399

  25. Hoare T (2003) The verifying compiler: a grand challenge for computing research. J ACM 50(1): 63–69

    Article  Google Scholar 

  26. Holzmann GJ (2003) The SPIN model checker. Addison-Wesley/Longman, Reading/London

    Google Scholar 

  27. Hynix Semiconductor et al. (2008) Open NAND flash interface specification, revision 2.0. Technical Report, ONFI, http://www.onfi.org

  28. Joshi R, Holzmann GJ (2007) A mini challenge: build a verifiable filesystem. Form Asp Comput 19(2): 269–272

    Article  MATH  Google Scholar 

  29. Jhala R, Majumdar R (2005) Path slicing. SIGPLAN Notices 40(6): 38–47

    Article  Google Scholar 

  30. King JC (1976) Symbolic execution and program testing. Commun ACM 19(7): 385–394

    Article  MATH  Google Scholar 

  31. Kim M, Kim Y (2009) Concolic testing of the multi-sector read operation for flash memory file system. In: SBMF ’09. LNCS, vol 5902, Springer, Berlin, pp 251–265

  32. Leung A, George L (1999) Static single assignment form for machine code. In: PLDI ’99. ACM, pp 204–214

  33. Mühlberg JT, Lüttgen G (2006) BLASTing Linux code. In: FMICS ’06. LNCS, vol 4346. Springer, Berlin, pp 211–226

  34. Mühlberg JT, Lüttgen G (2010) Symbolic object code analysis. Technical Report 85/2010, Faculty of Information Systems and Applied Computer Sciences, The University of Bamberg, Germany

  35. Mühlberg JT (2009) Model Checking Pointer Safety in Compiled Programs. PhD thesis, Department of Computer Science, University of York

  36. Nethercote N, Seward J (2007) Valgrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Notices 42(6): 89–100

    Article  Google Scholar 

  37. Roscoe AW (1994) Model-checking CSP. In: A classical mind: Essays in honour of C. A. R. Hoare. Prentice Hall, Englewood Cliffs, pp 353–378

  38. Sery O (2009) Enhanced property specification and verification in BLAST. In: FASE ’09. LNCS, vol 5503. Springer, Berlin, pp 456–469

  39. Sen K, Marinov D, Agha G (2005) CUTE: a concolic unit testing engine for C. In: ESEC/FSE-13. ACM, pp 263–272

  40. Tool Interface Standard (TIS) Committee (1995) Executable and linking format (ELF) specification version 1.2. Technical Report

  41. Witkowski T, Blanc N, Kroening D, Weissenbacher G (2007) Model checking concurrent Linux device drivers. In: ASE ’07. ACM, pp 501–504

  42. Xie Y, Aiken A (2007) SATURN: a scalable framework for error detection using boolean satisfiability. ACM Trans Program Lang Syst 29(3): 1–43 (article 16)

    Article  Google Scholar 

  43. Yang J, Sar C, Twohey P, Cadar C, Engler DR (2006) Automatically generating malicious disks using symbolic execution. In: Security and Privacy. IEEE, pp 243–257

  44. Yang J, Twohey P, Engler DR, Musuvathi M (2004) Using model checking to find serious file system errors. In: OSDI. USENIX, pp 273–288

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jan Tobias Mühlberg.

Additional information

by Jim Woodcock

An extended abstract of this article has appeared in the proceedings of SBMF 2009: “Formal Methods: Foundations and Applications”, volume 5902 of Lecture Notes in Computer Science, pages 306–320, Springer, 2009.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mühlberg, J.T., Lüttgen, G. Verifying compiled file system code. Form Asp Comp 24, 375–391 (2012). https://doi.org/10.1007/s00165-011-0198-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-011-0198-z

Keywords

Navigation