Reasoning About Identifier Spaces: How to Make Chord Correct

The Chord distributed hash table (DHT) is well-known and often used to implement peer-to-peer systems. Chord peers find other peers, and access their data, through a ring-shaped pointer structure in a large identifier space. Despite claims of proven correctness, i.e., eventual reachability, previous work has shown that the Chord ring-maintenance protocol is not correct under its original operating assumptions. Previous work has not, however, discovered whether Chord could be made correct under the same assumptions. The contribution of this paper is to provide the first specification of correct operations and initialization for Chord, an inductive invariant that is necessary and sufficient to support a proof of correctness, and two independent proofs of correctness. One proof is informal and intuitive, and applies to networks of any size. The other proof is based on a formal model in Alloy, and uses fully automated analysis to prove the assertions for networks of bounded size. The two proofs complement each other in several important ways.

[1]  Amin Vahdat,et al.  Life, death, and the critical transition: finding liveness bugs in systems code , 2007 .

[2]  Ion Stoica,et al.  Implementing declarative overlays , 2005, SOSP '05.

[3]  Viktor Kuncak,et al.  CrystalBall: Predicting and Preventing Inconsistencies in Deployed Distributed Systems , 2009, NSDI.

[4]  Nancy A. Lynch,et al.  Atomic Data Access in Distributed Hash Tables , 2002, IPTPS.

[5]  Ion Stoica,et al.  Non-Transitive Connectivity and DHTs , 2005, WORLDS.

[6]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[7]  Pamela Zave A practical comparison of Alloy and Spin , 2014, Formal Aspects of Computing.

[8]  Xiaozhou Li,et al.  Active and Concurrent Topology Maintenance , 2004, DISC.

[9]  NewcombeChris,et al.  How Amazon web services uses formal methods , 2015 .

[10]  Gade Krishna,et al.  A scalable peer-to-peer lookup protocol for Internet applications , 2012 .

[11]  Pamela Zave,et al.  Using lightweight modeling to understand chord , 2012, CCRV.

[12]  Werner Vogels,et al.  Dynamo: amazon's highly available key-value store , 2007, SOSP.

[13]  Divyakant Agrawal,et al.  Approximate Range Selection Queries in Peer-to-Peer Systems , 2003, CIDR.

[14]  Amos Fiat,et al.  Making Chord Robust to Byzantine Attacks , 2005, ESA.

[15]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[16]  Robert Morris,et al.  Etna: A Fault-tolerant Algorithm for Atomic Mutable DHT Data , 2005 .

[17]  Christian Scheideler,et al.  Towards a scalable and robust DHT , 2006, SPAA.

[18]  Ben Y. Zhao,et al.  Tapestry: a resilient global-scale overlay for service deployment , 2004, IEEE Journal on Selected Areas in Communications.

[19]  Pamela Zave How to Make Chord Correct , 2015 .

[20]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[21]  Minseok Kwon,et al.  Secure routing in peer-to-peer distributed hash tables , 2009, SAC '09.

[22]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[23]  Ivan Beschastnikh,et al.  Scalable consistency in Scatter , 2011, SOSP.

[24]  Carlos Castro,et al.  Proceedings of the ACM Symposium on Applied Computing , 2003 .

[25]  Christian Scheideler,et al.  The hyperring: a low-congestion deterministic data structure for distributed environments , 2004, SODA '04.

[26]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[27]  David R. Karger,et al.  Analysis of the evolution of peer-to-peer systems , 2002, PODC '02.

[28]  Stephan Merz,et al.  A Rigorous Correctness Proof for Pastry , 2016, ABZ.

[29]  Seif Haridi,et al.  A Statistical Theory of Chord Under Churn , 2005, IPTPS.

[30]  Christian Scheideler,et al.  Towards a Scalable and Robust DHT , 2006, SPAA '06.

[31]  Xi Wang,et al.  Verdi: a framework for implementing and formally verifying distributed systems , 2015, PLDI.

[32]  Thai Son Hoang,et al.  Abstract State Machines, Alloy, B, TLA, VDM, and Z , 2018, Lecture Notes in Computer Science.

[33]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[34]  Dilian Gurov,et al.  Verification of Peer-to-peer Algorithms: A Case Study , 2007, CoOrg/MTCoord@COORDINATION.