Presentation is loading. Please wait.

Presentation is loading. Please wait.

Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen."— Presentation transcript:

1 Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen

2 Common Knowledge in Distributed Systems Looking back to the definition: The Kripke Model M associated with a distributed system is M= where: S={( S 1 …………..S m | S i is a local state of processor i)} π : S→P→(t, f), R i ={ (s, t), | S i = t i } for i=1....m

3 Some limiting properties of M M does not contain any information about the actual state transformations (that the system executes or is subject to). The actual process is determined by: The structure of the process The way they are programmed The protocols by which they communicate

4 Introducing the notion of a run of system Epistemic logic is limited in the sense that it cannot express anything about the way in which a process comes about. However, it is possible to describe processor knowledge using the concept of a run A run in M is defined as: s(1), s(2) →………… (→ is not to be confused with ) Our main interest in a run Behaviour of some common knowledge during a run (given M)

5 Some prior knowledge Consider the figure below: 1 Proposition If we let s be a state in the Kripke Model M, and K the ‘upward cone’ of s, then: (i) (M, s)|=Cφ if (M, t)|=φ for all t K s (ii) if Cφ holds in s (i.e. (M, s)|= Cφ) then Cφ holds in the world of ks

6 Proof (i) (M, s) |=Cφ ↔ (M, t)|=φ for all t with s → > t ↔ (M, t)|= φ for all t K s (ii)…(proof (or hint) to be given) Next: some more concepts

7 Definition (2.2.3) Strongly Connected Let M = and ↠ be defined as before. Then: M is called strongly connected if for all s, t ∊ S it holds that s ↠ t. Meaning: Every state is reachable from every other state in 0 or more steps

8 Model s0s0 s1s1 R1 s i ∊ S

9 Model s0s0 s1s1 R1 s i ∊ S t i ∊ S titi RiRi

10 Connected S → t s0s0 s1s1 R1 s i ∊ S t i ∊ S titi RiRi

11 Strongly connected S ↠ t s0s0 s1s1 R1 s i ∊ S t i ∊ S titi RiRi

12 Proposition (2.2.3.1) Connected Distributed Systems The Kripke model associated with a distributed system, is strongly connected, if m > 1. R2 R1 (0,0) (1,0)(1,1) (0,1) All states are reachable within 2 steps, because of the strongly connected relations.

13 Proof: s ↠ t Prove for any s,t ∊ S in the Kripke model of the distributed system that s ↠ t holds. s = (s 1,s 2,…,s m ), t = (t 1,t 2,…,t m ) s = (s 1,s 2,…,s m ) → (s 1,t 2,…,t m ) → (t 1,t 2,…,t m ) →t R 1 R i i ≠1 Thus: s ↠ t

14 Example; Model with multiple dimensions s i = s i+1 = t i = Every state is reachable within 2 steps

15 Theorem (2.2.4) General Result Let M be a strongly connected Kripke model. Suppose that for some state s and a formula φ it holds that (M,s) ⊨ C φ. Then: M ⊨ C φ

16 Proof IF(M,s) ⊨ C φTHEN M ⊨ C φ because: φ is true for all states in K s In a strongly connected system all s ∊ K s

17 Corollary Let M be a Kripke model associated with a distributed system with processors 1, …, m, (m > 1) (M, s) ⊨ Cp {s ∊ S } M ⊨ Cp Common knowledge is constant through every run of M (Julius) because a Kripke model of a distributed system is strongly connected

18 Example 1 Given the following distributed system: Processors:A, B, C Local states:0, 1 (let P = {p, q}) Describe the Kripke Model M for this system, along with a truth assignment such that: (i)M ⊨ Cp (ii)There is a global state such that (M, s) ⊨ Eq, but not M ⊨ Eq

19 Possible Worlds (0,0,0) (1,0,0) (0,0,1) (1,0,1) (0,1,1) (1,1,1) (1,1,0) (0,1,0)

20 Description of the model M = S:{(x, y, z) | x, y, z ∈ {0,1}} where s = (x1, y1, z1) andt = (x2, y2, z2) R A :(s, t) ∈ R A ↔ x1 = x2 R B :(s, t) ∈ R B ↔ y1 = y2 R C :(s, t) ∈ R C ↔ z1 = z2 π : ∀s ∈ S: π(s)(p) = t π(s)(q) = f ↔ s = (1,1,1)

21 Questions 1. M ⊨ Cp P is defined true everywhere, so we have M ⊨ Cp. 2. There is a global state such that (M, s) ⊨ Eq, but not M ⊨ Eq If we choose s = (0,0,0), we have (M, s) ⊨ Eq. Since q is false in (1,1,1), we have M ⊭ Eq

22 Example 2 Show that for any Kripke model M it holds that: M ⊨ φ ⇒ M ⊨ C φ Answer: Suppose M ⊨ φ.Then in all s ∊ S, ( M, s) ⊨ φ. But then φ is true in all Rc-successors of each world: let s and t ∊ S such that (s,t) ∊ Rc. Since φ is true in all states of S, we have ( M, t) ⊨ φ, and thus ( M, s) ⊨ C φ.

23 Counter example Counter example of: M ⊨ φ → C φ In first example (cube). (M (0,0,0)) ⊨ q ʌ ¬Cq and thus: M ⊭ q → Cq. (0,0,0) (1,0,0) (0,0,1) (1,0,1) (0,1,1) (1,1,1) (1,1,0) (0,1,0)

24 Example: Increasing common knowledge Model: M = obtained as: S = {a, b}; π(x)(p) = t iff x = a and R1 = R2 = {(a, a), (b,b)}. In run a ➙ b it’s the case that the common knowledge about ¬p increases: We have (M, a) ⊨ ¬C¬p while (M, b) ⊨ C¬p a p b ¬p R1R2R1R2 R1R2R1R2

25 Some comments We would expect common knowledge in distributed systems to increase by communication Why not? Hence the Kripke model loses the property of being strongly connected

26 Plausible solution Consider Kripke models M = where S is a subset of S 1,S 2,…,S m rather than (S = S 1 × … × S m ) The task at hand is to prove that C-knowledge is constant, hence…

27 Definition 2.2.11 A run s (1) → s (2) → …. is called non-simultaneous if for every transition s (k) → s (k+1) there exists a processor 1 ≤ i ≤ m with s i (k) = s i (k+1)

28 Theorem 2.2.12 “In non-simultaneous runs common knowledge is constant”

29 Proof of Theorem 2.2.12 Suppose s → s' for s = (s 1, s 2, …, s m ) and s' = (s 1 ', s 2 ’, …, s m ’) with s i = s i ', and consequently (s, s') ∈ R i, and suppose (M, s') ⊨ Cφ. Now it holds that: (M, s') ⊨ Cφ → (M, s') ⊨ ECφ → (M, s') ⊨ KiCφ

30 …. Since R i is an equivalence relation, then it holds that: (s, s') ∈ R i → (s', s) ∈ R i Using the definition of the semantics of the K i -operator, we have: (M, s) ⊨ Cφ

31 …. From above, any C-knowledge present in s' is also present in s and vice versa as well Hence, C-knowledge is constant at the non-simultaneous transition s → s' Then by induction, C-knowledge is also constant in a non-simultaneous run.

32 Co-ordinated Attack Problem Two separated generals co-ordinating an attack Cφ (φ=“attack at time x!”) necessary Messengers may be captured by enemy General A General B Hostile army Communication

33 Attaining Cφ φ, Messenger: φ K B φ, messenger: K B φ K A K B φ, messenger: K A K B φ  Ad infinitum… Cφ is never attained (in finite time)  Even without actual deletion or delay (common knowledge about deletion or delay is enough)  Each message adds only one level of knowledge

34 Proof by induction: no finite amount of messages is enough 0 messages: ¬K B φ Inductive step, k messages insufficient: ¬Cφ If k+1 suffice:  k+1’s sender attacks without confirmation  k+1 was apparently irrelevant  k should have sufficed  …which contradicts the inductive hypothesis

35 Non-guaranteed communication NG1: for all r and t, r’ exists extending (r,t)  r’ has same history and internal clock as r  r’ receives no messages on or after t NG2: if in r, p i does not receive messages in (t’, t)  r’ exists extending (r, t’), with h(p i, r, t’’) = h(p i, r’, t’’) for all t’’ <= t  no other processor p j receives message in r’ in [t’, t)

36 Consequence of NG1 & NG2 If Cφ can be attained by communication, Cφ can be attained without communication  Since no k messages are enough, either is impossible in the current problem Proof by induction follows

37 C without guaranteed communication (1) Theorem:  r: run in R  d(r): amount of messages in r up to time t  r * : same run in R, no messages up to time t  (I, r, t) ╞ Cφ ↔ (I, r *, t)╞ Cφ d(r) = 0  h(p 1, r, t) = h(p 1, r *, t)  (I, r, t) ╞ Cφ ↔ (I, r *, t)╞ Cφ

38 C without guaranteed communication (2) Assume hypothesis holds for all runs r’ with d(r’) = k Assume d(r) = k + 1:  t’ < t is latest time of message reception in r before t  p j receives message at t’ in r  There is a run r’ for which h(p i, r, t’’)=h(p i, r’, t’’) for all t’’ ≤ t  Other processor p k receives no messages in [t’, t)

39 C without guaranteed communication (3) d(r’) <= k  Inductive hypothesis, when d(r’) = k: (I, r *, t) ╞ Cφ ↔ (I, r’, t)╞ Cφ  Since h(p i, r, t) = h(p i, r’, t): (I, r, t) ╞ Cφ ↔ (I, r’, t)╞ Cφ Therefore: (I, r, t) ╞ Cφ ↔ (I, r *, t)╞ Cφ

40 Possible solution Problem:  t > n > b > a OR t > n > a > b  “Attack, I will attack once I am sure we both will.” Solution:  t > b > n > a OR t > a > n > b  “Attack, please ack, I will not re-ack.”

41 Discussion Does TCP protocol solve the problem? Are there real-life equivalents of this problem?  With less strict requirements?

Download ppt "Common knowledge: application to distributed systems Caesar Ogole, Jan Gerard Gerrits, Harrie de Groot, Julius Kidubuka & Stijn Colen."

Similar presentations

Completeness and Expressiveness

Completeness and Expressiveness
Some important properties Lectures of Prof. Doron Peled, Bar Ilan University.

Some important properties Lectures of Prof. Doron Peled, Bar Ilan University.
Introduction to Proofs

Introduction to Proofs
PROOF BY CONTRADICTION

PROOF BY CONTRADICTION
Chapter 3 Elementary Number Theory and Methods of Proof.

Chapter 3 Elementary Number Theory and Methods of Proof.
Possible World Semantics for Modal Logic

Possible World Semantics for Modal Logic
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.
3.3 Divisibility Definition If n and d are integers, then n is divisible by d if, and only if, n = dk for some integer k. d | n  There exists an integer.

3.3 Divisibility Definition If n and d are integers, then n is divisible by d if, and only if, n = dk for some integer k. d | n  There exists an integer.
Basic properties of the integers

Basic properties of the integers
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.

A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Discussion #12 1/22 Discussion #12 Deduction, Proofs and Proof Techniques.

Discussion #12 1/22 Discussion #12 Deduction, Proofs and Proof Techniques.
Formalizing Alpha: Soundness and Completeness Bram van Heuveln Dept. of Cognitive Science RPI.

Formalizing Alpha: Soundness and Completeness Bram van Heuveln Dept. of Cognitive Science RPI.
מבנה המחשב + מבוא למחשבים ספרתיים תרגול 1#

מבנה המחשב + מבוא למחשבים ספרתיים תרגול 1#
Logic: Connectives AND OR NOT P Q (P ^ Q) T F P Q (P v Q) T F P ~P T F

Logic: Connectives AND OR NOT P Q (P ^ Q) T F P Q (P v Q) T F P ~P T F
So far we have learned about:

So far we have learned about:
Issues with Clocks. Problem Lack of global time –Need to compare different events in a distributed system.

Issues with Clocks. Problem Lack of global time –Need to compare different events in a distributed system.
Ch 3.3: Linear Independence and the Wronskian

Ch 3.3: Linear Independence and the Wronskian
Proof by Deduction. Deductions and Formal Proofs A deduction is a sequence of logic statements, each of which is known or assumed to be true A formal.

Proof by Deduction. Deductions and Formal Proofs A deduction is a sequence of logic statements, each of which is known or assumed to be true A formal.

Similar presentations

Ads by Google