FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W1475719308> ?p ?o ?g. }

• W1475719308 endingPage "21" @default.
• W1475719308 startingPage "21" @default.
• W1475719308 abstract "Software that is provably correct has been a long-time goal of computer science. Until recently this goal was realized for only small programs, but over the last decade several large systems have been built that have provable correctness properties. Examples include CompCert [21], seL4 [20], IronClad [13], CertiKOS [12], Bedrock [4, 5], Termite [32], Click’s dataplane [8], and Jitk [35]. One aspect not covered by these systems is reasoning about failures—power failures, hardware faults, or software bugs—which is well-known to be tricky in systems code. An important example of where failures matter is a file system, because developers often make subtle mistakes in recovery code, and recovery code is complex and not frequently executed. Even if such bugs are rare, they can still be costly, since they can lead to complete data loss [41]. Proving the absence of such bugs in critical software, such as a file system, is an appealing proposition. To explore what it takes to certify a file system, we are in the process of building one such file system and its machine-checked proof. Our goal is to certify a simple Unix-like file system with logging. We want to prove that our file system’s implementation is correct: it matches the specification, even if there are crashes. There are many aspects involved in implementing a certified file system, but the design choice on which everything else depends is the question of how to write specifications. We found that writing specification is surprisingly tricky. This paper summarizes what we have learned from exploring several specification strategies, including one approach that has worked well for us. Writing a precise specification assumes that you know what the specification is. Unfortunately, POSIX is not well specified: file systems have many different interpretations of what POSIX means, in particular under failures. Furthermore, file systems allow operators to configure them to have different behaviors under failure, which can result in surprising results for application writers [29]. In this paper, we adopt a simple compromise: each system call runs atomically. If there is a failure, either the system call happened completely or not all. The system call never leaves the file system in an intermediate state. There are many ways to write a specification for atomic systems calls, like there are many ways to design and implement an API, and it was initially unclear to us which one was the right choice. What criteria determine if a specification is a good one? Our three goals were (1) to prevent real bugs, (2) to enable proof automation, and (3) to allow for modularity. The rest of this paper explores this question by examining different approaches to specify the behavior of a file system under crashes. We report on what approaches we discarded and describe why an approach based on Hoare logic with an extensions for crash predicates and recovery semantics works well." @default.
• W1475719308 created "2016-06-24" @default.
• W1475719308 creator A5033897343 @default.
• W1475719308 creator A5044590960 @default.
• W1475719308 creator A5046950574 @default.
• W1475719308 creator A5054417711 @default.
• W1475719308 creator A5078100439 @default.
• W1475719308 creator A5082808262 @default.
• W1475719308 date "2015-05-18" @default.
• W1475719308 modified "2023-10-05" @default.
• W1475719308 title "Specifying crash safety for storage systems" @default.
• W1475719308 cites W1412006679 @default.
• W1475719308 cites W1423003888 @default.
• W1475719308 cites W1434079718 @default.
• W1475719308 cites W1436494858 @default.
• W1475719308 cites W1436965661 @default.
• W1475719308 cites W157238496 @default.
• W1475719308 cites W1657896522 @default.
• W1475719308 cites W1975808766 @default.
• W1475719308 cites W1995626000 @default.
• W1475719308 cites W2023035194 @default.
• W1475719308 cites W2069300761 @default.
• W1475719308 cites W2090551028 @default.
• W1475719308 cites W2095770127 @default.
• W1475719308 cites W2098959411 @default.
• W1475719308 cites W2101939036 @default.
• W1475719308 cites W2104670257 @default.
• W1475719308 cites W2130427425 @default.
• W1475719308 cites W2132761501 @default.
• W1475719308 cites W2136310957 @default.
• W1475719308 cites W2137628566 @default.
• W1475719308 cites W2138555106 @default.
• W1475719308 cites W2141729404 @default.
• W1475719308 cites W2155216527 @default.
• W1475719308 cites W2167814583 @default.
• W1475719308 cites W3146075203 @default.
• W1475719308 hasPublicationYear "2015" @default.
• W1475719308 type Work @default.
• W1475719308 sameAs 1475719308 @default.
• W1475719308 citedByCount "2" @default.
• W1475719308 countsByYear W14757193082016 @default.
• W1475719308 crossrefType "proceedings-article" @default.
• W1475719308 hasAuthorship W1475719308A5033897343 @default.
• W1475719308 hasAuthorship W1475719308A5044590960 @default.
• W1475719308 hasAuthorship W1475719308A5046950574 @default.
• W1475719308 hasAuthorship W1475719308A5054417711 @default.
• W1475719308 hasAuthorship W1475719308A5078100439 @default.
• W1475719308 hasAuthorship W1475719308A5082808262 @default.
• W1475719308 hasConcept C104949639 @default.
• W1475719308 hasConcept C111919701 @default.
• W1475719308 hasConcept C115903868 @default.
• W1475719308 hasConcept C149091818 @default.
• W1475719308 hasConcept C167981075 @default.
• W1475719308 hasConcept C177264268 @default.
• W1475719308 hasConcept C199360897 @default.
• W1475719308 hasConcept C2776760102 @default.
• W1475719308 hasConcept C2777904410 @default.
• W1475719308 hasConcept C2778579508 @default.
• W1475719308 hasConcept C2780940931 @default.
• W1475719308 hasConcept C41008148 @default.
• W1475719308 hasConcept C55439883 @default.
• W1475719308 hasConceptScore W1475719308C104949639 @default.
• W1475719308 hasConceptScore W1475719308C111919701 @default.
• W1475719308 hasConceptScore W1475719308C115903868 @default.
• W1475719308 hasConceptScore W1475719308C149091818 @default.
• W1475719308 hasConceptScore W1475719308C167981075 @default.
• W1475719308 hasConceptScore W1475719308C177264268 @default.
• W1475719308 hasConceptScore W1475719308C199360897 @default.
• W1475719308 hasConceptScore W1475719308C2776760102 @default.
• W1475719308 hasConceptScore W1475719308C2777904410 @default.
• W1475719308 hasConceptScore W1475719308C2778579508 @default.
• W1475719308 hasConceptScore W1475719308C2780940931 @default.
• W1475719308 hasConceptScore W1475719308C41008148 @default.
• W1475719308 hasConceptScore W1475719308C55439883 @default.
• W1475719308 hasOpenAccess W1475719308 @default.
• W1475719308 hasRelatedWork W1412006679 @default.
• W1475719308 hasRelatedWork W1423003888 @default.
• W1475719308 hasRelatedWork W1498543220 @default.
• W1475719308 hasRelatedWork W157238496 @default.
• W1475719308 hasRelatedWork W1995626000 @default.
• W1475719308 hasRelatedWork W2005159791 @default.
• W1475719308 hasRelatedWork W2008144935 @default.
• W1475719308 hasRelatedWork W2020395879 @default.
• W1475719308 hasRelatedWork W2025018396 @default.
• W1475719308 hasRelatedWork W2038478470 @default.
• W1475719308 hasRelatedWork W2073742357 @default.
• W1475719308 hasRelatedWork W2124877509 @default.
• W1475719308 hasRelatedWork W2136310957 @default.
• W1475719308 hasRelatedWork W2138634686 @default.
• W1475719308 hasRelatedWork W2332661323 @default.
• W1475719308 hasRelatedWork W2396571788 @default.
• W1475719308 hasRelatedWork W2415746476 @default.
• W1475719308 hasRelatedWork W2913718044 @default.
• W1475719308 hasRelatedWork W2992179976 @default.
• W1475719308 hasRelatedWork W405971428 @default.
• W1475719308 isParatext "false" @default.
• W1475719308 isRetracted "false" @default.
• W1475719308 magId "1475719308" @default.

• next