Experiences with formal specification of fault-tolerant file systems

Fault-tolerant, replicated file systems are a crucial component of todaypsilas data centers. Despite their huge complexity, these systems are typically specified only in brief prose, which makes them difficult to reason about or verify. This paper describes the authorspsila experience using formal methods to improve our understanding of and confidence in the behavior of replicated file systems. We wrote formal specifications for three real-world fault-tolerant file systems and used them to: (1) expose design similarities and differences; (2) clarify and mechanically verify consistency properties; and (3) evaluate design alternatives. Our experience showed that formal specifications for these systems were easy to produce, useful for a deep understanding of system functions, and valuable for system comparison.

[1]  Martín Abadi,et al.  The Existence of Refinement Mappings , 1988, LICS.

[2]  Leslie Lamport,et al.  Checking Cache-Coherence Protocols with TLA+ , 2003, Formal Methods Syst. Des..

[3]  Lidong Zhou,et al.  Niobe: A practical replication protocol , 2008, TOS.

[4]  GhemawatSanjay,et al.  The Google file system , 2003 .

[5]  Jeannette M. Wing,et al.  A Case study in Model Checking Software Systems , 1997, Sci. Comput. Program..

[6]  David L. Dill,et al.  Using Formal Specifications for Functional Validation of Hardware Designs , 2002, IEEE Des. Test Comput..

[7]  Junfeng Yang,et al.  Using model checking to find serious file system errors , 2004, TOCS.

[8]  Robbert van Renesse,et al.  Chain Replication for Supporting High Throughput and Availability , 2004, OSDI.

[9]  K. Bhargavan,et al.  Modelling replication protocols with actions and constraints , 2003 .

[10]  Werner Vogels,et al.  Dynamo: amazon's highly available key-value store , 2007, SOSP.

[11]  Andrea C. Arpaci-Dusseau,et al.  A logic of file systems , 2005, FAST'05.

[12]  Leslie Lamport,et al.  On interprocess communication , 1986, Distributed Computing.

[13]  Steve King,et al.  CICS Project Report: Experiences and Results from the use of Z in IBM , 1991, VDM Europe.

[14]  Ben L. Di Vito,et al.  Formalizing space shuttle software requirements: four case studies , 1998, TSEM.

[15]  Jozef Hooman,et al.  Formal modeling and analysis of atomic commitment protocols , 2000, Proceedings Seventh International Conference on Parallel and Distributed Systems (Cat. No.PR00568).

[16]  Marc Najork,et al.  Boxwood: Abstractions as the Foundation for Storage Infrastructure , 2004, OSDI.

[17]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .