Universität Augsburg Crash-Safe Refinement for a Verified Flash File System

This paper presents formal proof obligations for data refinement in the presence of unexpected crashes, notably due to a power failure. The work is part of our effort to construct a verified file system for flash memory. We apply the theory to one of the components in the flash file system, namely the erase block management layer. We show its functional correctness with respect to a high-level specification. We prove that the system can always recover from power loss to a desired state. We observe two simplifications that greatly reduce the proof effort for crashes in practice. Proofs are mechanized in the theorem prover KIV.

[1]  Wolfgang Reif,et al.  Abstract Specification of the UBIFS File System for Flash Memory , 2009, FM.

[2]  Kai Engelhardt,et al.  Data Refinement: Model-Oriented Proof Methods and their Comparison , 1998 .

[3]  Gerard J. Holzmann,et al.  A mini challenge: build a verifiable filesystem , 2007, Formal Aspects of Computing.

[4]  Gidon Ernst,et al.  Verification of a Virtual Filesystem Switch , 2013, VSTTE.

[5]  Michael J. Butler,et al.  Applying Event and Machine Decomposition to a Flash-Based Filestore in Event-B , 2009, SBMF.

[6]  Jim Woodcock,et al.  Formalising Flash Memory: First Steps , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[7]  Gidon Ernst,et al.  RGITL: A temporal logic framework for compositional reasoning about interleaved programs , 2014, Annals of Mathematics and Artificial Intelligence.

[8]  C. A. R. Hoare The Verifying Compiler, a Grand Challenge for Computing Research , 2005, VMCAI.

[9]  Egon Börger,et al.  The ASM Refinement Method , 2003, Formal Aspects of Computing.

[10]  G. Reeves,et al.  The Mars Rover Spirit FLASH anomaly , 2005, 2005 IEEE Aerospace Conference.

[11]  Gerhard Schellhorn,et al.  Completeness of fair ASM refinement , 2011, Sci. Comput. Program..

[12]  Daniel Jackson,et al.  Designing and Analyzing a Flash File System with Alloy , 2009, Int. J. Softw. Informatics.

[13]  Jim Woodcock,et al.  POSIX and the Verification Grand Challenge: A Roadmap , 2008, 13th IEEE International Conference on Engineering of Complex Computer Systems (iceccs 2008).

[14]  C. A. R. Hoare Compensable Transactions , 2008, LASER Summer School.

[15]  C. A. R. Hoare,et al.  Proof of correctness of data representation , 1975, Language Hierarchies and Interfaces.

[16]  Gidon Ernst,et al.  Formal Specification of an Erase Block Management Layer for Flash Memory , 2013, Haifa Verification Conference.

[17]  Flaviu Cristian,et al.  Masking System Crashes in Database Application Programs , 1987, VLDB.