# Using lightweight modeling to understand chord

@article{Zave2012UsingLM,
title={Using lightweight modeling to understand chord},
author={Pamela Zave},
journal={Comput. Commun. Rev.},
year={2012},
volume={42},
pages={49-57}
}
• P. Zave
• Published 29 March 2012
• Computer Science
• Comput. Commun. Rev.
Correctness of the Chord ring-maintenance protocol would mean that the protocol can eventually repair all disruptions in the ring structure, given ample time and no further disruptions while it is working. In other words, it is "eventual reachability." Under the same assumptions about failure behavior as made in the Chord papers, no published version of Chord is correct. This result is based on modeling the protocol in Alloy and analyzing it with the Alloy Analyzer. By combining the right…

## Figures from this paper

Analyzing the Fundamental Liveness Property of the Chord Protocol
• Computer Science
2018 Formal Methods in Computer Aided Design (FMCAD)
• 2018
This paper reports on analyzing automatically the correctness of Chord with the Electrum language (developed in former work) on small instance of networks and found various corner cases and showed that the protocol was not correct as described there.
Formal analysis of pure-join model of chord using alloy
• Computer Science
2013 IEEE 4th International Conference on Software Engineering and Service Science
• 2013
It is shown that with high probability, Join preserves validity, and Chord cannot reach “Allcycle” state with stabilize operation in some cases.
How to Make Chord Correct (Using a Stable Base)
• P. Zave
• Computer Science, Mathematics
ArXiv
• 2015
The principle contribution of this paper is to provide the first specification of a correct version of Chord, using the assumption that there is a small “stable base” of permanent members, and a partially automated proof of correctness.
Reasoning About Identifier Spaces: How to Make Chord Correct
• P. Zave
• Computer Science, Mathematics
IEEE Transactions on Software Engineering
• 2017
The contribution of this paper is to provide the first specification of correct operations and initialization for Chord, an inductive invariant that is necessary and sufficient to support a proof of correctness, and two independent proofs of correctness.
How to Make Chord Correct
The contribution of this paper is to provide the first specification of correct operations and initialization for Chord, an inductive invariant that is necessary and sufficient to support a proof of correctness, and the proof itself.
Mechanically Verifying the Fundamental Liveness Property of the Chord Protocol
• Computer Science, Mathematics
FM
• 2019
This article reports on the first mechanized proof of the liveness property for Chord, which addresses the full parameterized version of the protocol, weakens previously-devised invariants and operating assumptions, and is essentially automated.
Verification of the Chord protocol in TLA
This thesis presents a formal specification of the Chord distributed hash table protocol, using the TLA specification language, and shows that the introduction of failures leads the specification to admit several behaviors which break the safety properties Chord promises, potentially leading to permanent partitions in the network and performance degradation.
A machine-checked correctness proof for Pastry
• Computer Science
Sci. Comput. Program.
• 2018
Formal Verification of the Pastry Protocol Using \mathrmTLA^+
This article relaxes the assumption from previous publication to allow arbitrary concurrent joins of nodes, which reveals new insights into Pastry through a final formal model in$$\mathrm{{TLA}}^{+}$$, LuPastry, and illustrates the methodology for the discovery and proof of its invariant.
Growing a protocol
• Computer Science
HotCloud
• 2017
This paper advocates that the community should explore the intersection of testing and verification to better ensure quality for distributed software and presents the experience evolving a data replication protocol at Elastic using a novel bug-finding technology called Lineage Driven Fault Injection (LDFI) as evidence.

## References

SHOWING 1-10 OF 18 REFERENCES
Almost-Invariants: From Bugs in Distributed Systems to Invariants
• Computer Science
• 2009
This paper proposes an approach to observe the system behavior and automatically infer invariants which reveal implementation bugs, and demonstrates Avenger's ability to identify the almost-invariants that lead the developer to programming errors.
Predicting and preventing inconsistencies in deployed distributed systems
• Computer Science
TOCS
• 2010
The design and implementation of a new approach for developing and deploying distributed systems, in which nodes predict distributed consequences of their actions and use this information to detect and avoid errors, are described, termed CrystalBall.
Life, death, and the critical transition: finding liveness bugs in systems code
• Computer Science
• 2007
This work argues that checking liveness properties offers both a richer and more natural way to search for errors, particularly in complex concurrent and distributed systems, and presents heuristics to find a large class of liveness violations and the critical transition of the execution.
Implementing declarative overlays
SOSP '05
• 2005
P2, a system that uses a declarative logic language to express overlay networks in a highly compact and reusable form, is implemented and its promising trade-off point between specification complexity and performance is shown.
Life, Death, and the Critical Transition: Finding Liveness Bugs in Systems Code (Awarded Best Paper)
• Computer Science
NSDI
• 2007
This work argues that checkingiveness properties offers both a richer and more natural way to search for errors, particularly in complex concur rent and distributed systems.
Analysis of the evolution of peer-to-peer systems
• Computer Science
PODC '02
• 2002
It is argued that traditional performance measures based on run-time are uninformative for a continually running P2P network, and that the rate at which nodes in the network need to participate to maintain system state is a more useful metric.
Software Abstractions - Logic, Language, and Analysis
This revised edition of Software Abstractions updates the text, examples, and appendixes to be fully compatible with the latest version of Alloy, a language that captures the essence of software abstractions simply and succinctly, using a minimal toolkit of mathematical notions.
Non-Transitive Connectivity and DHTs
• Computer Science
WORLDS
• 2005
The most basic functionality of a distributed hash table, or DHT, is to partition a key space across the set of nodes in a distributed system such that all nodes agree on the partitioning. For
Chord: A scalable peer-to-peer lookup service for internet applications
• Computer Science
SIGCOMM '01
• 2001
Results from theoretical analysis, simulations, and experiments show that Chord is scalable, with communication cost and the state maintained by each node scaling logarithmically with the number of Chord nodes.
A Statistical Theory of Chord Under Churn
• Computer Science
IPTPS
• 2005
This paper presents a complete analytical study of churn using a master-equation-based approach, used traditionally in non-equilibrium statistical mechanics to describe steady-state or transient phenomena.