Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de...

41
Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen
  • date post

    20-Dec-2015
  • Category

    Documents

  • view

    219
  • download

    0

Transcript of Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de...

Page 1: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Common knowledge: application to distributed systems

Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen

Page 2: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Common Knowledge in Distributed Systems

Looking back to the definition:

The Kripke Model M associated with a distributed system is

M=<S, R1 …………..Rm>

where:

S={( S1 …………..Sm | Si is a local state of processor i)}

π : S→P→(t, f),

Ri ={ (s, t), | Si = ti} for i=1....m

Page 3: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Some limiting properties of M

M does not contain any information about the actual state transformations (that the system executes or is subject to).

The actual process is determined by: The structure of the process The way they are programmed The protocols by which they communicate

Page 4: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Introducing the notion of a run of system Epistemic logic is limited in the sense that it cannot express

anything about the way in which a process comes about.

However, it is possible to describe processor knowledge using the concept of a run

A run in M is defined as:

s(1), s(2) →…………

(→ is not to be confused with )

Our main interest in a run Behaviour of some common knowledge during a run (given M)

Page 5: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Some prior knowledge

Consider the figure below:

1 PropositionIf we let s be a state in the Kripke Model M, and K the ‘upward cone’ of s, then:

(i) (M, s)|=Cφ if (M, t)|=φ for all t Ks

(ii) if Cφ holds in s (i.e. (M, s)|= Cφ) then Cφ holds in the world of ks

Page 6: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Proof

(i) (M, s) |=Cφ ↔ (M, t)|=φ for all t with s →> t ↔ (M, t)|= φ for all t Ks

(ii)…(proof (or hint) to be given)

Next: some more concepts

Page 7: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Definition (2.2.3)Strongly ConnectedLet M = <S, π, R1, …, Rm> and

↠ be defined as before.Then:

M is called strongly connected if for all s, t ∊ S it holds that s ↠ t.

Meaning: Every state is reachable from every other state in 0 or more steps

Page 8: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Model

s0 s1

R1

si ∊ S

Page 9: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Model

s0 s1

R1

si ∊ Sti ∊ S ti

Ri

Page 10: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Connected

S → t

s0 s1

R1

si ∊ Sti ∊ S ti

Ri

Page 11: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Strongly connected

S ↠ t

s0 s1

R1

si ∊ Sti ∊ S ti

Ri

Page 12: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Proposition (2.2.3.1)Connected Distributed Systems

The Kripke model associated with a distributed system, is strongly connected,

if m > 1.

R2 R2

R1

R1(0,0)

(1,0) (1,1)

(0,1)

All states are reachablewithin 2 steps, because of the strongly connected relations.

Page 13: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Proof: s ↠ t

Prove for any s,t ∊ S in the Kripke model of the distributed system that s ↠ t holds.

s = (s1,s2,…,sm) , t = (t1,t2,…,tm)  s = (s1,s2,…,sm)→(s1,t2,…,tm)→(t1,t2,…,tm) →t

R1 Ri i ≠1

Thus: s ↠ t

Page 14: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Example; Model with multiple dimensions

si = <0,1,1,0,0,1,1,0>

si+1 = <1,1,1,0,0,1,1,0>

ti = <1,1,1,0,0,0,1,0>

Every state is reachable within 2 steps

Page 15: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Theorem (2.2.4) General Result

Let M be a strongly connected Kripke model. Suppose that for some state s and a formula φ it

holds that (M,s) ⊨ Cφ.

Then:M ⊨ Cφ

Page 16: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Proof

IF (M,s) ⊨ Cφ THEN M ⊨ Cφ because:

φ is true for all states in Ks

In a strongly connected system all s ∊ Ks

Page 17: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Corollary

Let M be a Kripke model associated with a distributed system with processors 1, …, m, (m > 1)

(M, s) ⊨ Cp {s ∊ S}

M ⊨ Cp

Common knowledge is constant through every run of M (Julius)

because a Kripke model of a distributed system is strongly connected

Page 18: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Example 1Given the following distributed system:Processors: A, B, CLocal states: 0, 1 (let P = {p, q})

Describe the Kripke Model M for this system, along with a truth

assignment such that:

(i) M ⊨ Cp(ii) There is a global state such

that (M, s) ⊨ Eq, but not M ⊨ Eq

Page 19: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Possible Worlds

(0,0,0) (1,0,0)

(0,0,1) (1,0,1)

(0,1,1) (1,1,1)

(1,1,0)(0,1,0)

Page 20: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Description of the modelM = <S, π, RA, RB, RC>S: {(x, y, z) | x, y, z {0,1}}∈

where s = (x1, y1, z1)and t = (x2, y2, z2)

RA: (s, t) R∈ A ↔ x1 = x2RB: (s, t) R∈ B ↔ y1 = y2RC: (s, t) R∈ C ↔ z1 = z2π : ∀s S: ∈ π(s)(p) = t

π(s)(q) = f ↔ s = (1,1,1)

Page 21: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Questions1. M ⊨ Cp

P is defined true everywhere, so we have M ⊨ Cp.

2. There is a global state such that (M, s) ⊨ Eq,

but not M ⊨ Eq

If we choose s = (0,0,0), we have (M, s) ⊨ Eq.

Since q is false in (1,1,1), we have M ⊭ Eq

Page 22: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Example 2

Show that for any Kripke model M it holds that: M ⊨ φ ⇒ M ⊨ Cφ

Answer: Suppose M ⊨ φ.Then in all s ∊ S, (M, s) ⊨ φ.But then φ is true in all Rc-successors of each world: let s and t ∊ S such that (s,t) ∊ Rc. Since φ is true in all states of S, we have (M, t) ⊨ φ, and thus (M, s) ⊨ Cφ.

Page 23: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Counter example

Counter example of: M ⊨ φ → Cφ

In first example (cube). (M (0,0,0)) ⊨ q ʌ ¬Cq

and thus: M ⊭ q → Cq. (0,0,0) (1,0,0)

(0,0,1) (1,0,1)

(0,1,1) (1,1,1)

(1,1,0)(0,1,0)

Page 24: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Example: Increasing common knowledge Model: M = <S, π, R1, R2, RE, RC > obtained as:

S = {a, b}; π(x)(p) = t iff x = a and R1 = R2 = {(a, a), (b,b)}. In run a ➙ b it’s the case that the common knowledge about ¬p increases:

We have (M, a) ⊨ ¬C¬p while (M, b) ⊨ C¬p

a p

b ¬p

R1R2 R1R2

Page 25: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Some comments

We would expect common knowledge in distributed systems to increase by communication

Why not?

Hence the Kripke model loses the property of being strongly connected

Page 26: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Plausible solution

Consider Kripke models M = <S, π, R1,.., Rm>where S is a subset of S1,S2,…,Sm rather than (S = S1 × … × Sm )

The task at hand is to prove that C-knowledge is constant, hence…

Page 27: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Definition 2.2.11

A run s(1) → s(2) → ….

is called non-simultaneous if for every

transition s(k) → s(k+1) there exists

a processor 1 ≤ i ≤ m with si(k) = si

(k+1)

Page 28: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Theorem 2.2.12

“In non-simultaneous runs common knowledge is constant”

Page 29: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Proof of Theorem 2.2.12

Suppose s → s' for s = (s1, s2, …, sm) and s' = (s1', s2’, …, sm’) with si = si', and consequently (s, s')∈Ri , and suppose (M, s') Cφ.⊨

Now it holds that:

(M, s') Cφ → (M, s') ECφ → (M, s') KiCφ⊨ ⊨ ⊨

Page 30: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

….

Since Ri is an equivalence relation, then it holds that:

(s, s') R∈ i → (s', s) R∈ i

Using the definition of the semantics of the Ki-operator, we have:

(M, s) Cφ⊨

Page 31: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

….

From above, any C-knowledge present in s' is also present in s and vice versa as well

Hence, C-knowledge is constant at the non-simultaneous transition s → s'

Then by induction, C-knowledge is also constant in a non-simultaneous run.

Page 32: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Co-ordinated Attack Problem

Two separated generals co-ordinating an attack

Cφ (φ=“attack at time x!”) necessary Messengers may be captured by enemy

General A General B

Hostile army

Communication

Page 33: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Attaining Cφ φ, Messenger: φ KBφ, messenger: KBφ KAKBφ, messenger: KAKBφ

Ad infinitum… Cφ is never attained (in finite time)

Even without actual deletion or delay (common knowledge about deletion or delay is enough)

Each message adds only one level of knowledge

Page 34: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Proof by induction: no finite amount of messages is enough 0 messages: ¬KBφ Inductive step, k messages insufficient:

¬Cφ If k+1 suffice:

k+1’s sender attacks without confirmationk+1 was apparently irrelevantk should have sufficed…which contradicts the inductive hypothesis

Page 35: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Non-guaranteed communication

NG1: for all r and t, r’ exists extending (r,t)r’ has same history and internal clock as rr’ receives no messages on or after t

NG2: if in r, pi does not receive messages in (t’, t)r’ exists extending (r, t’), with

h(pi, r, t’’) = h(pi, r’, t’’) for all t’’ <= tno other processor pj receives message in r’ in [t’,

t)

Page 36: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Consequence of NG1 & NG2

If Cφ can be attained by communication, Cφ can be attained without communicationSince no k messages are enough, either is

impossible in the current problem

Proof by induction follows

Page 37: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

C without guaranteed communication (1) Theorem:

r: run in Rd(r): amount of messages in r up to time t r*: same run in R, no messages up to time t (I, r, t) ╞ Cφ ↔ (I, r*, t)╞ Cφ

d(r) = 0h(p1, r, t) = h(p1, r*, t)

(I, r, t) ╞ Cφ ↔ (I, r*, t)╞ Cφ

Page 38: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

C without guaranteed communication (2) Assume hypothesis holds for all runs r’ with

d(r’) = k Assume d(r) = k + 1:

t’ < t is latest time of message reception in r before t

pj receives message at t’ in rThere is a run r’ for which h(pi, r, t’’)=h(pi, r’, t’’)

for all t’’ ≤ t Other processor pk receives no messages in [t’, t)

Page 39: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

C without guaranteed communication (3) d(r’) <= k

Inductive hypothesis, when d(r’) = k:(I, r*, t) ╞ Cφ ↔ (I, r’, t)╞ Cφ

Since h(pi, r, t) = h(pi, r’, t):

(I, r, t) ╞ Cφ ↔ (I, r’, t)╞ Cφ

Therefore: (I, r, t) ╞ Cφ ↔ (I, r*, t)╞ Cφ

Page 40: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Possible solution

Problem: t > n > b > a OR t > n > a > b“Attack, I will attack once I am sure we both

will.” Solution:

t > b > n > a OR t > a > n > b“Attack, please ack, I will not re-ack.”

Page 41: Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Discussion

Does TCP protocol solve the problem? Are there real-life equivalents of this

problem?With less strict requirements?