Development of a Verified Flash File System

This paper gives an overview over the development of a formally verified file system for flash memory. We describe our approach that is based on Abstract State Machines and incremental modular refinement. Some of the important intermediate levels and the features they introduce are given. We report on the verification challenges addressed so far, and point to open problems and future work. We furthermore draw preliminary conclusions on the methodology and the required tool support.

[1]  Gerard J. Holzmann,et al.  A mini challenge: build a verifiable filesystem , 2007, Formal Aspects of Computing.

[2]  Gidon Ernst,et al.  A Formal Model of a Virtual Filesystem Switch , 2012, SSV.

[3]  Satish Chandra,et al.  Packet types: abstract specification of network protocol messages , 2000 .

[4]  Gregory H. Harris,et al.  Review of "Abstract state machines: a method for high-level system design and analysis" by Egon Börger and Robert Stärk. Springer-Verlag 2003. , 2004, SOEN.

[5]  Gidon Ernst,et al.  Modular Refinement for Submachines of ASMs , 2014, ABZ.

[6]  Martin Odersky,et al.  Programming in Scala: A Comprehensive Step-by-Step Guide, 2nd Edition , 2010 .

[7]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[8]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[9]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[10]  Kriangsak Damchoom,et al.  An incremental refinement approach to a development of a flash-based file system in Event-B , 2010 .

[11]  Wim H. Hesselink,et al.  Formalizing a hierarchical file system , 2009, Formal Aspects of Computing.

[12]  Gerhard Schellhorn,et al.  Completeness of fair ASM refinement , 2011, Sci. Comput. Program..

[13]  W. Bibel,et al.  Automated deduction : a basis for applications , 1998 .

[14]  Natarajan Shankar,et al.  Subtypes for Specifications: Predicate Subtyping in PVS , 1998, IEEE Trans. Software Eng..

[15]  Egon Börger,et al.  The ASM Refinement Method , 2003, Formal Aspects of Computing.

[16]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[17]  Daniel Jackson,et al.  Designing and Analyzing a Flash File System with Alloy , 2009, Int. J. Softw. Informatics.

[18]  Godmar Back,et al.  DataScript - A Specification and Scripting Language for Binary Data , 2002, GPCE.

[19]  José Nuno Oliveira,et al.  Alloy Meets the Algebra of Programming: A Case Study , 2013, IEEE Transactions on Software Engineering.

[20]  Jim Woodcock,et al.  POSIX file store in Z/Eves: an experiment in the verified software repository , 2007, ICECCS.

[21]  Ana Cavalcanti,et al.  FM 2009: Formal Methods, Second World Congress, Eindhoven, The Netherlands, November 2-6, 2009. Proceedings , 2009, FM.

[22]  Gidon Ernst,et al.  Verification of a Virtual Filesystem Switch , 2013, VSTTE.

[23]  Wolfgang Reif,et al.  Abstract Specification of the UBIFS File System for Flash Memory , 2009, FM.

[24]  Daniel Jackson,et al.  Formal Modeling and Analysis of a Flash Filesystem in Alloy , 2008, ABZ.

[25]  Kurt Stenzel,et al.  Structured Specifications and Interactive Proofs with KIV , 1998 .

[26]  Carroll Morgan,et al.  Specification of the UNIX Filing System , 1984, IEEE Transactions on Software Engineering.

[27]  G. Ernst,et al.  Universität Augsburg Crash-Safe Refinement for a Verified Flash File System , 2014 .

[28]  Jim Woodcock,et al.  POSIX and the Verification Grand Challenge: A Roadmap , 2008, 13th IEEE International Conference on Engineering of Complex Computer Systems (iceccs 2008).

[29]  Bernhard Beckert,et al.  Lessons Learned From Microkernel Verification -- Specification is the New Bottleneck , 2012, SSV.

[30]  Gidon Ernst,et al.  Formal Specification of an Erase Block Management Layer for Flash Memory , 2013, Haifa Verification Conference.

[31]  Viktor Kuncak,et al.  Verifying a File System Implementation , 2004, ICFEM.

[32]  C. A. R. Hoare The Verifying Compiler, a Grand Challenge for Computing Research , 2005, VMCAI.

[33]  Abz,et al.  Abstract State Machines, B and Z, First International Conference, ABZ 2008, London, UK, September 16-18, 2008. Proceedings , 2008, ABZ.

[34]  Jim Woodcock,et al.  Formalising Flash Memory: First Steps , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[35]  Ian J. Hayes,et al.  Specification case studies , 1987 .

[36]  Egon Börger,et al.  Abstract State Machines. A Method for High-Level System Design and Analysis , 2003 .

[37]  Gidon Ernst,et al.  KIV: overview and VerifyThis competition , 2014, International Journal on Software Tools for Technology Transfer.

[38]  G. Reeves,et al.  The Mars Rover Spirit FLASH anomaly , 2005, 2005 IEEE Aerospace Conference.