Reasoning about the POSIX file system: local update and global pathnames

We introduce a program logic for specifying a core sequential subset of the POSIX file system and for reasoning abstractly about client programs working with the file system. The challenge is to reason about the combination of local directory update and global pathname traversal (including '..' and symbolic links) which may overlap the directories being updated. Existing reasoning techniques are either based on first-order logic and do not scale, or on separation logic and can only handle linear pathnames (no '..' or symbolic links). We introduce fusion logic for reasoning about local update and global pathname traversal, introducing a novel effect frame rule to propagate the effect of a local update on overlapping pathnames. We apply our reasoning to the standard recursive remove utility (rm -r), discovering bugs in well-known implementations.

[1]  Gidon Ernst,et al.  Verification of a Virtual Filesystem Switch , 2013, VSTTE.

[2]  Xinyu Feng,et al.  Deny-Guarantee Reasoning , 2009, ESOP.

[3]  Gerard J. Holzmann,et al.  A mini challenge: build a verifiable filesystem , 2007, Formal Aspects of Computing.

[4]  Adam Wright,et al.  Local Reasoning for the POSIX File System , 2014, ESOP.

[5]  Viktor Vafeiadis,et al.  Concurrent Abstract Predicates , 2010, ECOOP.

[6]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[7]  Philippa Gardner,et al.  Towards a program logic for JavaScript , 2012, POPL '12.

[8]  Hongseok Yang,et al.  Views: compositional reasoning for concurrent programs , 2013, POPL.

[9]  Nicolas Biri,et al.  Models and Separation Logics for Resource Trees , 2007, J. Log. Comput..

[10]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[11]  Carroll Morgan,et al.  Specification of the UNIX Filing System , 1984, IEEE Transactions on Software Engineering.

[12]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[13]  Jim Woodcock,et al.  POSIX file store in Z/Eves: an experiment in the verified software repository , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[14]  David Walker,et al.  Forest: a language and toolkit for programming with filestores , 2011, ICFP '11.

[15]  Wim H. Hesselink,et al.  Formalizing a hierarchical file system , 2009, Formal Aspects of Computing.

[16]  Adam Wright,et al.  Structural separation logic , 2013 .

[17]  Jim Woodcock,et al.  POSIX and the Verification Grand Challenge: A Roadmap , 2008, 13th IEEE International Conference on Engineering of Complex Computer Systems (iceccs 2008).

[18]  John Tang Boyland,et al.  Checking Interference with Fractional Permissions , 2003, SAS.

[19]  Aquinas Hobor,et al.  The ramifications of sharing in data structures , 2013, POPL.

[20]  Hongseok Yang,et al.  Variables as Resource in Separation Logic , 2005, MFPS.

[21]  Philippa Gardner,et al.  Context logic and tree update , 2005, POPL '05.

[22]  Viktor Kuncak,et al.  Verifying a File System Implementation , 2004, ICFEM.

[23]  Philippa Gardner,et al.  A simple abstraction for complex concurrent indexes , 2011, OOPSLA '11.