Fault-Tolerant Resource Reasoning

  • Gian Ntzik
  • Pedro da Rocha Pinto
  • Philippa Gardner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9458)


Separation logic has been successful at verifying that programs do not crash due to illegal use of resources. The underlying assumption, however, is that machines do not fail. In practice, machines can fail unpredictably for various reasons, e.g. power loss, corrupting resources. Critical software, e.g. file systems, employ recovery methods to mitigate these effects. We introduce an extension of the Views framework to reason about such methods. We use concurrent separation logic as an instance of the framework to illustrate our reasoning, and explore programs using write-ahead logging, e.g. an ARIES recovery algorithm.



We thank Thomas Dinsdale-Young for discussions and useful feedback. This research was supported by EPSRC Programme Grants EP/H008373/1 and EP/K008528/1. Supplementary material and proofs are available in the technical report [10].


  1. 1.
    Bonwick, J., Ahrens, M., Henson, V., Maybee, M., Shellenbaum, M.: The zettabyte file system. In: Proceedings of the 2nd Usenix Conference on File and Storage Technologies (2003)Google Scholar
  2. 2.
    Chen, H., Ziegler, D., Chlipala, A., Kaashoek, M.F., Kohler, E., Zeldovich, N.: Using crash hoare logic for certifying the FSCQ file system. In: SOSP (2015)Google Scholar
  3. 3.
    Dinsdale-Young, T., Birkedal, L., Gardner, P., Parkinson, M., Yang, H.: Views: compositional reasoning for concurrent programs. In: POPL, pp. 287–300 (2013)Google Scholar
  4. 4.
    Dinsdale-Young, T., Dodds, M., Gardner, P., Parkinson, M.J., Vafeiadis, V.: Concurrent abstract predicates. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 504–528. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  5. 5.
    Gardner, P., Ntzik, G., Wright, A.: Local reasoning for the POSIX file system. In: Shao, Z. (ed.) ESOP 2014 (ETAPS). LNCS, vol. 8410, pp. 169–188. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  6. 6.
    Kropp, N., Koopman, P., Siewiorek, D.: Automated robustness testing of off-the-shelf software components. In: 1998 Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing. Digest of Papers, pp. 230–239 (1998)Google Scholar
  7. 7.
    Meola, M.L., Walker, D.: Faulty logic: reasoning about fault tolerant programs. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 468–487. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  8. 8.
    Mohan, C., Haderle, D., Lindsay, B., Pirahesh, H., Schwarz, P.: ARIES: a transaction recovery method supporting fine-granularity locking and partial rollbacks using write-ahead logging. ACM Trans. Database Syst. 17, 94–162 (1992)CrossRefGoogle Scholar
  9. 9.
    Ntzik, G., Gardner, P.: Reasoning about the POSIX File System: Local Update and Global Pathnames. In: OOPLSA (2015)Google Scholar
  10. 10.
    Ntzik, G., da Rocha Pinto, P., Gardner, P.: Fault-tolerant Resource Reasoning. Technical report, Imperial College London (2015)Google Scholar
  11. 11.
    O’Hearn, P.W.: Resources, concurrency, and local reasoning. Theor. Comput. Sci. 375(1–3), 271–307 (2007)CrossRefMathSciNetzbMATHGoogle Scholar
  12. 12.
    Parkinson, M., Bierman, G.: Separation logic and abstraction. In: POPL, pp. 247–258 (2005)Google Scholar
  13. 13.
    Prabhakaran, V., Arpaci-Dusseau, A., Arpaci-Dusseau, R.: Model-based failure analysis of journaling file systems. In: 2005 Proceedings of the International Conference on Dependable Systems and Networks. DSN 2005, pp. 802–811, June 2005Google Scholar
  14. 14.
    Prabhakaran, V., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Analysis and evolution of journaling file Systems. In: USENIX Annual Technical Conference, General Track (2005)Google Scholar
  15. 15.
    Reynolds, J.: Separation logic: a logic for shared mutable data structures. In: Proceedings. 17th Annual IEEE Symposium on Logic in Computer Science, 2002. pp. 55–74 (2002)Google Scholar
  16. 16.
    da Rocha Pinto, P., Dinsdale-Young, T., Dodds, M., Gardner, P., Wheelhouse, M.: A simple abstraction for complex concurrent indexes. In: OOPSLA, pp. 845–864 (2011)Google Scholar
  17. 17.
    da Rocha Pinto, P., Dinsdale-Young, T., Gardner, P.: TaDA: a logic for time and data abstraction. In: Jones, R. (ed.) ECOOP 2014. LNCS, vol. 8586, pp. 207–231. Springer, Heidelberg (2014) Google Scholar
  18. 18.
    da Rocha Pinto, P., Dinsdale-Young, T., Gardner, P.: Steps in modular specifications for concurrent modules. In: MFPS (2015)Google Scholar
  19. 19.
    Rosenblum, M., Ousterhout, J.K.: The design and implementation of a log-structured file system. ACM Trans. Comput. Syst. 10, 26–52 (1992)CrossRefGoogle Scholar
  20. 20.
    Svendsen, K., Birkedal, L.: Impredicative concurrent abstract predicates. In: Shao, Z. (ed.) ESOP 2014 (ETAPS). LNCS, vol. 8410, pp. 149–168. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  21. 21.
    Yang, J., Twohey, P., Engler, D., Musuvathi, M.: Using model checking to find serious file system errors. ACM Trans. Comput. Syst. 24(4), 393–423 (2006)CrossRefGoogle Scholar
  22. 22.
    Zengin, M., Vafeiadis, V.: A Programming Language Approach to Fault Tolerance for Fork-Join Parallelism. In: 2013 International Symposium on Theoretical Aspects of Software Engineering (TASE), pp. 105–112 (July 2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Gian Ntzik
    • 1
  • Pedro da Rocha Pinto
    • 1
  • Philippa Gardner
    • 1
  1. 1.Imperial College LondonLondonUK

Personalised recommendations