formally specifying posix file systems
play

Formally Specifying POSIX File Systems Gian Ntzik , Pedro da Rocha - PowerPoint PPT Presentation

May 09, 2023 •161 likes •630 views

Formally Specifying POSIX File Systems Gian Ntzik , Pedro da Rocha Pinto and Philippa Gardner Imperial College London July 16, 2015 1/39 POSIX File Systems POSIX: Portable Operating System Interface Large part devoted to the file system

  1. Formally Specifying POSIX File Systems Gian Ntzik , Pedro da Rocha Pinto and Philippa Gardner Imperial College London July 16, 2015 1/39

  2. POSIX File Systems ◮ POSIX: Portable Operating System Interface ◮ Large part devoted to the file system ◮ English Specification ◮ Underspecified ◮ Ambiguous ◮ Absence of proper memory model 2/39

  3. Objectives ◮ Find formalism suitable for specifying POSIX file system operations ◮ Suitable for clients and implementations ◮ Client reasoning in a program logic ◮ Focus a core fragment: ◮ Structural operations: mkdir , rmdir , link , unlink , rename , ... ◮ IO: open , read , write , lseek , close , ... 3/39

  4. File System Example 0 tmp usr 1 2 share local .X0-lock bin 3 0101111011... 8 5 4 lib git 7 0110011011... 9 4/39

  5. First Challenge: Atomicity 5/39

  6. Example: unlink ◮ unlink ( p ) : Atomically remove the file identified by path p . ◮ “Atomic” has an unusual meaning in POSIX. 6/39

  7. unlink ( / usr / bin / git ) 0 tmp usr 1 2 share local .X0-lock bin 3 0101111011... 8 5 4 lib git 7 9 0110011011... 7/39

  8. unlink ( / usr / bin / git ) 0 tmp usr 1 2 share local .X0-lock bin 3 0101111011... 8 5 4 lib git 7 9 0110011011... ◮ Only removing git is required to be atomic. 7/39

  9. unlink ( / usr / bin / git ) 0 tmp usr 1 2 share local .X0-lock bin 3 0101111011... 8 5 4 lib git 7 9 0110011011... ◮ Only removing git is required to be atomic. ◮ Path resolution: a sequence of atomic reads. 7/39

  10. Sequence of atomic actions unlink(/usr/bin/git) usr bin git FS 1 FS 1 FS 2 FS 2 FS 3 FS 4 Environment: mupltiple atomic updates Thread: single atomic read in path traversal Thread: single atomic update 8/39

  11. Single atomic step specification: Atomic Hoare Triple From TaDA, IRIS, ... we know how to specify a single atomic step. ℂ P Q � P � C � Q � 9/39

  12. Multi-atomic specifications We extend to multiple atomic steps ℂ ... P n P 1 P 2 P 3 P 4 P n − 1 � � C ⊑ ( P 1 , P 2 ); ( P 3 , P 4 ); . . . ; ( P n − 1 , P n ) 10/39

  13. Multi-atomic Program Logic ◮ Introduce multi-atomics: � � C ⊑ ( P 1 , P 2 ); ( P 3 , P 4 ); . . . ; ( P n − 1 , P n ) ◮ Justified by an encoding in IRIS ◮ Extend reasoning rules for single atomic steps to multiple steps 11/39

  14. Single Step Equivalence SingleAtomic: � � C ⊑ ( P , Q ) ⇐ ⇒ � P � C � Q � 12/39

  15. Sequence Rule � � � � C 1 ⊑ . . . ; ( P 1 , Q 1 ) C 2 ⊑ ( P 2 , Q 2 ); . . . Multi-Seq � � C 1 ; C 2 ⊑ . . . ; ( P 1 , Q 1 ); ( P 2 , Q 2 ); . . . 13/39

  16. Stuttering Rule � � C ⊑ . . . ; ( P , P ); ( P , Q ); . . . Stutter � � C ⊑ . . . ; ( P , Q ); . . . 14/39

  17. unlink : Formal Specification unlink(/usr/bin/git) usr bin git FS 1 FS 1 FS 2 FS 2 FS FS' unlink ( / usr / bin / git ) ⊑ � resolve( / usr / bin , ι 0 , r ); . . . � 15/39

  18. unlink : Formal Specification unlink(/usr/bin/git) usr bin git FS 1 FS 1 FS 2 FS 2 FS FS' unlink ( / usr / bin / git ) ⊑ � resolve( / usr / bin , ι 0 , r ); (fs( FS ) , in( FS , r , git ) ⇒ rem( FS , r , git ) ∗ ret = 0) � 16/39

  19. unlink : Formal Specification unlink(/usr/bin/git) usr bin git FS 1 FS 1 FS 2 FS 2 FS FS' unlink ( / usr / bin / git ) ⊑ � � � in( FS , r , git ) ⇒ rem( FS , r , git ) ∗ ret = 0 ��� resolve( / usr / bin , ι 0 , r ); fs( FS ) , ∧ out( FS , r , git ) ⇒ fs( FS ) ∗ ret = − 1 ∗ errno = ENOENT 17/39

  20. unlink : Formal Specification unlink(/usr/bin/git) usr bin git FS 1 FS 1 FS 2 FS 2 FS FS' unlink ( / usr / bin / git ) ⊑  � in( FS , r , git ) ⇒ rem( FS , r , git ) ∗ ret = 0 �  � �  fs( FS ) , r ∈ In ⇒ resolve( / usr / bin , ι 0 , r ); ∧ out( FS , r , git ) ⇒ fs( FS ) ∗ ret = − 1 ∗ errno = ENOENT  ∧ r ∈ Err ⇒ fs( FS ) ∗ ret = − 1 ∗ errno = r 18/39

  21. Second Challenge: Unordered actions 19/39

  22. Specifying unordered actions ◮ Example: rename ( p / a , p ′ / b ) ◮ POSIX does not specify in which order p and p ′ are resolved 20/39

  23. Specifying unordered actions ◮ Example: rename ( p / a , p ′ / b ) ◮ POSIX does not specify in which order p and p ′ are resolved ◮ We can’t do: rename ( p / a , p ′ / b ) ⊑ � resolve( p , ι 0 , r 1 ) ; resolve( p ′ , ι 0 , r 2 ) ; . . . � 20/39

  24. Specifying unordered actions ◮ Example: rename ( p / a , p ′ / b ) ◮ POSIX does not specify in which order p and p ′ are resolved ◮ Solution: rename ( p / a , p ′ / b ) ⊑ � resolve( p , ι 0 , r 1 ) � resolve( p ′ , ι 0 , r 2 ) ; . . . � 21/39

  25. Parallel Rule � � C 1 ⊑ ( P 1 , P 2 ); . . . ; ( P n − 1 , P n ) � ( Q 1 , Q 2 ); . . . ; ( Q n − 1 , Q n ) � C 1 ⊑ � ( P 1 , P 2 ); . . . ; ( P n − 1 , P n ) � ( Q 1 , Q 2 ); . . . ; ( Q n − 1 , Q n ) � Multi-Par C 1 � C 2 ⊑ 22/39

  26. Client Applications ◮ Lock Files ◮ POSIX pipes ◮ POSIX Advisory Locks/Record Locking (on-going) ◮ Persistent Concurrent Queues (future) 23/39

  27. Lock Files ◮ lock ( path ): atomically create a non-existing lock file at path ◮ unlock ( path ): remove the lock file identified by path ◮ Implemented similarly to spin locks ◮ open ( path , O CREAT | O EXCL ) to try to lock ◮ unlink to unlock 24/39

  28. Lock File Implementation function lock ( path ) { do { fd := open ( path , O EXCL | O CREAT ); } while ( fd = − 1); close ( fd ); } function unlock ( path ) { unlink ( path ); } 25/39

  29. Heap Based Lock Specification ◮ We know how to specify locks on the heap 26/39

  30. Heap Based Lock Specification ◮ We know how to specify locks on the heap � � � � emp makelock () Lock( ret , 0) � Lock( x , v ) � lock ( x ) � Lock( x , 1) ∗ v = 0 � � Lock( x , 1) � unlock ( x ) � Lock( x , 0) � 26/39

  31. Heap Based Lock Specification ◮ We know how to specify locks on the heap � � � � emp makelock () Lock( ret , 0) � Lock( x , v ) � lock ( x ) � Lock( x , 1) ∗ v = 0 � � Lock( x , 1) � unlock ( x ) � Lock( x , 0) � ◮ Ideally, we want the same specification for lock files ◮ Using path instead of heap address x 26/39

  32. Third Challenge: Ownership 27/39

  33. The Heap case Allocated Heap makeLock() Allocated Heap 0 ret ◮ The module owns the newly allocated memory 28/39

  34. The Heap case Allocated Heap makeLock() Allocated Heap 0 HL ret ◮ The module enforces the sharing protocol 29/39

  35. The File System case 0 tmp usr 1 2 share .X0-lock local bin 3 8 5 4 lib git 7 0110011011... 9 30/39

  36. The File System case 0 tmp usr 1 2 share .X0-lock local bin 3 8 5 4 lib git 7 0110011011... 9 ◮ No operation to extend with fresh path, unknown to environment ◮ Global path address space 30/39

  37. The File System case 0 tmp usr LF 1 2 share .X0-lock local bin 3 8 5 4 lib git 7 0110011011... 9 31/39

  38. The File System case 0 tmp usr LF 1 2 share .X0-lock local bin 3 8 5 4 lib git 7 0110011011... 9 ◮ Clients must agree on sharing protocol 31/39

  39. The File System case 0 tmp usr LF 1 2 share .X0-lock local bin 3 8 5 4 lib git 7 0110011011... 9 ◮ Clients must agree on sharing protocol ◮ Cooporative ownership 31/39

  40. Lock file specification If any client’s protocols 0 tmp usr 1 2 share .X0-lock local bin 3 8 5 4 lib git 7 0110011011... 9 32/39

  41. Lock file specification contains the lock file protocol 0 tmp usr LF 1 2 share .X0-lock local bin 3 8 5 4 lib git 7 0110011011... 9 33/39

  42. Lock file specification with other protocols 0 tmp usr 1 2 share .X0-lock local bin 3 8 5 4 lib git 7 0110011011... 9 34/39

  43. Lock File specification then, we can use the lock file specification: � � lock ( path ) ⊑ Lock( path , v ) , Lock( path , 1) ∗ v = 0 � � unlock ( path ) ⊑ Lock( path , 1) , Lock( path , 0) 35/39

  44. Lock File specification � � ∀ path , P . islock path , P ⇒ � � lock ( path ) ⊑ Lock( path , v ) , Lock( path , 1) ∗ v = 0 � � unlock ( a ) ⊑ Lock( path , 1) , Lock( path , 0) � � � ∃ R . P ⇚ ⇛ LF( path ) ∗ R islock path , P 36/39

  45. Conclusions ◮ Introduced multi-atomic specifications ◮ Ordered sequences of atomic actions ◮ Unordered parallel atomic actions ◮ Formalised a fragment of POSIX file system operations ◮ Client reasoning ◮ Ownership in file systems is cooperative 37/39

  46. Future Work ◮ Link with operational models & testing ◮ Verify implementations ◮ Explore connection with refinement & Hoare’s algebraic laws ◮ Mechanisation 38/39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix

Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix

Posix-Free File Systems in the Cloud Jeff Chase Duke University Beyond Posix Filesystem Posix file system semantics? open(2) Hierarchical directories with aliasing Human-readable symbolic names Atomic ops on

599 views • 12 slides
POSIX IPC: Overview primitive POSIX function description message queues create or access

POSIX IPC: Overview primitive POSIX function description message queues create or access

CPSC-313: Introduction to Computer Systems POSIX IPC POSIX Inter-Process Communication (IPC) Message Queues Shared Memory Semaphores Reading: R&R, Ch 15 POSIX IPC: Overview primitive POSIX function description message

392 views • 6 slides
Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram

Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram

CSE 506: Opera.ng Systems Na.ve POSIX Threading Library (NPTL) Don Porter 1 CSE 506: Opera.ng Systems Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Kernel System Calls Scheduling threads RCU File

318 views • 31 slides
The Specification of POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa Gardner

The Specification of POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa Gardner

The Specification of POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa Gardner Imperial College London gian.ntzik08@imperial.ac.uk pedro.da-rocha-pinto09@imperial.ac.uk p.gardner@imperial.ac.uk INVEST 2017 1/13 Logics for

461 views • 14 slides
A Concurrent Specification for POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa

A Concurrent Specification for POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa

A Concurrent Specification for POSIX File Systems Gian Ntzik, Pedro da Rocha Pinto and Philippa Gardner Imperial College London gian.ntzik08@imperial.ac.uk pedro.da-rocha-pinto09@imperial.ac.uk p.gardner@imperial.ac.uk Dagstuhl 2016 1/22

560 views • 28 slides
Operating Systems Real-Time POSIX TinyOS Standard of UNIX Real-time POSIX

Operating Systems Real-Time POSIX TinyOS Standard of UNIX Real-time POSIX

Operating Systems Real-Time POSIX TinyOS Standard of UNIX Real-time POSIX Supported by many operating systems Real-time schedulability analysis Variants of UNIX Linux Many commercial RTOS, e.g., VxWorks

545 views • 5 slides
Chapter 6: File Systems File systems n Files n Directories & naming n File system

Chapter 6: File Systems File systems n Files n Directories & naming n File system

Chapter 6: File Systems File systems n Files n Directories & naming n File system implementation n Example file systems Chapter 6 CS 1550, cs.pitt.edu 2 (originaly modified by Ethan Long-term information storage n Must store large amounts

1.01k views • 66 slides
Chapter 6: File Systems File systems Files Directories & naming File system

Chapter 6: File Systems File systems Files Directories & naming File system

Chapter 6: File Systems File systems Files Directories & naming File system implementation Example file systems Chapter 6 CMPS 111, UC Santa Cruz 2 Long-term information storage Must store large amounts of data

829 views • 57 slides
www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read,

www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read,

POSIX I/O High Performance Computing Extensions Brent Welch (Speaker) Panasas www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read, write, stat) have semantics that can make it hard to achieve high

674 views • 24 slides
File Systems: All data structures are cached for better performance Create a new file

File Systems: All data structures are cached for better performance Create a new file

File Systems: Consistency Issues What about Multiple Updates? File systems maintain many data structures Several file system operations update multiple data structures Free list/bit vector Directories Examples: File headers and inode

257 views • 3 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
File Systems: Semantics & Structure What is a File a file is a named collection of

File Systems: Semantics & Structure What is a File a file is a named collection of

5/16/2018 File Systems: Semantics & Structure What is a File a file is a named collection of information 11A. File Semantics primary roles of file system: 11B. Namespace Semantics to store and retrieve data 11C. File

373 views • 13 slides
File Systems: Semantics & Structure What is a File a file is a named collection of

File Systems: Semantics & Structure What is a File a file is a named collection of

5/15/2017 File Systems: Semantics & Structure What is a File a file is a named collection of information 11A. File Semantics primary roles of file system: 11B. Namespace Semantics to store and retrieve data 11C. File

352 views • 16 slides
Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in

Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in

Steganographic File Systems Steganographic File Systems 1 Conventional Protection Mechanisms in File S Systems t User Access Control The operating system is fully trusted to enforce the security policy. Is it good enough? Is it

888 views • 44 slides
CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr

CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr

CSN08101 Digital Forensics Lecture 8: File Systems Lecture 8: File Systems Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives Investigative Process Analysis Framework last week File Systems File

795 views • 50 slides
Week 10: File Management What is a file? Elements of file management File

Week 10: File Management What is a file? Elements of file management File

CPSC 410 / 611 : Operating Systems Week 10: File Management What is a file? Elements of file management File organization Directories File allocation UNIX file system Reading: Silberschatz, Chapter 10, 11

498 views • 13 slides
17 Locking Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science

17 Locking Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science

Two-Phase 17 Locking Intro to Database Systems Andy Pavlo AP AP 15-445/15-645 Computer Science Carnegie Mellon University Fall 2020 2 ADM IN ISTRIVIA Project #3 is due Sun Nov 22 nd @ 11:59pm. Homework #4 is due Sun Nov 8 th @ 11:59pm.

1.07k views • 79 slides
Emulating Windows file serving on POSIX Jeremy Allison Samba Team jra@samba.org But isn't it

Emulating Windows file serving on POSIX Jeremy Allison Samba Team jra@samba.org But isn't it

Wider World Opening Windows to a Emulating Windows file serving on POSIX Jeremy Allison Samba Team jra@samba.org But isn't it easy ? Wider World Opening Windows to a Just take a kernel, add your own file system and.. Not if you don't own

549 views • 30 slides
CS415 Project #6: File System Krzysztof Ostrowski krzys@cs.cornell.edu What do you have to do?

CS415 Project #6: File System Krzysztof Ostrowski krzys@cs.cornell.edu What do you have to do?

CS415 Project #6: File System Krzysztof Ostrowski krzys@cs.cornell.edu What do you have to do? Implement a virtual file system On top of a raw virtual block device provided by us Storing all blocks of the virtual disk device in a

793 views • 27 slides
CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall

CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall

CSE306 Software Quality in Practice Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Syllabus Posted on website Academic Integrity Departmental Policy on Violations of Academic Integrity (AI) The CSE Department has a zero-tolerance

669 views • 29 slides
Local Version Control (sccs, rcs) Steven J Zeil February 21, 2013 Local Version

Local Version Control (sccs, rcs) Steven J Zeil February 21, 2013 Local Version

Local Version Control (sccs, rcs) Local Version Control (sccs, rcs) Steven J Zeil February 21, 2013 Local Version Control (sccs, rcs) Outline History 1 Exploration 2 Collaboration 3 Strengths and Weaknesses 4 Local

460 views • 26 slides
DATA, DATABASES, AND QUERIES CS1100 Microsoft Access - Introduction 1 What is this About

DATA, DATABASES, AND QUERIES CS1100 Microsoft Access - Introduction 1 What is this About

Managing Data in Relational Databases DATA, DATABASES, AND QUERIES CS1100 Microsoft Access - Introduction 1 What is this About Storing, accessing, searching, and viewing data are important in any business. While spreadsheets work well

533 views • 34 slides
CS307&CS356: Operating Systems Dept. of Computer Science & Engineering Chentao Wu

CS307&CS356: Operating Systems Dept. of Computer Science & Engineering Chentao Wu

CS307&CS356: Operating Systems Dept. of Computer Science & Engineering Chentao Wu wuct@cs.sjtu.edu.cn Download lectures ftp://public.sjtu.edu.cn User: wuct Password: wuct123456 http://www.cs.sjtu.edu.cn/~wuct/cse/

1.04k views • 47 slides
Design of Locality-aware MPI-IO for Scalable Shared File Write Performance Kohei Sugihara 1 ,

Design of Locality-aware MPI-IO for Scalable Shared File Write Performance Kohei Sugihara 1 ,

Design of Locality-aware MPI-IO for Scalable Shared File Write Performance Kohei Sugihara 1 , Osamu Tatebe 2 1 Department of Computer Science, University of Tsukuba 2 Center for Computational Sciences, University of Tsukuba P0 P1 P0 P1

464 views • 13 slides

More recommend