Formal Description of the Chord Protocol using ASM Bojan Marinković1 , Paola Glavan2 , Zoran Ognjanović1 Mathematical Institute of the Serbian Academy of Sciences and Arts1 Belgrade, Serbia [bojanm, zorano]@mi.sanu.ac.rs Department of Mathematics and Descriptive Geometry2 Faculty od Mechanical Engineering and Naval Architecture Zagreb, Croatia [email protected] Fourth Workshop on Formal and Automated Theorem Proving and Applications February 4-5, 2011, Belgrade, Serbia Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 1 / 38 Outline 1 Introduction 2 (Informal) Description of Chord 3 Abstract State Machine 4 Related Work 5 ASM Formalization of Chord Basic Notions Chord Actions 6 Correctness of the Formalization 7 Conclusion Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 2 / 38 Introduction Outline 1 Introduction 2 (Informal) Description of Chord 3 Abstract State Machine 4 Related Work 5 ASM Formalization of Chord Basic Notions Chord Actions 6 Correctness of the Formalization 7 Conclusion Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 3 / 38 Introduction Peer-To-Peer Systems No centralized control or hierarchical organization Each node (peer) runs software with equivalent functionality System’s states and tasks are dynamically allocated Core operation: efficient retrieval of data items No inherent bottlenecks and resistance to failures, attacks, etc. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 4 / 38 Introduction Distributed Hash Tables Lookup service similar to a hash table Storing (key, value) pairs Retrieval of the value associated with a given key Any change in the set of nodes causes a minimal amount of disruption Chord: one of the first and simplest DHTs Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 5 / 38 (Informal) Description of Chord Outline 1 Introduction 2 (Informal) Description of Chord 3 Abstract State Machine 4 Related Work 5 ASM Formalization of Chord Basic Notions Chord Actions 6 Correctness of the Formalization 7 Conclusion Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 6 / 38 (Informal) Description of Chord Short Desctription of Chord Number of nodes form a ring-shaped network Supported operation: mapping the given key onto a node using consistent hashing Probability that two objects of the same type are assigned same identifiers is negligible One node is awared of a small number (maximum O(log N)) of other nodes Key is assigned to the first node in the circle whose identifier is equal or greater than hash(key) Properties: Load-balance All lookups are resolved via maximum O(log N) messages Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 7 / 38 Abstract State Machine Outline 1 Introduction 2 (Informal) Description of Chord 3 Abstract State Machine 4 Related Work 5 ASM Formalization of Chord Basic Notions Chord Actions 6 Correctness of the Formalization 7 Conclusion Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 8 / 38 Abstract State Machine Introduction Introduced with: Y. Gurevich: Evolving Algebras 1993: Lipari Guide. Definition Abstract State Machine A is defined by a program Prog - consisting of a finite number of transition rules, at most countable set of states and initial states. A models the operational behavior of a real dynamic system S in terms of evolution of states. Definition A state S is a first-order structure over a fixed signature (which is also the signature of A), representing the instantaneous configuration of S. The value of a term t at S is denoted by [t]S . The basic transition rule is the following function update f (t1 , . . . , tn ) := t, where f is an arbitrary n-ary function and t1 , . . . , tn , t are first-order terms. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 9 / 38 Abstract State Machine Transition Rules Conditional constructor i f g then R1 e l s e i f R2 endif Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 10 / 38 Abstract State Machine Transition Rules Conditional constructor i f g then R1 e l s e i f R2 endif Sequential constructor seq R1 ... Rn endseq Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 10 / 38 Abstract State Machine Transition Rules Conditional constructor Parallel constructor i f g then R1 e l s e i f R2 endif par R1 ... Rn endpar Sequential constructor seq R1 ... Rn endseq Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 10 / 38 Abstract State Machine Transition Rules Conditional constructor Parallel constructor i f g then R1 e l s e i f R2 endif par R1 ... Rn endpar Sequential constructor Choose constructor seq R1 ... Rn endseq Marinković,Glavan,Ognjanović(MISANU, FSB) choose v i n U s a t i s f y i n g g(v ) R0 endchoose ASM Description of Chord 4th ARGO Workshop 10 / 38 Abstract State Machine Properties Definition (ASM runs) A run (or computation) of A is a finite or infinite sequence S0 ; S1 ; S2 ; . . . where S0 is an initial state and every Si+1 is obtained from Si executing a transition rule. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 11 / 38 Abstract State Machine Properties Definition (ASM runs) A run (or computation) of A is a finite or infinite sequence S0 ; S1 ; S2 ; . . . where S0 is an initial state and every Si+1 is obtained from Si executing a transition rule. External function can be understand as a (dynamic) oracle ASM can model algorithms at the appropriate abstraction level to verify properties of the system Already modeled with ASMs: Bakery algorithm, Rail road crossing problem, Kerberos algorithm, etc. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 11 / 38 Abstract State Machine Distrubuted ASM Multiple autonomous agents cooperatively model a concurrent computation Each agent executes its own single-agent program The underlying semantic model ensures that the order that no conflicts between the update sets computed for distinct agents can arise The global program is the union of all single-agent programs Regular runs - state is global and move of an agent is atomic Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 12 / 38 Related Work Outline 1 Introduction 2 (Informal) Description of Chord 3 Abstract State Machine 4 Related Work 5 ASM Formalization of Chord Basic Notions Chord Actions 6 Correctness of the Formalization 7 Conclusion Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 13 / 38 Related Work Related Work I. Stoica et al.: Chord: A Scalable Peer-to-Peer Lookup service for Internet Applications Introduces Chord and describes it using C++-like pseudo code Several complexity results and consistency of entrance of a new node Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 14 / 38 Related Work Related Work I. Stoica et al.: Chord: A Scalable Peer-to-Peer Lookup service for Internet Applications Introduces Chord and describes it using C++-like pseudo code Several complexity results and consistency of entrance of a new node R. Bakhshi, D. Gurov: Verification of Peer-to-peer Algorithms: A Case Study Specification of Chord in terms of the π-calculus Verification of the corresponding stabilization algorithm Consider maintaining of topological structure Possible departures of nodes from a network are not examined Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 14 / 38 Related Work Related Work I. Stoica et al.: Chord: A Scalable Peer-to-Peer Lookup service for Internet Applications Introduces Chord and describes it using C++-like pseudo code Several complexity results and consistency of entrance of a new node R. Bakhshi, D. Gurov: Verification of Peer-to-peer Algorithms: A Case Study Specification of Chord in terms of the π-calculus Verification of the corresponding stabilization algorithm Consider maintaining of topological structure Possible departures of nodes from a network are not examined V. Tru’o’ng: Testing implementations of Distributed Hash Tables An Erlang implementation of Chord Analyzed using simulations Consider maintaining of topological structure It reports some failures and proposes modifications Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 14 / 38 ASM Formalization of Chord Outline 1 Introduction 2 (Informal) Description of Chord 3 Abstract State Machine 4 Related Work 5 ASM Formalization of Chord Basic Notions Chord Actions 6 Correctness of the Formalization 7 Conclusion Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 15 / 38 ASM Formalization of Chord Basic Notions Basic Notions Motivation: errors in concurrent systems are difficult to reproduce and find by program testing Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 16 / 38 ASM Formalization of Chord Basic Notions Basic Notions Motivation: errors in concurrent systems are difficult to reproduce and find by program testing M fixed positive integer, and N = 2M Universe (Chord network): Chord := {0, 1, . . . , N − 1} Indicator that x ∈ Chord is in Chord network Chord(x) = true External function for the manipulations with the lists (list constructor, add, remove, listitem) Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 16 / 38 ASM Formalization of Chord Basic Notions Node Structure successor : Chord → Chord predecessor : Chord → Chord finger : Chord → ListOfChord next : Chord → {1, . . . , M} keysvalues : Chord → ListOfKeysValues Figure: Structure of Chord node Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 17 / 38 ASM Formalization of Chord Basic Notions Node Structure successor : Chord → Chord predecessor : Chord → Chord finger : Chord → ListOfChord next : Chord → {1, . . . , M} keysvalues : Chord → ListOfKeysValues Figure: Structure of Chord node Nodeid = hid, successor (id), predecessor (id), finger (id), next(id), keysvalues(id)i Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 17 / 38 ASM Formalization of Chord Basic Notions Chord Functions hash : Keys ∪ IPs → {0, 1, . . . , N − 1, undef } ping : Chord → {true, false} member of : Chord × Chord × Chord → {true, false} (arg2 < arg1 6 arg3 ) Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 18 / 38 ASM Formalization of Chord Basic Notions Chord Functions hash : Keys ∪ IPs → {0, 1, . . . , N − 1, undef } ping : Chord → {true, false} member of : Chord × Chord × Chord → {true, false} (arg2 < arg1 6 arg3 ) find successor : Chord × {0, 1, . . . N − 1} → Chord get : Chord × Keys → Values ∪ {undef } Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 18 / 38 ASM Formalization of Chord Basic Notions Functions Definitions successor (n), if ping(successor (n))∧ member of (h, n, successor (n)), find successor (finger (n).listitem(i), h), find successor (n, h) = otherwise where member of (finger (n).listitem(i), n, h)∧ (i = M∨ ¬member of (finger (n).listitem(i + 1), n, h)) Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 19 / 38 ASM Formalization of Chord Basic Notions Functions Definitions successor (n), if ping(successor (n))∧ member of (h, n, successor (n)), find successor (finger (n).listitem(i), h), find successor (n, h) = otherwise where member of (finger (n).listitem(i), n, h)∧ (i = M∨ ¬member of (finger (n).listitem(i + 1), n, h)) value, if (key, value) ∈ keysvalues(find successor (id, hash(key))), get(id, key) = undef , otherwise. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 19 / 38 ASM Formalization of Chord Chord Actions Chord Actions Start - Sε → End - → Sε Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 20 / 38 ASM Formalization of Chord Chord Actions Chord Actions Start - Sε → End - → Sε Join - add a new node Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 20 / 38 ASM Formalization of Chord Chord Actions Chord Actions Start - Sε → End - → Sε Join - add a new node Fairleave - one node less with information transfer UnfairLeave - one node less without information transfer Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 20 / 38 ASM Formalization of Chord Chord Actions Chord Actions Start - Sε → End - → Sε Join - add a new node Fairleave - one node less with information transfer UnfairLeave - one node less without information transfer Stabilize - update information on predecessor and successor Update predecessor - check predecessor Update fingers - update finger table Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 20 / 38 ASM Formalization of Chord Chord Actions Chord Actions Start - Sε → End - → Sε Join - add a new node Fairleave - one node less with information transfer UnfairLeave - one node less without information transfer Stabilize - update information on predecessor and successor Update predecessor - check predecessor Update fingers - update finger table Put - insert (key, value) Get - call get Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 20 / 38 ASM Formalization of Chord Chord Actions Start Rule i f ∀j(j ∈ Chord ∧ Chord(j) = undef ) then seq i := hash(IP) par Chord(i) := true predecessor (i) := undef successor (i) := i finger (i) := [ ] next(i) := 0 keysvalues(i) := [ ] stabilization(i) endpar endseq e l s e i f Chord i s a l r e a d y s t a r t e d endif Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 21 / 38 ASM Formalization of Chord Chord Actions Join Rule choose j i n Chord s a t i s f y i n g Chord(j) = true i f j 6= undef then seq i := hash(IP) i f Chord(i) 6= true then i f i 6= undef then seq INITIALIZATION TRANSFER KEYS stabilization(i) endseq e l s e i f Chord i s f u l f i l l e d endif e l s e i f i i s a l r e a d y member o f Chord endif endseq e l s e i f Chord i s empty endif endchoose Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 22 / 38 ASM Formalization of Chord Chord Actions FairLeave Rule i f Chord(i) = true then seq CHECK SUCCESSOR i f successor (i) = predecessor (i) ∧ predecessor (i) = i then seq Chord(i) := undef End endseq elseif seq par TRANSFER KEYS predecessor (successor (i)) := predecessor (i) successor (predecessor (i)) := successor (i) endpar UNSET VALUES endseq endif endseq endif Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 23 / 38 ASM Formalization of Chord Chord Actions Stabilization Rule par stabilize(i) update predecessor (i) update fingers(i) endpar Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 24 / 38 ASM Formalization of Chord Chord Actions Stabilize Rule i f Chord(i) = true then seq i f ping(successor (i)) then seq x := predecessor (successor (i)) i f x 6= undef then i f member of (x, i, successor (i)) then successor (i) := x endif endif i f x = undef ∨ member of (i, x, successor (i)) then predecessor (successor (i)) := i endif endseq elseif UPDATE SUCCESSOR endif stabilize(i) endseq endif Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 25 / 38 ASM Formalization of Chord Chord Actions Update predecessor Rule i f Chord(i) = true then seq i f ping(predecessor (i)) 6= true then seq Chord(predecessor (i)) := undef predecessor (i) := undef endseq endif update predecessor (i) endseq endif Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 26 / 38 ASM Formalization of Chord Chord Actions Update fingers Rule i f Chord(i) = true then seq next(i) := next(i) + 1 i f (next(i) > M) then next(i) := 1 / ∗ N = 2M ∗ / endif finger .listitem(next(i)) := find successor (i, i + 2next(i)−1 ) update fingers(i) endseq endif Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 27 / 38 ASM Formalization of Chord Chord Actions Put Rule i f Chord(i) = true then seq x := find successor (i, hash(key )) i f x 6= undef keysvalues(x).add(hhash(key), valuei) e l s e i f Chord i s f u l f i l l e d endif endseq endif Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 28 / 38 ASM Formalization of Chord Chord Actions Empty Rules End - go to Sε when last node leaves UnfairLeave - caused by a node crash, communication problems, etc. Get - does not change the state of the network (call get function) Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 29 / 38 Correctness of the Formalization Outline 1 Introduction 2 (Informal) Description of Chord 3 Abstract State Machine 4 Related Work 5 ASM Formalization of Chord Basic Notions Chord Actions 6 Correctness of the Formalization 7 Conclusion Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 30 / 38 Correctness of the Formalization Correctness of find successor Theorem Let id ∈ {0, 1, . . . , N − 1}, n0 ∈ Chord and n = find successor (n0 , id). If the successor pointers form a ring of all nodes in the Chord network, then the following statement holds (∀x ∈ Chord)(member of (x, id, n) = true∧x 6= n) ⇒ Chord(x) = undef . Theorem If the successor pointers form a ring of all nodes in the Chord network, then the following statement holds ∀(n, n0 , id ∈ Chord)find successor (n, id) = find successor (n0 , id). Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 31 / 38 Correctness of the Formalization Rebuild of the Chord Ring Theorem Let the successor pointers form a ring of all nodes in a Chord network. Let a node join a Chord network and break the ring of the successors pointers. Then, Stabilization rule will rebuild the ring. Figure: Join Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 32 / 38 Correctness of the Formalization Rebuild of the Chord Ring Theorem Let the successor pointers form a ring of all nodes in a Chord network. Let a node join a Chord network and break the ring of the successors pointers. Then, Stabilization rule will rebuild the ring. Figure: Join Figure: Unfair Leave Theorem Let the successor pointers form a ring of all nodes in a Chord network. Let a node leaves a Chord network in an unfair way and breaks the ring of the successors pointers. Then, Stabilization rule will rebuild the ring. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 32 / 38 Correctness of the Formalization State Changing (1) Definition (Node scenario) For a node the following sequence of actions is allowed: Start | Join, Stabilization, (Put | Get)∗ , FairLeave | UnfairLeave. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 33 / 38 Correctness of the Formalization State Changing (1) Definition (Node scenario) For a node the following sequence of actions is allowed: Start | Join, Stabilization, (Put | Get)∗ , FairLeave | UnfairLeave. Definition (Network scenario) For a Chord network the following sequence of actions is allowed: Starti , Stabilizationi , ((Joinij , Stabilizationij ) || Putik || Getil || FairLeaveim || UnfairLeavein )+ , End, where i, ij , ik , il , im , in ∈ Chord, and for every s ∈ Chord, the corresponding subsequence of actions is allowed for Nodes . Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 33 / 38 Correctness of the Formalization State Changing (2) Theorem When End rule is applied there are no other nodes in a Chord network except the node which invokes End rule. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 34 / 38 Correctness of the Formalization State Changing (2) Theorem When End rule is applied there are no other nodes in a Chord network except the node which invokes End rule. Theorem An arbitrary sequence σ1 of actions in a Chord network can be reduced to an allowed sequence σ0 , such that σ0 and σ1 cause the same sequence of state transitions of the network. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 34 / 38 Correctness of the Formalization State Changing (2) Theorem When End rule is applied there are no other nodes in a Chord network except the node which invokes End rule. Theorem An arbitrary sequence σ1 of actions in a Chord network can be reduced to an allowed sequence σ0 , such that σ0 and σ1 cause the same sequence of state transitions of the network. Theorem If a nonempty prefix of an allowed sequence of actions produces the current state of a Chord network, then the successor pointers will eventually form a ring of all nodes in the network. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 34 / 38 Correctness of the Formalization Key Manipulation Theorem (Golden rule) ∀((key, value)∈ Keys × Values) ((key, value) ∈ keysvalues(i) ⇒ hash(key) 6 i), where 6 respects that 0 is the first successor of N − 1. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 35 / 38 Correctness of the Formalization Key Manipulation Theorem (Golden rule) ∀((key, value)∈ Keys × Values) ((key, value) ∈ keysvalues(i) ⇒ hash(key) 6 i), where 6 respects that 0 is the first successor of N − 1. Corollary If get returns undef for some key ∈ Keys, then there is no value ∈ Values such that (key, value) pair is stored in the Chord network. Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 35 / 38 Conclusion Outline 1 Introduction 2 (Informal) Description of Chord 3 Abstract State Machine 4 Related Work 5 ASM Formalization of Chord Basic Notions Chord Actions 6 Correctness of the Formalization 7 Conclusion Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 36 / 38 Conclusion Conclusion and Furthure Work Presented an ASM-based formalization of the Chord protocol Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 37 / 38 Conclusion Conclusion and Furthure Work Presented an ASM-based formalization of the Chord protocol First comprehensive formal analysis of Chord Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 37 / 38 Conclusion Conclusion and Furthure Work Presented an ASM-based formalization of the Chord protocol First comprehensive formal analysis of Chord Proves with respect to the regular runs and execution of the rules UnfairLeave and Put in stable states Regular runs eliminate several observed shortages Practice vs Assumptions - Challenges to modify Chord Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 37 / 38 Conclusion Conclusion and Furthure Work Presented an ASM-based formalization of the Chord protocol First comprehensive formal analysis of Chord Proves with respect to the regular runs and execution of the rules UnfairLeave and Put in stable states Regular runs eliminate several observed shortages Practice vs Assumptions - Challenges to modify Chord Apply similar technique to describe some other DHT protocols Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 37 / 38 Conclusion Conclusion and Furthure Work Presented an ASM-based formalization of the Chord protocol First comprehensive formal analysis of Chord Proves with respect to the regular runs and execution of the rules UnfairLeave and Put in stable states Regular runs eliminate several observed shortages Practice vs Assumptions - Challenges to modify Chord Apply similar technique to describe some other DHT protocols Starting point for a formal proof assistant (Coq, Isabelle/HOL) Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 37 / 38 Thank you for your attention Any question? Marinković,Glavan,Ognjanović(MISANU, FSB) ASM Description of Chord 4th ARGO Workshop 38 / 38
© Copyright 2026 Paperzz