FSCQ: A formally verified crash-proof filesystem [pdf]

FSCQ is a certified filesystem written and proven correct in Coq. It&#x27;s the first filesystem with a machine-checkable proof that it&#x27;s implementation meets its specification and whose specification includes crashes.<p>The full source code of FSCQ is available online: <a href="https:&#x2F;&#x2F;github.com&#x2F;mit-pdos&#x2F;fscq-impl" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;mit-pdos&#x2F;fscq-impl</a>

I can&#x27;t help but think of a couple things:<p>&quot;Beware of bugs in the above code; I have only proved it correct, not tried it.&quot; -Donald Knuth<p>And this bug: <a href="http:&#x2F;&#x2F;googleresearch.blogspot.com&#x2F;2006&#x2F;06&#x2F;extra-extra-read-all-about-it-nearly.html" rel="nofollow">http:&#x2F;&#x2F;googleresearch.blogspot.com&#x2F;2006&#x2F;06&#x2F;extra-extra-read-...</a><p>EDIT: I should have elaborated further. I did not intend to sound like I&#x27;m dismissing this work, because it&#x27;s a cool step forward. It&#x27;s just that this reminded me of those things that happened before.

That sounds nice to have, but isn&#x27;t it not as useful without a formally verified crash-proof firmware running on the disk?