Example - A Computer File System Dr. Rong Qu [email protected] http://www.cs.nott.ac.uk/£ rxq/#g53fsp G53FSP Formal Specification 1 State Schema USERS the set of all possible user names FILE NAMES the set of all possible file names BLOCK NOS the set of all possible block numbers G53FSP Formal Specification 2 owns owns is a function mapping usernames to sets of filenames owns = (Eric; file1; file2 ); (Edmund; prog1 ) f f g f g g We can then write as true logical statements owns Eric = file1; file2 f g owns Edmund = prog1 f g G53FSP Formal Specification 3 occupies Further, occupies will be a function mapping each filename of an existing file to be the set of block numbers which it occupies occupies = f (file1; 1; 9; 6; 10 ); f g (file2; 2; 3; 4 ); f g (prog1; 5; 7; 8 ) f g g G53FSP Formal Specification 4 occupies rng occupies = 1; 9; 6; 10 ; 2; 3; 4 ; 5; 7; 8 ff g f g f gg To obtain the set of all occupied blocks as a simple set, we need the generalised union operator applied as in rng occupies = 1; 2; 3; 4; 5; 6; 7; 8; 9; 10 S f g G53FSP Formal Specification 5 English Specification a. There will be a set of users system users. b. The number of users will be no users. c. A list of free (unoccupied) blocks will be maintained. d. No block is to be in more than one file. e. Every block which is not in a file is to be on the free list. f. The maximum number of users will be max user. G53FSP Formal Specification 6 State Schema [USERS; FILE NAMES; BLOCK NOS] G53FSP Formal Specification 7 State Schema FileSystem owns : USER + P FILE NAMES occupies : FILE! NAMES + P BLOCK NOS file store : P FILE NAMES! all blocks : P BLOCK NOS free blocks : P BLOCK NOS max users : N no users : N system users : P USERS ::: G53FSP Formal Specification 8 State Schema FileSystem ::: #system users max users #system users =≤ no users file : dom occupies !user : dom owns file owns user 8 file : dom occupies;•block 9 : all blocks • 2 8 block occupies file block =•free blocks dom owns = 2system users ) 2 file store = rng owns file store = domS occupies block set1; block set2 : rng occupies 8 • block set1 = block set2 block set1 block set2 = 6 ) \ fg G53FSP Formal Specification 9 State Schema another way: no two files contain a common block file1; file2 : dom occupies 8 • file1 = file2 occupies file1 occupies file2 = 6 ) \ fg no data block occurs in the free list block set : rng occupies block set free blocks = 8 • \ fg or rng occupies free blocks = S \ fg G53FSP Formal Specification 10 Operation Schema There is to be a command to remove a file from the system. The command will be given the name of the file owner, and of the file. All blocks occupied by the file must be returned to the free list. G53FSP Formal Specification 11 Operation Schema RemoveFile ∆FileSystem username?: USERS file name?: FILE NAMES ::: G53FSP Formal Specification 12 Operation Schema RemoveFile ::: username? system users file name? owns username? 2 ^ 2 occupies0 = file name? ¡occupies f g− owns0 = owns (usernameL ?; (owns username? file name? )) f − f g g free blocks0 = free blocks occupies file name? [ file store0 = file store file mame? − f g no users0 = no users system users0 = system users ^ G53FSP Formal Specification 13 NewFile Schema NewFile ∆FileSystem username?: USERS file name?: FILE NAMES ::: G53FSP Formal Specification 14 NewFile Schema NewFile ::: username? system users file name? = file store 2 ^ 2 owns0 = owns (usernameL ?; (owns username? file name? ) ) f [ f g g occupies0 = occupies file name? [ f 7! fgg free blocks0 = free blocks file store0 = file store file mame? [ f g no users0 = no users system users0 = system users ^ G53FSP Formal Specification 15 RemoveUser The remove user command will remove all that user's files and return their blocks to the free space list The given user's name will be deleted from the system. G53FSP Formal Specification 16 RemoveUser RemoveUser ∆FileSystem username?: USERS ::: G53FSP Formal Specification 17 RemoveUser RemoveUser ::: username? system users 2 owns0 = username? ¡owns f g− occupies0 = owns username?¡occupies − free blocks0 = free blocks rng(owns username? ¡ occupies) [ S file store0 = file store owns username? − no users0 = no users 1 − system users0 = system users username? − f g G53FSP Formal Specification 18 Alternative The line defining free blocks could be written free blocks0 = free blocks [ occupies( owns username? ) S j j G53FSP Formal Specification 19 AddNewUser AddNewUser ∆FileSystem username?: USERS ::: G53FSP Formal Specification 20 AddNewUser AddNewUser ::: username? = system users 2 owns0 = owns username? [ f 7! fgg occupies0 = occupies free blocks0 = free blocks file store0 = file store no users0 max users no users0 = no users + 1 ≤ ^ system users0 = system users username? [ f g G53FSP Formal Specification 21 NewBlockToFile NewBlockToFile ∆FileSystem file name?: FILE NAMES block no : BLOCK NOS ::: G53FSP Formal Specification 22 NewBlockToFile NewBlockToFile ::: filename? dom occupies 2 block no free block owns0 = owns 2 ^ occupies0 = occupies file name?; occupiesL file name? block no f [ f gg free blocks0 = free blocks block no − f g file store0 = file store no users0 = no users ^ system users0 = system users G53FSP Formal Specification 23 Observation Schema There will be a command ListFileNames to list a named user's file names and sizes. The given user must already exist. G53FSP Formal Specification 24 Observation Schema ListFileNames ΞFileSystem user name?: USERS message!: FILE NAMES + N ! user name? system users 2 message! = filename : own username? f • (filename; #occupies filename) g G53FSP Formal Specification 25 User File Count For an observation schema to represent a command which accepts a username, and replies with the total number of files owned by that user. G53FSP Formal Specification 26 User File Count UserFileCount ΞFileSystem user name?: USERS user file no!: N user name? system users 2 user file no! = #owns username? G53FSP Formal Specification 27 User Block Count For an observation schema to represent a command which accepts a username, and replies with the total number of blocks owned by that user. G53FSP Formal Specification 28 User Block Count UserBlockCount ΞFileSystem user name?: USERS user blocks!: N user name? system users 2 user blocks! = # occupies( owns username? ) S j j G53FSP Formal Specification 29 Axiom Schema For example, for the functions to give the number of blocks in a named file the number of files owned by a named user the number of blocks owned by a named user We could have a schema as follows, which merely decalres the functions. G53FSP Formal Specification 30 Axiom Schema This is called an axiom schema, and must be declared before use. The schema itself has no name; Its purpose is purely to make the functions available. G53FSP Formal Specification 31 Axiom Schema FileSystem user file no : USERS + N ! user blocks : USERS + N ! file blocks : FILE NAMES + N ! user : system users 8 • user file no user = #owns user user : system users user blocks user = 8 • ( f : owns user #occupies f ) • file : Pfile store file blocks file = #occupies file 8 • G53FSP Formal Specification 32.