Knowledge and Distributed Coordination Yoram Moses Technion NUS - PowerPoint PPT Presentation

Defining Knowledge in Pictures � r i i i r 0 � r 00 � r 000 � r 4 NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 17 / 45

Defining Knowledge in Pictures K i � r i i i r 0 � r 00 � r 000 � r 4 NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 17 / 45

Defining Knowledge more formally [Fagin et al. 1995] A run is a sequence r : N → G of global states. A system is a set R of runs. Typically, R = { runs of a protocol P in a model M } . Assumption Each global state r ( t ) determines a local state r i ( t ) for every agent i . A point ( r , t ) refers to time t in run r . NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 18 / 45

Defining Knowledge more formally [Fagin et al. 1995] A run is a sequence r : N → G of global states. A system is a set R of runs. Typically, R = { runs of a protocol P in a model M } . Assumption Each global state r ( t ) determines a local state r i ( t ) for every agent i . A point ( r , t ) refers to time t in run r . NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 18 / 45

Defining Knowledge more formally [Fagin et al. 1995] A run is a sequence r : N → G of global states. A system is a set R of runs. Typically, R = { runs of a protocol P in a model M } . Assumption Each global state r ( t ) determines a local state r i ( t ) for every agent i . A point ( r , t ) refers to time t in run r . NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 18 / 45

A Propositional Logic of Knowledge Facts are considered "true" or "false" at a point. ( R , r , t ) | = ϕ denotes that ϕ is true at ( r , t ) wrt R . NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 19 / 45

A Propositional Logic of Knowledge Starting from a set Φ of primitive propositions, define L K n = L K n (Φ) by := p ∈ Φ | ¬ ϕ | ϕ ∧ ϕ | K 1 ϕ | · · · | K n ϕ ϕ Given an interpretation π : Φ × Pts( R ) → { True , False } ( R , r , t ) | = p , for p ∈ Φ, iff π ( p , r , t ) = True . ( R , r , t ) | = ¬ ϕ iff ( R , r , t ) �| = ϕ ( R , r , t ) | = ϕ ∧ ψ iff both ( R , r , t ) | = ϕ and ( R , r , t ) | = ψ . NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 20 / 45

Knowledge = Truth in All Possible Worlds iff for all points ( r ′ , t ′ ) of R such that ( R , r , t ) | = K i ϕ i ( t ′ ) we have ( R , r ′ , t ′ ) | r i ( t ) = r ′ = ϕ . Comments: The definition ignores the complexity of computing knowledge Local information = current local state K i ϕ holds if ϕ is guaranteed to hold in R given i ’s local state The definition is model independent NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 21 / 45

Knowledge = Truth in All Possible Worlds iff for all points ( r ′ , t ′ ) of R such that ( R , r , t ) | = K i ϕ i ( t ′ ) we have ( R , r ′ , t ′ ) | r i ( t ) = r ′ = ϕ . Comments: The definition ignores the complexity of computing knowledge Local information = current local state K i ϕ holds if ϕ is guaranteed to hold in R given i ’s local state The definition is model independent NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 21 / 45

Knowledge = Truth in All Possible Worlds iff for all points ( r ′ , t ′ ) of R such that ( R , r , t ) | = K i ϕ i ( t ′ ) we have ( R , r ′ , t ′ ) | r i ( t ) = r ′ = ϕ . Comments: The definition ignores the complexity of computing knowledge Local information = current local state K i ϕ holds if ϕ is guaranteed to hold in R given i ’s local state The definition is model independent NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 21 / 45

Specifications and Knowledge Problems in Distributed Computing are presented via specifications A bank’s system of ATMs Autonomous cars A distributed database A Google data center Specifications impose epistemic constraints on actions! NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 22 / 45

Specifications and Knowledge Problems in Distributed Computing are presented via specifications A bank’s system of ATMs Autonomous cars A distributed database A Google data center Specifications impose epistemic constraints on actions! NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 22 / 45

Knowledge of Preconditions ( R , r , t ) | = does i ( α ) iff i performs α at time t in r . Theorem ( K o P ) Under minor assumptions on α and ϕ in R: If is a necessary condition for does i ( α ) in R, ϕ then is a necessary condition for does i ( α ) in R. K i ϕ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 23 / 45

Deterministic Actions does i ( α ) r � , does i ( α ) NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 24 / 45

Deterministic Actions does i ( α ) r i r 0 � , does i ( α ) NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 24 / 45

Deterministic Actions does i ( α ) r i r 0 � , does i ( α ) does i ( α ) NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 24 / 45

Deterministic Actions Definition Action α is deterministic for i in R if whenever r i ( t ) = r ′ i ( t ′ ): ( R , r ′ , t ′ ) | ( R , r , t ) | = does i ( α ) iff = does i ( α ) . i ’s local state determines whether it performs α at points of R . NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 25 / 45

Deterministic Actions Definition Action α is deterministic for i in R if whenever r i ( t ) = r ′ i ( t ′ ): ( R , r ′ , t ′ ) | ( R , r , t ) | = does i ( α ) iff = does i ( α ) . i ’s local state determines whether it performs α at points of R . NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 25 / 45

The K o P Theorem for Deterministic Actions Theorem ( K o P , [M. 2015] ) Let α be a deterministic action for i in R . If is a necessary condition for does i ( α ) in R , ϕ then is a necessary condition for does i ( α ) in R . K i ϕ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 26 / 45

Proof of K o P does i ( α ) r � , does i ( α ) ( R , r , t ) | = does i ( α ) NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 27 / 45

Proof of K o P does i ( α ) r i r 0 � , does i ( α ) ( r , t ) ≈ i ( r ′ , t ′ ) NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 27 / 45

Proof of K o P does i ( α ) r i r 0 � , does i ( α ) does i ( α ) α is deterministic NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 27 / 45

Proof of K o P does i ( α ) r i � r 0 � , does i ( α ) does i ( α ) ϕ is a necessary condition NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 27 / 45

Proof of K o P does i ( α ) r i � r 0 � , does i ( α ) ϕ holds at all indistinguishable points NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 27 / 45

Proof of K o P K i � does i ( α ) r i � r 0 � , does i ( α ) so K i ϕ holds NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 27 / 45

Proof of K o P K i � does i ( α ) r � , does i ( α ) does i ( α ) ⇛ K i ϕ QED NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 27 / 45

K o P Applies Very Broadly The K o P is a universal theorem for distributed systems K o P applies to ATMs, autonomous cars, and even more generally: ◮ Legal systems: Judge Punishes X X committed the crime ⇛ Judge Punishes X K J ( X committed the crime) ⇛ ◮ Nature: Jellyfish stings X X � = a rock ⇛ Jellyfish stings X K J ( X � = a rock) ⇛ ◮ Betting: Don bets on Phar Lap PL will win ⇛ Don bets on Phar Lap K D ( PL will win) ⇛ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 28 / 45

K o P Applies Very Broadly The K o P is a universal theorem for distributed systems K o P applies to ATMs, autonomous cars, and even more generally: ◮ Legal systems: Judge Punishes X X committed the crime ⇛ Judge Punishes X K J ( X committed the crime) ⇛ ◮ Nature: Jellyfish stings X X � = a rock ⇛ Jellyfish stings X K J ( X � = a rock) ⇛ ◮ Betting: Don bets on Phar Lap PL will win ⇛ Don bets on Phar Lap K D ( PL will win) ⇛ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 28 / 45

K o P Applies Very Broadly The K o P is a universal theorem for distributed systems K o P applies to ATMs, autonomous cars, and even more generally: ◮ Legal systems: Judge Punishes X X committed the crime ⇛ Judge Punishes X K J ( X committed the crime) ⇛ ◮ Nature: Jellyfish stings X X � = a rock ⇛ Jellyfish stings X K J ( X � = a rock) ⇛ ◮ Betting: Don bets on Phar Lap PL will win ⇛ Don bets on Phar Lap K D ( PL will win) ⇛ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 28 / 45

K o P Applies Very Broadly The K o P is a universal theorem for distributed systems K o P applies to ATMs, autonomous cars, and even more generally: ◮ Legal systems: Judge Punishes X X committed the crime ⇛ Judge Punishes X K J ( X committed the crime) ⇛ ◮ Nature: Jellyfish stings X X � = a rock ⇛ Jellyfish stings X K J ( X � = a rock) ⇛ ◮ Betting: Don bets on Phar Lap PL will win ⇛ Don bets on Phar Lap K D ( PL will win) ⇛ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 28 / 45

K o P Applies Very Broadly The K o P is a universal theorem for distributed systems K o P applies to ATMs, autonomous cars, and even more generally: ◮ Legal systems: Judge Punishes X X committed the crime ⇛ Judge Punishes X K J ( X committed the crime) ⇛ ◮ Nature: Jellyfish stings X X � = a rock ⇛ Jellyfish stings X K J ( X � = a rock) ⇛ ◮ Betting: Don bets on Phar Lap PL will win ⇛ Don bets on Phar Lap K D ( PL will win) ⇛ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 28 / 45

An Application: Binary Consensus Model: Each process i = 1 , . . . , n starts with a value v i ∈ { 0 , 1 } . Communication network is a complete graph Synchronous message passing At most t < n crash failures We assume a full-information protocol NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 29 / 45

An Application: Binary Consensus Specification: A consensus protocol must guarantee Decision: Every correct process decides on a value in { 0 , 1 } . Agreement: All correct processes decide on the same value. Validity: A decision value must be an initial value. Validity means decide i ( v ) ∃ v ⇛ and so decide i ( 0 ) K i ∃ 0 ⇛ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 30 / 45

An Application: Binary Consensus Specification: A consensus protocol must guarantee Decision: Every correct process decides on a value in { 0 , 1 } . Agreement: All correct processes decide on the same value. Validity: A decision value must be an initial value. Validity means decide i ( v ) ∃ v ⇛ and so decide i ( 0 ) K i ∃ 0 ⇛ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 30 / 45

An Application: Binary Consensus Specification: A consensus protocol must guarantee Decision: Every correct process decides on a value in { 0 , 1 } . Agreement: All correct processes decide on the same value. Validity: A decision value must be an initial value. Validity means decide i ( v ) ∃ v ⇛ and so decide i ( 0 ) K i ∃ 0 ⇛ NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 30 / 45

Knowing ∃ 0 1 1 1 2 3 1 . . . i 1 K j ∃ 0 K j ∃ 0 j 1 1 1 . 1 . 1 . 0 K h ∃ 0 . n 1 0 1 2 3 4 5 6 K j ∃ 0 holds iff there is a message chain from an initial value of 0 to j . NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 ¬ K i ∃ 0 K j ∃ 0 How can one proc know ∃ 0 when another does not? NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 ¬ K i ∃ 0 K j ∃ 0 How can one proc know ∃ 0 when another does not? NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 ¬ K i ∃ 0 ¬ K j ∃ 0 K j ∃ 0 How can one proc know ∃ 0 when another does not? NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 ¬ K i ∃ 0 ¬ K j ∃ 0 K j ∃ 0 K j � ∃ 0 How can one proc know ∃ 0 when another does not? NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 ¬ K i ∃ 0 ¬ K j ∃ 0 K j ∃ 0 x x K j � ∃ 0 How can one proc know ∃ 0 when another does not? NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 1 1 1 2 3 1 . . . ¬ K i ∃ 0 i 1 j 1 ¬ K j ∃ 0 K j ∃ 0 x 1 K j � ∃ 0 1 . 1 . 1 . 0 . n 1 0 1 2 3 m NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 1 1 1 2 3 1 . . . ¬ K i ∃ 0 i 1 j 1 K j ∃ 0 x 1 1 . 1 . 1 . 0 . n 1 0 1 2 3 m NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 1 1 1 2 1 3 . . . ¬ K i ∃ 0 i 1 j 1 K j ∃ 0 x 1 x x 1 . x x x 1 . x x x x 1 . 0 x x x x x . n 1 0 1 2 3 m Claim: If K j ∃ 0 & ¬ K i ∃ 0 at time m , then ≥ m crashes have occurred NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

Knowing ∃ 0 1 1 1 2 1 3 . . . ¬ K i ∃ 0 i 1 j 1 K j ∃ 0 x 1 x x 1 . x x x 1 . x x x x 1 . 0 x x x x x . n 1 0 1 2 3 m Corollary: At time t + 1, either everyone knows ∃ 0 or nobody does NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 31 / 45

A Simple Consensus Protocol Protocol P 0 (for undecided process i ): if time = t + 1 & ¬ K i ∃ 0 then decide i ( 0 ) elseif time = t + 1 & ¬ K i ∃ 0 then decide i ( 1 ) Communication is according to the fip. All decisions at time t + 1 NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 32 / 45

A Simple Consensus Protocol Protocol P 0 (for undecided process i ): if time = t + 1 & ¬ K i ∃ 0 then decide i ( 0 ) elseif time = t + 1 & ¬ K i ∃ 0 then decide i ( 1 ) Communication is according to the fip. All decisions at time t + 1 NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 32 / 45

A Better Protocol Protocol Q 0 (for undecided process i ): if K i ∃ 0 then decide i ( 0 ) elseif time = t + 1 & ¬ K i ∃ 0 then decide i ( 1 ) All decisions by time t + 1 NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 33 / 45

A Better Protocol Protocol Q 0 (for undecided process i ): if K i ∃ 0 then decide i ( 0 ) elseif time = t + 1 & ¬ K i ∃ 0 then decide i ( 1 ) All decisions by time t + 1 NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 33 / 45

Performance of P 0 and Q 0 P 0 t+1 Time of last decision 2 1 0 Adversaries NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 34 / 45

Performance of P 0 and Q 0 P 0 t+1 Time of last decision 2 Q 0 1 0 Adversaries NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 34 / 45

Performance of P 0 and Q 0 P 0 t+1 Time of last decision 2 Q 0 1 1 0 0 Adversaries NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 34 / 45

Deciding Efficiently on 1 Design Decision: K j ∃ 0 ⇔ decide j ( 0 ). When can decide i ( 1 ) be performed? Recall: yy Agreement: decide i ( 1 ) ⇛ Nobody decides 0 By K o P , decide i ( 1 ) ⇛ “no currently active process knows ∃ 0” � nobody_knows ∃ 0 � By K o P , decide i ( 1 ) ⇛ K i NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 35 / 45

Deciding Efficiently on 1 Design Decision: K j ∃ 0 ⇔ decide j ( 0 ). When can decide i ( 1 ) be performed? Recall: yy Agreement: decide i ( 1 ) ⇛ Nobody decides 0 By K o P , decide i ( 1 ) ⇛ “no currently active process knows ∃ 0” � nobody_knows ∃ 0 � By K o P , decide i ( 1 ) ⇛ K i NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 35 / 45

Deciding Efficiently on 1 Design Decision: K j ∃ 0 ⇔ decide j ( 0 ). When can decide i ( 1 ) be performed? Recall: yy Agreement: decide i ( 1 ) ⇛ Nobody decides 0 By K o P , decide i ( 1 ) ⇛ “no currently active process knows ∃ 0” � nobody_knows ∃ 0 � By K o P , decide i ( 1 ) ⇛ K i NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 35 / 45

Deciding Efficiently on 1 Design Decision: K j ∃ 0 ⇔ decide j ( 0 ). When can decide i ( 1 ) be performed? Recall: yy Agreement: decide i ( 1 ) ⇛ Nobody decides 0 By K o P , decide i ( 1 ) ⇛ “no currently active process knows ∃ 0” � nobody_knows ∃ 0 � By K o P , decide i ( 1 ) ⇛ K i NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 35 / 45

Unbeatable Consensus [Castañeda, Gonczarowski & M. ’14] Protocol OPT 0 (for undecided process i ): if K i ∃ 0 then decide i ( 0 ) elseif K i � nobody_knows ∃ 0 � then decide i ( 1 ) My name is Sherlock Holmes. It is my business to know what other people don’t know. The Adventure of the Blue Carbuncle, 1892 NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 36 / 45

Unbeatable Consensus [Castañeda, Gonczarowski & M. ’14] Protocol OPT 0 (for undecided process i ): if K i ∃ 0 then decide i ( 0 ) elseif K i � nobody_knows ∃ 0 � then decide i ( 1 ) My name is Sherlock Holmes. It is my business to know what other people don’t know. The Adventure of the Blue Carbuncle, 1892 NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 36 / 45

1 1 1 2 1 3 . . . ¬ K i ∃ 0 i 1 ? j 1 K j ∃ 0? ? x 1 ? x x 1 . ? x x x 1 . ? x x x x 1 . ? x x x x x . n 1 0 2 1 3 m W.r.t. ( i , m ), nodes are seen, crashed, or hidden NUS Research Week ( :- ) Knowledge of Preconditions January 7th, 2019 37 / 45