Formal Modeling and Analysis of a Flash Filesystem in Alloy

  • Eunsuk Kang
  • Daniel Jackson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5238)


This paper describes the formal modeling and analysis of a design for a flash-based filesystem in Alloy. We model the basic operations of a filesystem as well as features that are crucial to NAND flash hardware, such as wear-leveling and erase-unit reclamation. In addition, we address the issue of fault tolerance by modeling a mechanism for recovery from interrupted filesystem operations due to unexpected power loss. We analyze the correctness of our flash filesystem model by checking trace inclusion against a POSIX-compliant abstract filesystem, in which a file is modeled simply as an array of data elements. The analysis is fully automatic and complete within a finite scope.


Fault Tolerance Alloy Analyzer Page Size NAND Flash Software Repository 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aleph One. YAFFS: A flash file system for embedded use,
  2. 2.
    Arkoudas, K., Zee, K., Kuncak, V., Rinard, M.: On verifying a file system implementation. In: 6th ICFEM, pp. 373–390 (2004)Google Scholar
  3. 3.
    Bicarregui, J., Hoare, C.A.R., Woodcock, J.: The verified software repository: a step towards the verifying compiler. Formal Aspects of Computing 18, 143–151 (2006)zbMATHCrossRefGoogle Scholar
  4. 4.
    Borger, E., Start, R.F.: Abstract State Machines: A method for high-level system design and analysis. Springer, New York (2003)Google Scholar
  5. 5.
    Butler, M., Damchoom, K., Abrial, J.-R.: Some filestore developments with Event-B and Rodin. In: Verifiable File Store Mini-Challenge Workshop, co-located with the 9th ICFEM (2007)Google Scholar
  6. 6.
    Butterfield, A., Woodcock, J.: Formalizing flash memory: First steps. In: 12th ICECCS, pp. 251–260 (2007)Google Scholar
  7. 7.
    Ferreira, M.A., Silva, S.S.: J. N. Oliveira Verifying Intel flash file system core specification. In: 4th VDM-Overture Workshop, FM 2008 (2008)Google Scholar
  8. 8.
    Freitas, L., Fu, Z., Woodcock, J.: POSIX file store in Z/Eves: an experiment in the verified software repository. In: 12th ICECCS, pp. 3–14 (2007)Google Scholar
  9. 9.
    Freitas, L., Woodcock, J., Butterfield, A.: POSIX and the Verification Grand Challenge: a roadmap. In: 13th ICECCS, pp. 153–162 (2008)Google Scholar
  10. 10.
    Gal, E., Toledo, S.: Algorithms and data structures for flash memories. ACM Computing Surveys 37, 138–163 (2005)CrossRefGoogle Scholar
  11. 11.
    Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Gordon, M.J.C., Melham, T.F.: Introduction to HOL: a theorem proving environment for higher order logic. Cambridge University Press, New York (1993)zbMATHGoogle Scholar
  13. 13.
    Groce, A., Holzmann, G.J., Joshi, R.: Randomized differential testing as a prelude to formal verification. In: 29th ICSE, pp. 621–631 (2007)Google Scholar
  14. 14.
    Hynix Semiconductor et al. Open NAND Flash Interface Specification. Technical Report Revision 1.0. ONFi Workgroup (2006),
  15. 15.
    Intel. Flash File System Core Reference Guide. Technical Report 304436001. Intel Corporation (2004)Google Scholar
  16. 16.
    Jackson, D.: Software Abstractions. MIT Press, Cambridge (2006)Google Scholar
  17. 17.
    Joshi, R., Holzmann, G.J.: A mini challenge: Build a verifiable filesystem. In: Verified Software: Theories, Tools, Experiments (2005)Google Scholar
  18. 18.
    Morgan, C., Sufrin, B.: Specification of the UNIX filing system. IEEE Transactions on Software Engineering 10, 128–142 (1984)CrossRefGoogle Scholar
  19. 19.
    Reeves, G., Neilson, T.: The Mars Rover Spirit FLASH Anomaly. In: IEEE Aerospace Conference (2005)Google Scholar
  20. 20.
    Spivey, J.M.: The Z Notation: A Reference Manual. Prentice-Hall, Englewood Cliffs (1998)Google Scholar
  21. 21.
    The Open Group. The POSIX 1003.1, 2003 Edition Specification,
  22. 22.
    Torlak, E., Chang, F.S.-H., Jackson, D.: Finding minimal unsatisfiable cores of declarative specifications. In: Cuellar, J., Maibaum, T.S.E. (eds.) FM 2008. LNCS, vol. 5014, pp. 326–341. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Torlak, E., Jackson, D.: Kodkod: A relational model finder. In: 13th TACAS, pp. 632–647 (2007)Google Scholar
  24. 24.
    Woodcock, J., Davies, J.: Using Z: Specification, Refinement, and Proof. Prentice-Hall, NJ (1996)zbMATHGoogle Scholar
  25. 25.
    Yang, J., Twohey, P., Engler, D., Musuvathi, M.: Using model checking to find serious file system errors. In: 6th OSDI, pp. 273–288 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Eunsuk Kang
    • 1
  • Daniel Jackson
    • 1
  1. 1.Computer Science and Artificial Intelligence LaboratoryMassachusetts Institute of TechnologyCambridgeU.S.A

Personalised recommendations