Receiving Messages in Their Correct Order: Analyzing Broadcast

Protocols in Dynamic Epistemic Logics

Spandan Das

and Sujata Ghosh

Indian Statistical Institute, Kolkata, India

Indian Statistical Institute, Chennai, India

Keywords:

Broadcast Protocols, Correctness of Protocols, Dynamic Epistemic Logic, Algorithm, Complexity.

Abstract:

In this paper we analyse distributed protocols in a logical framework. In particular, we provide a dynamic epis-

temic logic analysis of certain broadcast protocols, viz. Birman-Schiper-Stephenson protocol and Lamport’s

mutual exclusion protocol. In the process, we provide correctness proofs of these protocols via knowledge-

based reasoning. We also provide a detailed algorithmic analysis of the logical modeling of these protocols.

1 INTRODUCTION

Distributed systems occur ubiquitously in today’s

world of computing and as such, a great deal of ef-

fort has been provided towards improving our under-

standing of these systems. A major challenge is to

deal with such systems efﬁciently and effectively. The

distributed nature of control and information in these

systems lead us to consider the tasks of the systems

in terms of the global behavior of the system, even

though the actions that an individual processor per-

forms can depend only on its local information.

Since the design of a distributed system involves

the behavior and interaction between individual pro-

cessors in the system, designers frequently ﬁnd it use-

ful to reason intuitively about processors’ states of

knowledge at various points in the execution of a sys-

tem. Over the years, states of knowledge of groups

of processors have become useful concepts for the

design and analysis of distributed protocols. Epis-

temic logic and its variants provide us with a proven

methodology to analyze these knowledge states of

processors and their interactions. A seminal work

in this area is (Halpern and Zuck, 1992) which pro-

vides a uniform knowledge-based framework to deal

with the sequence transmission problem in both syn-

chronous and asynchronous settings.

Over the years, such frameworks have been used

to model various authentication protocols (for a sur-

vey, see (Ahmadi et al., 2019)), and epistemic and

temporal epistemic logics played a major role in the

analyses of such protocols. Dynamic epistemic log-

ics have also been used to model such protocols, but

as described in (Dechesne and Wang, 2010), there are

certain limitations to such approaches in terms of han-

dling equivalence of messages. However, these log-

ics are quite adept in handling higher-order uncertain-

ties and partial information in protocols (e.g., see (van

Ditmarsch et al., 2014)).

In dynamic epistemic logics, the actions/events

bring in changes in the epistemic states of the agents,

but these changes happen immediately. Conse-

quently, these logics are generally not appropriate for

modelling communication of information where there

is a time gap between the send-event and the receive-

event, a natural occurrence in asynchronous systems.

Recently, some variants of dynamic epistemic logics

have been developed to deal with communication in

asynchronous systems, e.g., see (Knight et al., 2019;

Balbiani et al., 2020), both of which extends the usual

dynamic epistemic language so as to express the time-

lag in communication.

This work uses a simple variant of dynamic epis-

temic logic, where the action updates are generally

modeled as soft updates (e.g., see (Baltag and Smets,

2008) ), i.e., only the agent relations get updated, and

there is no change in the set of possible worlds. The

logic is used to model communication of information

in the form of message passing in asynchronous sys-

tems. In such systems, communication speed might

differ from channel to channel leading to problems in

the arrangement of messages from different processes

in their correct temporal order. In case the messages

are not executed in their correct temporal order, the

system might act erroneously. The goal of distributed

protocols such as BSS and Lamport’s mutual exclu-

Das, S. and Ghosh, S.

Receiving Messages in Their Correct Order: Analyzing Broadcast Protocols in Dynamic Epistemic Logics.

DOI: 10.5220/0010253608510858

In Proceedings of the 13th International Conference on Agents and Artiﬁcial Intelligence (ICAART 2021) - Volume 2, pages 851-858

ISBN: 978-989-758-484-8

851

sion is to choose an execution order so that such in-

consistencies do not occur.

The focus is on the modelling of broadcast proto-

cols (Singhal and Shivaratri, 1994) in the framework

mentioned above together with the correctness proofs

of such protocols in terms of knowledge-based rea-

soning provided by the framework. In addition, im-

plementation details and complexity analyses are also

provided. We basically model the effect of following

these protocols on certain message passing systems.

The novelty of this work is two-fold. On one hand,

broadcast protocols are natural candidates for analy-

ses in terms of dynamic epistemic logics, but to the

best of the knowledge of the author(s), such logical

analyses of these protocols have not been done be-

fore. On the other hand, a simple variant of dynamic

epistemic logic has been used to deal with these asyn-

chronous systems, and that was made possible due

to the usage of the different possible orderings of the

messages as possible worlds of the underlying Kripke

model used to describe such systems.

We note here that these broadcast protocols have

been studied quite extensively over the years and cor-

rectness proofs are also there in the literature. Our

goal here is to showcase the use of dynamic epis-

temic logic in handling the knowledge-based reason-

ing of such systems. We believe that this method-

ology can be adopted for modelling the underlying

reasoning processes in different distributed protocols

which would provide a better understanding of such

protocols applied on asynchronous systems.

Before proceeding further, we list the assumptions

on the asynchronous systems that are made for our

analyses. These assumptions, without being neces-

sary, enhance the exposition: Each process has a lo-

cal clock with respect to which it can arrange local

send and receive events in their correct temporal or-

der; inter-process communication channels are First

In First Out (FIFO) in nature, that is, two messages

from the same process are received by other processes

in their order of generation; and, the set of messages

generated by all the processes is ﬁnite. Additionally,

each process has the same initial knowledge about

the set of all messages generated in the system, and

the actual set of messages generated in the system

is a subset of the set of messages known to each of

the processes (for a detailed explanation see (Das and

Ghosh, 2020)).

2 BROADCAST PROTOCOLS

In asynchronous distributed systems (Singhal and

Shivaratri, 1994), when the communication of infor-

mation is taken care of by message-passing, more of-

ten than not, the messages cannot be ordered accord-

ing to their time of generation, the main reason being

the fact that the global clock is unavailable. However,

there is a reasonable way in which one can say that a

message m

is generated before another message m

If m

is received by the sender of m

before m

is sent

then evidently m

is generated before m

. Such an

ordering, deﬁned by Lamport, is given as follows:

Deﬁnition 1. (Causal ordering). Let a and b be two

events. We say a causally precedes b (notation a → b)

if one of the following three cases happen:

1. a and b are events on the same process and a

chronologically precedes b by local clock of the

process.

2. a is the send event and b is the receive event of the

same message.

3. There exist an event c such that a → c and c → b.

If none of these three cases happen then we say a and

b are concurrent.

Various protocols have been developed for such

distributed systems so that the causal ordering of mes-

sages could be enforced. For example, in Birman-

Schiper-Stephenson (BSS) protocol, the processes al-

ways execute messages in the correct causal order,

whereas, in Lamport’s mutual exclusion (LME) pro-

tocol critical section requests are granted in their cor-

rect causal order. Before moving any further, let us

describe those protocols. The BSS protocol helps the

processes to execute the messages received in correct

causal order. If two messages are concurrent, they are

sorted in ﬁrst come ﬁrst serve basis.

Deﬁnition 2. BSS Protocol is deﬁned as follows:

1. When a process broadcasts a message it also

broadcasts how many messages it has received

from each of the other processes.

2. When a process receives a message from another

process it checks whether it has received all pre-

vious messages from that same process and also

whether it knows about at least as many messages

in the system as the sender process does. If both

checks are true, the recipient process executes the

message, otherwise it puts the message on hold

and waits.

The LME protocol helps the processes to decide

the order of accessing the critical section (a set of ob-

jects which can be modiﬁed by at most one process at

a time) in case of multiple requests coming from dif-

ferent processes. If one request causally precedes an-

other, the former process is granted access before the

latter. Additionally, the protocol assumes that each

process has a unique process ID from a totally ordered

ICAART 2021 - 13th International Conference on Agents and Artiﬁcial Intelligence

852

set and in case of concurrent requests, it breaks tie

using process ID. This means that the protocol gives

ﬁrst access of the critical section to the process with

the smallest ID.

Deﬁnition 3. LME protocol is deﬁned as follows in

terms of the movements around the critical section:

- Requesting the critical section:

1. When a process wants to access the critical sec-

tion, it generates a request and a timestamp for

that request. The process keeps this request

in its own request queue sorted according to

timestamps and then broadcasts it to all other

processes along with the timestamp.

2. When a process receives a timestamped re-

quest, it keeps the request in its own request

queue sorted according to timestamps. Then it

generates a timestamped reply corresponding to

the request and sends the reply to the sender of

the request.

- Accessing the critical section: When a process ob-

serves

1. its request is at the top of its own request queue,

2. it has received at least one message (request or

reply or release) with higher timestamp than its

request from all other processes,

the process enters the critical section.

- Exiting the critical section:

1. When a process exits the critical section, it

generates a timestamped release message and

broadcasts it to all other processes. It deletes

its own request from its request queue.

2. Upon receiving a release message, a process re-

moves the request of the sender process from its

own request queue.

In the remainder of this paper we will model these two

protocols in a variant of dynamic epistemic logic, so

as to exemplify a novel way of formal modeling such

protocols towards proving correctness of the proto-

cols using knowledge-based reasoning.

3 MODELLING PROTOCOLS IN

DYNAMIC EPISTEMIC LOGIC

Let us ﬁrst provide a brief introduction to a relevant

variant of dynamic epistemic logic before moving on

to the modelling of the protocols. For a detailed ex-

position, see (van Ditmarsch et al., 2007).

Syntax. Given a ﬁnite set of propositions P , a ﬁnite

set of agents A and a ﬁnite set of actions Act, the

language L is deﬁned as follows:

φ := p | ¬φ | φ ∧ φ | K

φ | Aφ,

where p ∈ P , a ∈ A, A ∈ Act. The formulas φ ∨ ψ,

φ → ψ are deﬁned as usual. A formula of the form

φ reads as “φ is known to agent a” and Aφ reads

as “φ holds after some action A”. The actions are

generally considered to be protocol-dependent and

changes the model suitably. We use L

φ to denote the

formula ¬K

¬φ.

Semantics. A model M for this language is a tuple

(W, R,V ) where W denotes a non-empty set of worlds,

R denotes a set of agent-relations and V denotes a val-

uation function. Each agent deﬁnes a relation R

∈ R

such that R

⊆ W ×W . In essence, R

models knowl-

edge of an agent a which can be modiﬁed by certain

events or actions. A valuation function V : P → 2

associates propositions to sets of worlds. An action

A can modify an agent’s knowledge, which we will

explain in details while modelling the protocols. The

effect of an action A on a model M is given by the

model M

. The truth deﬁnition of a formula at a world

w ∈ W in the model M is as follows:

M, w |= p iff w ∈ V (p),

M, w |= ¬φ iff M, w 2 φ,

M, w |= φ ∧ ψ iff M, w |= φ and M, w |= ψ,

M, w |= K

φ iff for all ˜w ∈ W with wR

˜w, M, ˜w |= φ

M, w |= Aφ iff M

, w |= φ.

M |= φ means that for all w ∈ W , M, w |= φ.

3.1 BSS Protocol

Before we deﬁne the language for analyzing BSS pro-

tocol, let us ﬁrst note some important notations and

deﬁnitions. Let A denote the set of agents/processes

in the distributed system, and let M denote the set of

messages whose causal ordering we are interested in.

Each message is denoted by x

, which can be read as

the i

message from agent x.

Deﬁnition 4. (Permutation). We say π is a permu-

tation on a ﬁnite set S iff π : S → {1, 2, . . . , |S|} is a

bijection.

Deﬁnition 5. (Allowed permutation). A permutation

π on M is an allowed permutation iff π(x

) < π(x

)

whenever i < j. Here, π(x

) (π(x

)) denotes the posi-

tion of x

) in the permutation π.

Deﬁnition 6. (MSN). For an agent x, MSN (message

to send next) of x (denoted MSN(x)) is k ∈ N if x has

sent x

k−1

∈ M but not sent x

∈ M . However if x has

sent all its messages in M then MSN(x) is ∞.

3.1.1 Language

Now we are ready to deﬁne the language L that can

describe the content of the exchanged messages. Let

Receiving Messages in Their Correct Order: Analyzing Broadcast Protocols in Dynamic Epistemic Logics

853

P be the set of propositions. We have,

P ={P

x,i

| x ∈ A; x

∈ M }∪

x, j

a,i

| a, x ∈ A ; a

, x

∈ M ; a

6= x

Here P

x,i

reads “agent x has spoken i times” and Q

x, j

a,i

reads “agent a in its i

message notiﬁes that j

mes-

sage from agent x has reached it”. The formulas are

given by,

φ := > | p | ¬φ | φ ∧ φ | K

φ | A

φ.

Here K

φ reads “agent a knows φ”. We include A

ψ in

the language only for Boolean formulas φ (no restric-

tion on ψ) and not for more complex formulas since

they are not needed for modeling the BSS protocol.

For a Boolean formula φ and a general formula ψ in

the language, A

ψ reads “ψ is true after φ is received

by a”. Let us now have the following deﬁnitions for

the Boolean formulas in the language:

Deﬁnition 7. (Sender of a formula). The sender of a

Boolean formula φ is deﬁned recursively,

• sender(φ) = x if φ = P

x,i

• sender(φ) = a if φ = Q

x, j

a,i

• sender(¬φ) = sender(φ).

• sender(φ ∧ ψ) = sender(φ) if sender(φ) =

sender(ψ) and undeﬁned otherwise.

Deﬁnition 8. (Index of a formula). The index of a

Boolean formula φ is deﬁned recursively,

• index(φ) = i if φ = P

x,i

• index(φ) = i if φ = Q

x, j

a,i

• index(¬φ) = index(φ).

• index(φ ∧ ψ) = index(φ) if index(φ) = index(ψ)

and undeﬁned otherwise.

3.1.2 Semantics

We deﬁne the model M as the tu-

ple (W, R,V ) where, W = {π |

π is an allowed permutation on the underlying

message set },

R = {R

| a ∈ A; R

is a binary relation on W },

V : P → 2

is given as follows,

V (P

x,i

) = W for all x

∈ M

V (Q

x, j

a,i

) = {π ∈ W | π(x

) < π(a

)} for all a

, x

∈ M .

Here π(x

) (π(a

)) denotes the position of message x

) in the permutation π and the order between two

positions is shown by the relation ‘<’.

Deﬁnition 9. (Semantics). Let a model M be given.

We inductively deﬁne the interpretation of formula

φ ∈ L on (M, π) as follows,

M, π |= >, always ,

M, π |= p ∈ P iff π ∈ V (p),

M, π |= ¬φ iff M, π 2 φ,

M, π |= φ ∧ ψ iff M, π |= φ and M, π |= ψ,

M, π |= K

φ iff for all

π with πR

π, M,

π |= φ,

M, π |= A

ψ iff M

φ,a

|= ψ,

where M

φ,a

is the updated model under the action A

We now provide the details of the model updates (ac-

tions) that we consider for BSS protocol.

In BSS protocol the content of each message is a

formula in L either of the form φ = P

x,i

or of the form

φ = P

x,i

∧

y6=x

y, j

x,i

, since the sender also broadcasts

the messages she has received from each of the other

agents along with the current message. We now con-

centrate on such formulas to model the BSS protocol.

The initial model is M = (W, R,V ) where W is the set

of all allowed permutations on M and for each agent

x, R

is a universal relation on W , i.e., R

= W ×W .

Suppose the formula φ is received by agent x. Then

the corresponding action will transform the current

model M into the model M

φ,x

= (W, R

φ,x

,V ) where

only the agent relations are modiﬁed. The new set

of agent relations is R

φ,x

= {R

| a ∈ A} where,

• For each y 6= x, R

= R

• R

is the intersection of R

and the com-

plete relation on E

where, E

= {π ∈ W |

π(sender(φ)

index(φ)

) < π(x

MSN(x)

) and M, π |= φ}.

When a message having content φ is received by an

agent x, the corresponding action A

is performed on

the current model M, transforming it to M

φ,x

. We

note that the operator A

acts globally. After all mes-

sages are received, the set of permutations can be

partitioned into two sets. In one set, each permuta-

tion π is isolated with respect to every R

, i.e., π



for all σ ∈ W and for all x. The other set is uni-

versal with respect to every R

(i.e., for any π, σ in

the set, πR

σ for all x) and in each of them the mes-

sages appear in correct causal order. Formally, x

→ y

if and only if we have that in the ﬁnal model M

f in

|= ∧

a∈A

> → K

x,i

y, j

). For a worked out ex-

ample, see (Das and Ghosh, 2020).

3.2 LME Protocol

For the analysis of LME Protocol, we will develop

the language corresponding to request messages only,

as the other kinds of messages do not play a role in

ICAART 2021 - 13th International Conference on Agents and Artiﬁcial Intelligence

854

generating the order of these messages. The order-

ing of request messages generated by LME Protocol

is an index-based ordering where ties between request

messages with equal indices are broken based on the

IDs of the requesting processes. We will later show

that this is actually a causal ordering of the request

messages. Let A denote the set of agents/processes

in the distributed system, and M denote the set of

request messages whose causal ordering we are inter-

ested in. Each request is of the form x

, which means

that it is the i

request made by agent x. Permutations

and allowed permutations are deﬁned as earlier.

Deﬁnition 10. (Index of a message). Index of a mes-

sage generated by a process is 1 if the process has not

sent or received any other message before. Otherwise

it is k + 1 where k is the maximum index of all mes-

sages received or sent by the process before.

Deﬁnition 11. (Timestamp of a message). Times-

tamp of a message is generated by concatenating

its index (deﬁnition 10) at the front of the ID of the

sender process.

3.2.1 Language

We will now deﬁne the language for modeling the

LME protocol. The set of propositions is given by,

P = {Q

y, j

x,i

| x, y ∈ A ; x

, y

∈ M ; x

6= y

Here, Q

y, j

x,i

reads “request x

causally precedes request

”. The formulas are given by,

φ := > | p | ¬φ | φ ∧ φ | K

φ | A

, j

φ | A

, j

r,y

φ,

where, p ∈ P . As earlier, the formula K

φ reads as

“agent a knows φ”. A

, j

φ reads “after request x

with

index j is sent, φ holds” and A

, j

r,y

φ reads “after request

with index j is received by y, φ holds”.

3.2.2 Semantics

We deﬁne A model M as a tuple (W, R, Ind,V ) where,

W = {π | π is an allowed permutation on M },

R = {R

| a ∈ A; R

is a binary relation on W },

Ind = {Ind

| a ∈ A } where, Ind

= {(a

, j) | a

∈

M , index(a

) = j ∈ N} (Ind

stores the requests ob-

served by agent a and their corresponding indices),

V : P → 2

is given by V (Q

y, j

x,i

) = {π | π(x

) < π(y

)}.

Deﬁnition 12. (Semantics). Let a model M be given.

The truth deﬁnition of the formulas φ of the language

above at (M, π) is given as follows,

M, π |= >, always ,

M, π |= Q

y, j

x,i

iff π ∈ V (Q

y, j

x,i

)

M, π |= ¬φ iff M, π 2 φ,

M, π |= φ ∧ ψ iff M, π |= φ and M, π |= ψ,

M, π |= K

φ iff for all

π with πR

π, M,

π |= φ,

M, π |= A

, j

ψ iff M

, π |= ψ,

M, π |= A

, j

r,y

ψ iff M

, π |= ψ.

Here M

denotes the updated model under A

, j

and

denotes the updated model under A

, j

r,y

(with re-

spect to the current model M). We now provide the

details of model updates under these actions.

The model M changes when a request is gener-

ated or received by a process. The corresponding

action transforms the model M to the model M

(W, R

, Ind

,V ) where only the agent relations and Ind

sets corresponding to the agents are modiﬁed.

- Suppose request x

is generated by agent x.

• If y 6= x then Ind

= Ind

• Ind

= Ind

∪ {(x

, j)} where j = index(x

• If y 6= x then R

= R

• R

is the intersection of R

and the complete rela-

tion on E

where

= {π ∈ W | ∀(y

, k) ∈ Ind

;π (y

) < π(x

)}.

- Suppose request x

is received by agent y.

• If z 6= y then Ind

= Ind

• Ind

= Ind

∪ {(x

, j)} where j = index(x

• If z 6= y then R

= R

• R

is the intersection of R

and the complete rela-

tion on E

where,

= {π ∈ W | ∀(z

, k) ∈ Ind

;π(x

)< π(z

) iff

index(x

)< k and π(x

)> π(z

) iff index(x

)> k}.

The initial model is M = (W, R, Ind,V ) where W is the

set of all allowed permutations on M , for each agent

x, R

is a universal relation on W (i.e., R

= W ×W )

and Ind

0 for all a ∈ A . When an agent x sends its

request or when an agent y receives the request x

the corresponding actions A

, j

or A

, j

r,y

is performed

on the current model respectively. The model update

happens according to the rules deﬁned above. After

all requests are received, the set of permutations gets

partitioned into two sets, as in the case of BSS Pro-

tocol. In one set, each permutation is isolated with

respect to every R

(i.e., π



σ for all σ ∈ W and for

all x) and the other set is universal with respect to ev-

ery R

(i.e., for any π, σ in the set, πR

σ for all x)

Receiving Messages in Their Correct Order: Analyzing Broadcast Protocols in Dynamic Epistemic Logics

855

and in each world of it, the requests appear in correct

causal order. Observe that index(x

) < index(y

) iff in

the ﬁnal model M

f in

|= ∧

a∈A

> → K

y, j

x,i

), i.e., ev-

ery agent considers only those permutations where the

requests are ordered according to their indices. For a

worked out example, see (Das and Ghosh, 2020).

4 CORRECTNESS OF THE

PROTOCOLS

In the following, we prove the correctness of the pro-

tocols, using knowledge-based reasoning as provided

by the formal frameworks we just discussed.

4.1 Correctness of BSS Protocol

It is claimed that in BSS protocol, each agent executes

messages in the correct causal order. To prove this

we will show that after all the messages are received,

each agent knows the causal order between any two

messages. In logical language, we will show that the

ﬁnal model M

f in

|= ∧

a∈A

> → K

x,i

y, j

) iff x

→ y

The following theorems prove this.

Theorem 1. (Agreement). After all the messages

are received, an agent a is sure that x

precedes y

iff every other agent in the system is sure about this.

Formally, we have that M

f in

|= (L

> → K

x,i

y, j

) ↔

(∧

b∈A;b6=a

> → K

x,i

y, j

)).

Proof. The detailed proof of this theorem is provided

in (Das and Ghosh, 2020).

Deﬁnition 13. (Basic precedence). We say a causal

precedence a

→ b

is a basic precedence iff either a =

b and a

is sent before a

or a 6= b and a

is received

by b before b

is sent.

It is easy to observe from the deﬁnition of causal

order that if a

→ b

then either it is a basic precedence

or there are c

(1)

, . . . , c

(m)

such that a

→ c

(1)

→ ··· →

(m)

→ b

where each precedence is a basic prece-

dence. Let us use this observation to show that each

agent knows all the causal orders when BSS protocol

is used.

Theorem 2. If x

→ y

is a basic precedence then

agent y knows x

precedes y

. In other words, in the

ﬁnal model M

f in

|= L

> → K

x,i

y, j

Proof. We have provided the detailed proof in (Das

and Ghosh, 2020).

Theorems 1 and 2 show that each basic prece-

dence is known to all agents. Since any causal prece-

dence can be built up from basic precedence only,

we get that all causal precedence are known to ev-

ery agent. Thus the claim that each agent knows all

and only the causal orders after message passing, is

true. Thus, no agent can violate the causal order while

executing messages. We also observe that BSS pro-

tocol generates a unique allowed permutation iff for

any two messages x

and y

, either every agent knows

→ y

or every agent knows y

→ x

. In logical

language, BSS protocol generates a unique permuta-

tion iff the ﬁnal model M

f in

|= ∧

6=y

((∧

a∈A

> →

x,i

y, j

)) ∨ (∧

a∈A

> → K

x,i

y, j

))).

4.2 Correctness of LME Protocol

For LME protocol, we have to show that no two re-

quests can access the critical section at the same time.

To prove this we show that all agents agree on a

unique permutation of the requests and the critical

section is accessed in that order. Thus there cannot be

any conﬂict between the decisions of any two agents.

We will also show that the permutation each agent

agrees on, is actually a causal order of the requests.

Theorem 3. If two requests x

and y

are such that

→ y

, then index(x

) < index(y

Proof. We have provided a detailed proof in (Das and

Ghosh, 2020).

Theorem 4. (Agreement). Each agent agrees on per-

mutations where requests appear in correct causal or-

der and all agents agree on same set of permutations.

Proof. We have provided a detailed proof in (Das and

Ghosh, 2020).

Now if every agent breaks tie between requests

with same index using process ID (i.e., the process

with smallest ID wins in case of a tie in indices), they

must agree on a unique permutation since without us-

ing process ID they agree on same set of permuta-

tions. Thus LME protocol leads to a unique permu-

tation of requests which is agreed upon by all agents.

This proves the correctness of the protocol. In other

words, each agent knows the order in which the re-

quests should access the critical section.

5 ON IMPLEMENTATION AND

TIME COMPLEXITY

In all these models we have only used allowed per-

mutations as states. Let us ﬁrst provide an estimate

ICAART 2021 - 13th International Conference on Agents and Artiﬁcial Intelligence

856

for the number of allowed permutations. Let for each

agent a ∈ A, M

be the set of messages sent by agent

a. Then M = ∪

a∈A

. Since M

∩M

0 for a 6= b,

|M | =

∑

a∈A

|. Let SA be the set of allowed per-

mutations. Then,

|SA| =

|M |!

∏

a∈A

In case each agent sends only one message, we have

|SA| = |M |!. Once again, the detailed analysis is pro-

vided in (Das and Ghosh, 2020).

5.1 Time Complexity for BSS Protocol

In this section we provide a possible implementation

of the action update model for BSS protocol and its

time complexity. The implementation has two steps:

1. Given set of agents A and set of messages M

build the initial model according to BSS protocol.

2. Update the model according to the BSS proto-

col as messages are received by agents until each

message is received by all the other agents except

for the sender.

The time complexity of each of the above steps

is O(|A||M |!). Thus total time complexity of the

entire implementation is O(|A ||M |! + |A||M |!), i.e.,

O(|A||M |!) (for a detailed analysis see (Das and

Ghosh, 2020)).

5.2 Time Complexity for LME Protocol

In this section we provide a possible implementation

of the action update model for LME protocol and its

time complexity. The implementation has two steps:

1. Given a set of agents A and a set of requests M

build the initial model according to LME protocol.

2. Update the model according to LME protocol as

messages are sent and received by agents until

each message is received by all the other agents

except the sender.

The time complexity of each of the above steps

is O(|A||M |!). Thus total time complexity of the

entire implementation is O(|A||M |! + |A ||M |!), i.e,

O(|A||M |!) (for a detailed analysis see (Das and

Ghosh, 2020)).

6 CONCLUSION AND FUTURE

DIRECTIONS

To summarize, we have shown that simple variants of

dynamic epistemic logic can indeed be used to model

distributed protocols in asynchronous settings. The

knowledge-based framework can be used to model

the effect of these protocols, and the underlying rea-

soning process becomes explicit. In some sense, the

action update operators model the effect of receipt of

messages, and can be considered as private announce-

ments to the individual processes/agents. However,

the logical languages developed here are protocol-

speciﬁc and quite ad hoc in nature. It would be in-

teresting to see whether a uniform framework could

be developed and how that framework would relate

to the existing literature on announcement logics. We

leave this for the future.

Another direction to work on is to bring other

distributed protocols in the purview of the logical

framework described here. To this end, one can con-

sider Maekawa’s quorum based mutual exclusion al-

gorithm (Singhal and Shivaratri, 1994), where each

process consults only a proper subset of all processes

before accessing the critical section. It would be in-

teresting to see the variant of dynamic epistemic logic

which could be used to model the underlying reason-

ing process of the protocol.

REFERENCES

Ahmadi, S., Fallah, M. S., and Pourmahdian, M. (2019).

On the properties of epistemic and temporal epistemic

logics of authentication. Informatica, 43(2).

Balbiani, P., van Ditmarsch, H., and Gonz

alez, S. F.

(2020). From public announcements to asynchronous

announcements. In Giacomo, G. D., Catala, A., Dilk-

ina, B., Milano, M., Barro, S., Bugar

ın, A., and Lang,

J., editors, Proceedings of the 24th European Confer-

ence on Artiﬁcial Intelligence, volume 325 of Fron-

tiers in Artiﬁcial Intelligence and Applications.

Baltag, A. and Smets, S. (2008). A qualitative theory of

dynamic interactive belief revision. In Bonanno, G.,

van der Hoek, W., and Wooldridge, M., editors, Logic

and the Foundations of Game and Decision Theory

(LOFT07), volume 3 of Texts in Logic and Games,

pages 9–58. Amsterdam University Press, Amster-

dam.

Das, S. and Ghosh, S. (2020). Receiving messages in their

correct order: Analyzing broadcast protocols in dy-

namic epistemic logic (a technical report). Technical

report, Indian Statistical Institute.

Dechesne, F. and Wang, Y. (2010). To know or not to know:

epistemic approaches to security protocol veriﬁcation.

Synthese, 177(1):51–76.

Halpern, J. Y. and Zuck, L. D. (1992). A little knowledge

goes a long way: knowledge-based derivations and

correctness proofs for a family of protocols. Journal

of the ACM (JACM), 39(3):449–478.

Knight, S., Maubert, B., and Schwarzentruber, F. (2019).

Reasoning about knowledge and messages in asyn-

Receiving Messages in Their Correct Order: Analyzing Broadcast Protocols in Dynamic Epistemic Logics

857

chronous multi-agent systems. Mathematical Struc-

tures in Computer Science, 29(1):127–168.

Singhal, M. and Shivaratri, N. (1994). Advanced Concepts

in Operating Systems: Distributed, Database, and

Multiprocessor Operating Systems. Computer Science

Series. McGraw-Hill.

van Ditmarsch, H., Ghosh, S., Verbrugge, R., and Wang,

Y. (2014). Hidden protocols: Modifying our expec-

tations in an evolving world. Artiﬁcial Intelligence,

208:18–40.

van Ditmarsch, H., van der Hoek, W., and Kooi, B. (2007).

Dynamic Epistemic Logic, volume 337 of Synthese Li-

brary. Springer Verlag, Berlin.

ICAART 2021 - 13th International Conference on Agents and Artiﬁcial Intelligence

858