How to get decidability of distributed synthesis for asynchronous systems

Paul Gastin
Joint work with Thomas Chatain and Nathalie Sznajder

January 29-31, 2009
Workshop ACTS
Outline

1. Introduction
2. Model
3. Specification
4. Decidability Results
Synthesis of a reactive system

inputs from $E$       outputs to $E$

Open system $S$

Specification $\varphi$
Synthesis of a reactive system

Two problems

- Decide whether there exists a program st. $P \parallel E \models \varphi$, $\forall E$.
- Synthesis: If so, compute such a program.

For reasonable systems and specifications, the problems are decidable.
Distributed synthesis

Open distributed system $S$

$S_1$ \quad $S_2$
\[\ldots\]
$S_3$ \quad $S_4$

Input of $E$ \quad Output to $E$

Specification $\varphi$
Distributed synthesis

Two problems

- Decide the existence of a distributed program such that their joint behavior $P_1 \| P_2 \| P_3 \| P_4 \| E$ satisfies $\varphi$, for all $E$.
- Synthesis: If it exists, compute such a distributed program.
Distributed synthesis
Synchronous or asynchronous semantics?

**Synchronous semantics**
- At each tick of a global clock, all processes and the environment output their new value
- Introduced in [PnueliRosner90].
- In general undecidable.
Distributed synthesis
Synchronous or asynchronous semantics?

Synchronous semantics
- At each tick of a global clock, all processes and the environment output their new value
- Introduced in [PnueliRosner90].
- In general undecidable.
Distributed synthesis
Synchronous or asynchronous semantics?

Synchronous semantics

- At each tick of a global clock, all processes and the environment output their new value
- Introduced in [PnueliRosner90].
- In general undecidable.
Behaviors are Mazurkiewicz traces
Players = controllable actions
Causal memory
Specification : regular over Mazurkiewicz traces
Asynchronous semantics

P.G., Benjamin Lerman, Marc Zeitoun

- Behaviors are Mazurkiewicz traces
- Players = controllable actions
- Causal memory
- Specification : regular over Mazurkiewicz traces

Theorem

Synthesis problem is decidable for co-graph dependence alphabets, i.e., for series-parallel systems.
Asynchronous semantics

Our model

- Processes evolve asynchronously for local actions (i.e., communications with the environment)
Asynchronous semantics

Our model

- Processes evolve asynchronously for local actions (i.e., communications with the environment)
- They can synchronize by signals = common actions initiated by only one process. A process cannot refuse reception of a signal.
Asynchronous semantics

Our model

- Processes evolve asynchronously for local actions (i.e., communications with the environment)
- They can synchronize by signals = common actions initiated by only one process. A process cannot refuse reception of a signal.
- Specifications:
  - over partial orders
Asynchronous semantics

Our model

- Processes evolve asynchronously for local actions (i.e., communications with the environment)
- They can synchronize by signals = common actions initiated by only one process. A process cannot refuse reception of a signal.
- Specifications:
  - over partial orders
  - will not restrain communication abilities
Decidability Results

Theorem

Synthesis problem is decidable for strongly-connected architectures
Outline

1. Introduction
2. Model
3. Specification
4. Decidability Results
The model

Architectures

- Communication graph \((\text{Proc}, E)\)
The model

Architectures

- Communication graph \((\text{Proc}, E)\)
- Sets of input and output signals for each process:
  \[ \bigcup_{i \in \text{Proc}} \text{In}_i \cup \bigcup_{i \in \text{Proc}} \text{Out}_i = \Gamma \]
The model

Architectures

- Communication graph \((\text{Proc}, E)\)
- Sets of input and output signals for each process:
  \[ \bigcup_{i \in \text{Proc}} \text{In}_i \cup \bigcup_{i \in \text{Proc}} \text{Out}_i = \Gamma \]
- Processes choose sets \(\Sigma_{i,j}\) for \((i, j) \in E\)
The model

Architectures

- Communication graph \((\text{Proc}, E)\)
- Sets of input and output signals for each process:
  \[ \bigcup_{i \in \text{Proc}} \text{In}_i \cup \bigcup_{i \in \text{Proc}} \text{Out}_i = \Gamma \]
- Processes choose sets \(\Sigma_{i,j}\) for \((i, j) \in E\)
- \(\Sigma = \Gamma \cup \bigcup_{(i,j) \in E} \Sigma_{i,j}\)
The model

**Architectures**

- Communication graph \((\text{Proc}, E)\)
- Sets of input and output signals for each process:
  \[\bigcup_{i \in \text{Proc}} \text{In}_i \cup \bigcup_{i \in \text{Proc}} \text{Out}_i = \Gamma\]
- Processes choose sets \(\Sigma_{i,j}\) for \((i,j) \in E\)
- \[\Sigma = \Gamma \cup \bigcup_{(i,j) \in E} \Sigma_{i,j}\]
- For each process \(i\), \(\Sigma_i\) is the set of signals it can send or receive, and
  \[\Sigma^c_i = \text{Out}_i \cup \bigcup_{j,(i,j) \in E} \Sigma_{i,j}\]
A run is a Mazurkiewicz trace $t = (V, \lambda, \leq)$ over $(\Sigma, D)$ where $a D b$ if there is a process that takes part both in $a$ and $b$. 

1  ________________
2  ________________
3  ________________
The model: runs

A run is a Mazurkiewicz trace $t = (V, \lambda, \leq)$ over $(\Sigma, D)$ where $a D b$ if there is a process that takes part both in $a$ and $b$.
The model: runs

A run is a Mazurkiewicz trace $t = (V, \lambda, \leq)$ over $(\Sigma, D)$ where $a D b$ if there is a process that takes part both in $a$ and $b$.
A run is a Mazurkiewicz trace \( t = (V, \lambda, \leq) \) over \((\Sigma, D)\) where \( a \mathbin{D} b \) if there is a process that takes part both in \( a \) and \( b \).
The model: runs

A run is a Mazurkiewicz trace $t = (V, \lambda, \leq)$ over $(\Sigma, D)$ where $a D b$ if there is a process that takes part both in $a$ and $b$. 
The model: runs

**Runs**

A run is a Mazurkiewicz trace \( t = (V, \lambda, \leq) \) over \((\Sigma, D)\) where \( a D b \) if there is a process that takes part both in \( a \) and \( b \)

![Diagram of a run with states 1, 2, and 3 connected by arrows]

1 2 3

1 2 3

1 2 3
A run is a Mazurkiewicz trace \( t = (V, \lambda, \leq) \) over \( (\Sigma, D) \) where \( a D b \) if there is a process that takes part both in \( a \) and \( b \).
The model: runs

A run is a Mazurkiewicz trace $t = (V, \lambda, \leq)$ over $(\Sigma, D)$ where $a \ D b$ if there is a process that takes part both in $a$ and $b$. 
A run is a Mazurkiewicz trace $t = (V, \lambda, \leq)$ over $(\Sigma, D)$ where $a D b$ if there is a process that takes part both in $a$ and $b$. 

The model: runs
The model: strategies

Strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^C$ with local memory.
The model: strategies

Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.

Signal semantics implies reactivity of processes to events.

1 \[ \underline{\text{f1 : b}} \]
2 \[ \underline{\text{f2 : c}} \]
3 \[ \underline{\text{f3 : d}} \]
The model: strategies

**Strategies**

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies reactivity of processes to events.

1. $a \quad f_1 : b'$
2. $\quad f_2 : c$
3. $\quad f_3 : d$
The model: strategies

Strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies reactivity of processes to events.

1. $f_1 : b'$
2. $f_2 : c'$
3. $f_3 : d$
The model: strategies

Strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies reactivity of processes to events.

1. $f_1 : b'$
2. $f_2 : c''$
3. $f_3 : d$
Strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies reactivity of processes to events.
The model: strategies

Strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^\mathcal{C}$ with local memory.
- Signal semantics implies reactivity of processes to events.

1. $a \quad b' \quad \longrightarrow$
2. $a' \quad f \quad h \quad \sqrt{\quad}$
3. $\phantom{a} \phantom{b} \phantom{f} \phantom{h} \phantom{\sqrt{}}$

$f_1 : g$
$f_2 : i$
$f_3 : d$
The model: strategies

Strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^\c$ with local memory.
- Signal semantics implies reactivity of processes to events.
The model: strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies reactivity of processes to events.
- A run respects a strategy $f = (f_i)_{i \in \text{Proc}}$ (is an $f$-run) if each event of process $i$ labelled with a controllable action respects the strategy $f_i$. 

```
  1  a   b'  g
  2  a'  f  h
  3

f_1 : j
f_2 : i
f_3 : d
```
The model: strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies reactivity of processes to events.
- A run respects a strategy $f = (f_i)_{i \in \text{Proc}}$ (is an $f$-run) if each event of process $i$ labelled with a controllable action respects the strategy $f_i$. 

![Diagram showing a run respecting a strategy with events and actions labelled with $f_1 : j$, $f_2 : i$, and $f_3 : d$.]
The model: strategies

Strategies

- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies reactivity of processes to events.
- A run respects a strategy $f = (f_i)_{i \in \text{Proc}}$ (is an $f$-run) if each event of process $i$ labelled with a controllable action respects the strategy $f_i$. 

```
1  a  b'  g
    f  h
  a'  f  h
2  a'  f  h
  a'  f  h
3  d  d
```

- $f_1 : j$
- $f_2 : i$
- $f_3 : d$
The model: strategies

**Strategies**
- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies *reactivity* of processes to events.
- A run respects a strategy $f = (f_i)_{i \in \text{Proc}}$ (is an *f-run*) if each event of process $i$ labelled with a controllable action respects the strategy $f_i$. 

```
1
   a ---- b' ---- g

2
   a'  f    h

3    c
```

$f_1 : j$

$f_2 : i$

$f_3 : d$
The model: strategies

**Strategies**
- Strategies are partial functions $f_i : \Sigma_i^* \rightarrow \Sigma_i^c$ with local memory.
- Signal semantics implies reactivity of processes to events.
- A run respects a strategy $f = (f_i)_{i \in \text{Proc}}$ (is an $f$-run) if each event of process $i$ labelled with a controllable action respects the strategy $f_i$.
- A run $t = (V, \lambda, \leq)$ is $f$-maximal if for each process $i$ either $V_i = \lambda^{-1}(\Sigma_i)$ is infinite, or $f_i$ is undefined on the maximal event of $V_i$. 

```
 1  a  b'  g
    a'  f  h
  2  c
  3
```
The model

Observable runs

Given a run $t = (V, \lambda, \leq)$, we define the observable run by

$$\pi_{\Gamma}(t) = (\Gamma, \lambda|_{\Gamma}, \leq \cap (\Gamma \times \Gamma))$$
The model

Observable runs

Given a run \( t = (V, \lambda, \leq) \), we define the observable run by

\[
\pi_{\Gamma}(t) = (\Gamma, \lambda|_{\Gamma}, \leq \cap (\Gamma \times \Gamma))
\]
The model

Observable runs

Given a run $t = (V, \lambda, \leq)$, we define the observable run by

$$\pi_\Gamma(t) = (\Gamma, \lambda|_\Gamma, \leq \cap (\Gamma \times \Gamma))$$
The synthesis problem

Given

\[ A = (\text{Proc}, E, \Gamma) \]
The synthesis problem

Given

- $A = (\text{Proc}, E, \Gamma)$
- $\varphi$ a specification over $\Gamma$-labelled partial orders (observable runs)
The synthesis problem

Given
- $A = (\text{Proc}, E, \Gamma)$
- $\varphi$ a specification over $\Gamma$-labelled partial orders (observable runs)

Do there exist
- sets $\Sigma_{i,j}$ for each $(i,j) \in E$
The synthesis problem

Given

- $A = (\text{Proc}, E, \Gamma)$
- $\varphi$ a specification over $\Gamma$-labelled partial orders (observable runs)

Do there exist

- sets $\Sigma_{i,j}$ for each $(i, j) \in E$
- and strategies $f_i : \Sigma_i^* \to \Sigma_i^c$ for each $i \in \text{Proc}$
The synthesis problem

Given

- $A = (\text{Proc}, E, \Gamma)$
- $\varphi$ a specification over $\Gamma$-labelled partial orders (observable runs)

Do there exist

- sets $\Sigma_{i,j}$ for each $(i,j) \in E$
- and strategies $f_i : \Sigma_i^* \to \Sigma_i^c$ for each $i \in \text{Proc}$

such that every $f$-maximal $f$-run $t$ is such that $\pi_\Gamma(t) \models \varphi$?
The synthesis problem

Given

- \( A = (\text{Proc}, E, \Gamma) \)
- \( \varphi \) a specification over \( \Gamma \)-labelled partial orders (observable runs)

Do there exist

- sets \( \Sigma_{i,j} \) for each \((i,j) \in E\)
- and strategies \( f_i : \Sigma_i^* \rightarrow \Sigma_i^c \) for each \( i \in \text{Proc} \)

such that every \( f \)-maximal \( f \)-run \( t \) is such that \( \pi_\Gamma(t) \models \varphi \)?

If so, compute them
Specifications

Communication induces order relation
Specifications

Communication induces order relation
Specifications

Communication induces order relation

1 2 3

1 2 3

1 2 3

1 2 3

1 2 3

1 2 3
Specifications

Communication induces order relation

1 2 3
\[ \begin{array}{c}
1 \\
2 \\
3
\end{array} \]

\[ \begin{array}{c}
a \\
b \\
c
\end{array} \]
Specifications

Communication induces order relation
Specifications

Communication induces order relation
Specifications

Communication induces order relation
Specifications

Communication induces order relation

1 -> 2 -> 3

1 b 2 c 3
Specifications

Communication induces order relation
Specifications

Communication induces order relation
Specifications

Communication induces order relation
Specifications

Restrictions on specifications

- Specifications should not discriminate between a partial order and its order extensions
Specifications

Restrictions on specifications

- Specifications should not discriminate between a partial order and its order extensions
Specifications

Restrictions on specifications

- Specifications should not discriminate between a partial order and its order extensions
Specifications

Input events are not controllable by processes

1. 1 -> 2
2. 2 -> 3
3. req → grant → req'
Input events are not controllable by processes
Specifications

Input events are not controllable by processes

![Diagram showing the controllability of input events by processes.]}
Input events are not controllable by processes

Specifications
Specifications

Input events are not controllable by processes
Specifications

Input events are not controllable by processes
Input events are not controllable by processes
Specifications

Input events are not controllable by processes

Diagram: A process flow diagram showing events and states.

1. req
2. grant
3. req'
Specifications

Input events are not controllable by processes
Specifications

Input events are not controllable by processes
Specifications

Input events are not controllable by processes

1. req → grant → req' → grant
2. 1  2  3
3. req
4. 1  2  3
5. grant
6. req'
Specifications

Restrictions on specifications

- Specifications should not discriminate between a partial order and its order extensions
- Specifications should not discriminate between a partial order and its "weakenings"
Specifications

Restrictions on specifications

- Specifications should not discriminate between a partial order and its order extensions
- Specifications should not discriminate between a partial order and its "weakenings"
Specifications

Restrictions on specifications

- Specifications should not discriminate between a partial order and its order extensions
- Specifications should not discriminate between a partial order and its "weakenings"
Example of a logic closed by extension and weakening

AlocTL

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]

\[ \mid X_i \varphi \mid \varphi U_i \varphi \mid \neg X_i \top \mid \varphi \tilde{U}_i \varphi \]

\[ \mid Y_i \varphi \mid \varphi S_i \varphi \mid \neg Y_i \top \mid \varphi \tilde{S}_i \varphi \]

\[ \mid F_{i,j}(\text{Out} \land \varphi) \mid \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)
Example of a logic closed by extension and weakening

**AlocTL**

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \mid X_i \varphi \mid \varphi U_i \varphi \mid \neg X_i \top \mid \varphi \tilde{U}_i \varphi \mid Y_i \varphi \mid \varphi S_i \varphi \mid \neg Y_i \top \mid \varphi \tilde{S}_i \varphi \mid F_{i,j}(Out \land \varphi) \mid Out \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i,j \in \text{Proc} \)

---

X₁ \( \varphi \)  \( \varphi \)

1 ────●───●───

2 ----------------------------------

3 ----------------------------------
Example of a logic closed by extension and weakening

AlocTL

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]

\[ \mid X_i \varphi \mid \varphi U_i \varphi \mid \neg X_i \top \mid \varphi \tilde{U}_i \varphi \]

\[ \mid Y_i \varphi \mid \varphi S_i \varphi \mid \neg Y_i \top \mid \varphi \tilde{S}_i \varphi \]

\[ \mid F_{i,j}(\text{Out} \land \varphi) \mid \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)
Example of a logic closed by extension and weakening

**AlocTL**

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]

\[ \mid X_i \varphi \mid \varphi \mathcal{U}_i \varphi \mid \neg X_i \top \mid \varphi \mathcal{U}_i \varphi \]

\[ \mid Y_i \varphi \mid \varphi \mathcal{S}_i \varphi \mid \neg Y_i \top \mid \varphi \mathcal{S}_i \varphi \]

\[ \mid F_{i,j}(\text{Out} \land \varphi) \mid \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)
Example of a logic closed by extension and weakening

AlocTL

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]

| \; X_i \varphi \; | \; \varphi \; U_i \varphi \; | \; \neg X_i \; \top \; | \; \varphi \; \tilde{U}_i \; \varphi \]

| \; Y_i \varphi \; | \; \varphi \; S_i \varphi \; | \; \neg Y_i \; \top \; | \; \varphi \; \tilde{S}_i \; \varphi \]

| \; F_{i,j} (\text{Out} \land \varphi) \; | \; \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)
Example of a logic closed by extension and weakening

**AlocTL**

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]

\[ \mid X_i \varphi \mid \varphi U_i \varphi \mid \neg X_i \top \mid \varphi \tilde{U}_i \varphi \]

\[ \mid Y_i \varphi \mid \varphi S_i \varphi \mid \neg Y_i \top \mid \varphi \tilde{S}_i \varphi \]

\[ \mid F_{i,j}(\text{Out} \land \varphi) \mid \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)
Example of a logic closed by extension and weakening

\textbf{AllocTL}

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]

\[ \mid X_i \varphi \mid \varphi U_i \varphi \mid \neg X_i \top \mid \varphi \tilde{U}_i \varphi \]

\[ \mid Y_i \varphi \mid \varphi S_i \varphi \mid \neg Y_i \top \mid \varphi \tilde{S}_i \varphi \]

\[ \mid F_{i,j}(\text{Out} \land \varphi) \mid \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)
Example of a logic closed by extension and weakening

**AlocTL**

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]

\[ \mid X_i \varphi \mid \varphi U_i \varphi \mid \neg X_i \top \mid \varphi \tilde{U}_i \varphi \]

\[ \mid Y_i \varphi \mid \varphi S_i \varphi \mid \neg Y_i \top \mid \varphi \tilde{S}_i \varphi \]

\[ \mid F_{i,j}(\text{Out} \land \varphi) \mid \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)
Example of a logic closed by extension and weakening

**AlocTL**

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]

\[ \mid X_i \varphi \mid \varphi U_i \varphi \mid \neg X_i \top \mid \varphi \tilde{U}_i \varphi \]

\[ \mid Y_i \varphi \mid \varphi S_i \varphi \mid \neg Y_i \top \mid \varphi \tilde{S}_i \varphi \]

\[ \mid F_{i,j}(\text{Out} \land \varphi) \mid \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)

**Formulae**

- \( G_1(\text{request} \rightarrow F_{1,2}(\text{Out} \land \text{grant})) \)
- \( G_2(\text{grant} \rightarrow (\text{Out} \land H_{2,1} \text{request})) \)
Example of a logic closed by extension and weakening

AlocTL

\[ \varphi ::= a \mid \neg a \mid \varphi \lor \varphi \mid \varphi \land \varphi \]
\[ \mid X_i \varphi \mid \varphi U_i \varphi \mid \neg X_i \top \mid \varphi \tilde{U}_i \varphi \]
\[ \mid Y_i \varphi \mid \varphi S_i \varphi \mid \neg Y_i \top \mid \varphi \tilde{S}_i \varphi \]
\[ \mid F_{i,j}(\text{Out} \land \varphi) \mid \text{Out} \land H_{i,j} \varphi \]

with \( a \in \Gamma \) and \( i, j \in \text{Proc} \)

Formulae

- \( G_1(\text{request} \rightarrow F_{1,2}(\text{Out} \land \text{grant})) \)
- \( G_2(\text{grant} \rightarrow (\text{Out} \land H_{2,1} \text{request})) \)

Theorem

AlocTL is closed under extension and weakening
Closure by extension

\( \neg F_{i,j} \varphi \) forbidden!
Closure by extension

- $\neg F_{i,j} \varphi$ forbidden!

$a \land \neg F_{1,2} b$

OK
Closure by extension

\[ \neg F_{i,j} \varphi \text{ forbidden!} \]

\[
\begin{align*}
\text{1} & \quad a \\
\text{2} & \quad b
\end{align*}
\]

\[ a \land \neg F_{1,2} b \]

OK

\[ \begin{align*}
\text{1} & \quad a \\
\text{2} & \quad b
\end{align*} \]

KO
## Closure by extension

- \( \neg F_{i,j} \varphi \) forbidden!
- \( X_{i,j} \varphi \) forbidden!
Closure by extension

- $\neg F_{i,j} \varphi$ forbidden!
- $X_{i,j} \varphi$ forbidden!

$a \land X_{1,2} c$

OK
Closure by extension

\[ \neg F_{i,j} \varphi \text{ forbidden!} \]
\[ X_{i,j} \varphi \text{ forbidden!} \]
Closure by extension

- $\neg F_{i,j} \varphi$ forbidden!
- $X_{i,j} \varphi$ forbidden!

Specification is not allowed to require concurrency
Closure by extension

- $\neg F_{i,j} \varphi$ forbidden!
- $X_{i,j} \varphi$ forbidden!

Specification is not allowed to require concurrency

Closure by weakening

Ensured by $F_{i,j} \land \text{Out}$ and $\text{Out} \land H_{i,j} \varphi$. 
Outline

1. Introduction
2. Model
3. Specification
4. Decidability Results
Decidability Results

<table>
<thead>
<tr>
<th>Theorem</th>
</tr>
</thead>
<tbody>
<tr>
<td>The synthesis problem over singleton architectures is decidable for regular specifications.</td>
</tr>
</tbody>
</table>
## Decidability Results

**Theorem**  
The synthesis problem over singleton architectures is decidable for regular specifications.

**Theorem**  
The distributed synthesis problem over strongly connected architectures is decidable for AlocTL specifications.
Decidability Results

Theorem

The synthesis problem over singleton architectures is decidable for regular specifications.

Theorem

The distributed synthesis problem over strongly connected architectures is decidable for \( \text{AlocTL} \) specifications.

Proof

By reduction to the singleton case.
Proposition

If there are communication sets $\Sigma_{i,j}$ for $(i,j) \in E$ and a winning distributed strategy on the strongly connected architecture, then there is a winning strategy on the singleton.

Proof

Easy.
<table>
<thead>
<tr>
<th>Proposition</th>
</tr>
</thead>
<tbody>
<tr>
<td>If there is a winning strategy $f$ over the singleton architecture then one can define internal signals sets and a distributed winning strategy for the strongly connected architecture.</td>
</tr>
</tbody>
</table>
Proposition

If there is a winning strategy $f$ over the singleton architecture then one can define internal signals sets and a distributed winning strategy for the strongly connected architecture.

Proof

We select a master process and a cycle.
Proposition

If there is a winning strategy $f$ over the singleton architecture then one can define internal signals sets and a distributed winning strategy for the strongly connected architecture.

Proof

- We select a master process and a cycle.
- The master process will centralize information in order to simulate $f$ and tell other processes which value to output.
Strongly connected architectures

**Proposition**

If there is a winning strategy \( f \) over the singleton architecture then one can define internal signals sets and a distributed winning strategy for the strongly connected architecture.

**Proof**

- We select a master process and a cycle.
- The master process will centralize information in order to simulate \( f \) and tell other processes which value to output.
- Aim: create a run that will be a weakening of some \( f \)-run over the singleton.
Centralize information

Example

Specification: $\text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant})$

Strategy for the singleton: $f(\sigma) = \text{grant}$ iff $\sigma$ contains $\text{req}_3$ but no alert

Master collect information by sending a signal $\text{Msg}$ through the cycle

1

$t$: 2

3

$t'$:
Centralize information

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{ alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master collect information by sending a signal \( \text{Msg} \) through the cycle

\[
\begin{align*}
1 & \rightarrow a \rightarrow a \\
t: 2 & \rightarrow c \\
3 & \rightarrow \text{req}_3 \\
\end{align*}
\]
Centralize information

Example

Specification: \( r_{eq3} \rightarrow F_{32}(\neg Y_2 \text{ alert} \leftrightarrow \text{ grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{ grant} \text{ iff } \sigma \text{ contains } r_{eq3} \text{ but no alert} \)

Master collect information by sending a signal \( \text{Msg} \) through the cycle

\[
\begin{align*}
1 & \quad a \quad a \quad \text{Msg} \\
2 & \quad c \\
3 & \quad r_{eq3}
\end{align*}
\]

t: 2

t':

Centralize information

Example

Specification: \( \text{req}_3 \rightarrow \text{F}_{32}(\neg Y_2 \text{ alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master collect information by sending a signalMsg through the cycle

\[
\begin{align*}
1 & \quad \text{a} \quad \text{a} \quad \text{Msg} \quad \text{a} \\
2 & \quad \text{c} \quad \text{(Msg, c\cdot c)} \\
3 & \quad \text{t': req}_3 \\
\end{align*}
\]
Centralize information

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{ alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master collect information by sending a signal \( \text{Msg} \) through the cycle

\[
\begin{align*}
t &:\quad & 1 & a & a & \text{Msg} & a & a \\
& & & c & c & (\text{Msg},c \cdot c) & c & c \\
& & & \text{req}_3 & & & b & b \\
& & & & & (\text{Msg},c \cdot c \cdot \text{req}_3 \cdot b) & & \text{c} & \text{c} \\
t' &: & & & & & & & \\
\end{align*}
\]
Centralize information

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{ alert } \leftrightarrow \text{ grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master collect information by sending a signal \( \text{Msg} \) through the cycle

\[
\begin{array}{c}
1 \quad \text{Msg} \quad 2 \\
\text{req}_3 \\
3 \\
t': \quad a \quad a
\end{array}
\]
Centralize information

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{ alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master collect information by sending a signal \( \text{Msg} \) through the cycle

\[
\begin{align*}
1 & \\
t: 2 & \\
3 & \\
t': &
\end{align*}
\]
Tell processes what to output

Example

Specification: \(req_3 \rightarrow F_{32}(\neg Y_2 \text{ alert } \leftrightarrow \text{ grant})\)

Strategy for the singleton: \(f(\sigma) = \text{grant iff } \sigma \text{ contains } req_3 \text{ but no alert}\)

Master sends orders to other processes to simulate the strategy \(f\)

\(1\) \quad \begin{array}{cccccc}
\text{a} & \text{a} & \text{a} & \text{a} \\
\text{c} & i & \text{c} & \text{c} \\
\text{req}_3 & \text{b} & b & \text{b} \\
\end{array}
\quad \text{t: 2}

\(t:\quad \begin{array}{cccccc}
\text{a} & \text{a} & \text{c} & \text{c} & \text{req}_3 & \text{b} & \text{a} \\
\end{array}
\quad \text{t'}\)
Tell processes what to output

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \iff \sigma \text{ contains } \text{req}_3 \text{ but no alert} \)

Master sends orders to other processes to simulate the strategy \( f \)

\[ t: \begin{align*}
1 & \quad a \quad a \quad a \\
2 & \quad c \quad i \quad c \\
3 & \quad \text{req}_3 \quad b \quad b \\
\end{align*} \]

\[ t': \begin{align*}
1 & \quad a \quad a \quad c \quad c \quad \text{req}_3 \quad b \quad a \\
\end{align*} \]

\[ f: \text{grant} \]
Tell processes what to output

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{ alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \iff \sigma \text{ contains req}_3 \text{ but no alert} \)

Master sends orders to other processes to simulate the strategy \( f \)
Tell processes what to output

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \iff \sigma \text{ contains } \text{req}_3 \text{ but no alert} \)

Master sends orders to other processes to simulate the strategy \( f \)

\[ t: \quad \text{Ord}_2, \text{grant} \]

\[ t': \quad \text{grant} \]

\[ f : \text{grant} \]
Tell processes what to output

Example

Specification: $\text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant})$

Strategy for the singleton: $f(\sigma) = \text{grant}$ iff $\sigma$ contains $\text{req}_3$ but no alert

Master sends orders to other processes to simulate the strategy $f$

$t$: 1 2 3
1 2 3
$\text{req}_3$

$t'$: 1 2 3
1 2 3
$\text{req}_3$
Tell processes what to output

Example

Specification: $\text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{ alert } \leftrightarrow \text{ grant})$

Strategy for the singleton: $f(\sigma) = \text{grant}$ iff $\sigma$ contains $\text{req}_3$ but no alert

Master sends orders to other processes to simulate the strategy $f$

1. $\text{a}$ $\text{a}$ $\text{a}$ $\text{c}$ $\text{c}$ $\text{c}$ $\text{a}$
2. $\text{c}$ $\text{i}$ $\text{c}$ $\text{a}$ $\text{c}$ $\text{b}$ $\text{b}$
3. $\text{a}$ $\text{c}$ $\text{req}_3$ $\text{b}$ $\text{a}$

$t'$: $\text{a}$ $\text{a}$ $\text{c}$ $\text{c}$ $\text{req}_3$ $\text{b}$ $\text{a}$

$f : \text{grant}$
Tell processes what to output

**Example**

Specification: \( \text{req}_3 \rightarrow F_32(\neg Y_2 \text{ alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master sends orders to other processes to simulate the strategy \( f \)

\[
\begin{align*}
1 & \quad a & a & a \\
2 & \quad \downarrow & \downarrow & \downarrow \\
3 & \quad \downarrow & \downarrow & \downarrow \\
   & \quad \text{req}_3 & b & a
\end{align*}
\]

\[
\begin{align*}
t: & \quad 2 & 3 & (\text{Ord}_2, \text{grant}) & (\text{Ack}, c) \\
   & \quad c & b & \downarrow & \downarrow \\
   & \quad \text{req}_3 & \downarrow & \downarrow & \downarrow \\
   & \quad a & a & c & \downarrow & \downarrow & \downarrow & \downarrow & (\text{Ack}, c \cdot b)
\end{align*}
\]

\[
\begin{align*}
t': & \quad a & a & c & c & \text{req}_3 & b & a \\
   & \quad \downarrow & \downarrow & \downarrow & \downarrow & \downarrow & \downarrow & \downarrow
\end{align*}
\]

\( f : \text{grant} \)
Tell processes what to output

Example

Specification: \( \text{req}_3 \rightarrow F_{32} (\neg Y_2 \text{alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master sends orders to other processes to simulate the strategy \( f \)
Tell processes what to output (2)

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{ alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master sends orders to other processes to simulate the strategy \( f \)

\[
\begin{align*}
1 & \quad a \\
2 & \quad c \\
3 & \quad \text{req}_3 \\
\end{align*}
\]

\[
\begin{align*}
1 & \quad a \\
2 & \quad c \\
3 & \quad b \\
\end{align*}
\]

\[
\begin{align*}
1 & \quad a \\
2 & \quad c \\
3 & \quad \text{req}_3 \\
\end{align*}
\]
Tell processes what to output (2)

Example

Specification: \( req_3 \rightarrow F_{32}(\neg Y_2 \text{ alert } \leftrightarrow \text{ grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{ grant if } \sigma \text{ contains } req_3 \text{ but no alert } \)

Master sends orders to other processes to simulate the strategy \( f \)
Tell processes what to output (2)

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master sends orders to other processes to simulate the strategy \( f \):
Tell processes what to output (2)

**Example**

Specification: $\text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant})$

Strategy for the singleton: $f(\sigma) = \text{grant}$ iff $\sigma$ contains $\text{req}_3$ but no alert

Master sends orders to other processes to simulate the strategy $f$

---

1. $\text{Ord}_2,\text{grant}$
2. $\text{Nack},\text{alert}$
3. $\text{req}_3, b, a$

$t'$: $a, a, c, c, \text{req}_3, b, a$

$f : \text{grant}$
Tell processes what to output (2)

Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \iff \sigma \text{ contains } \text{req}_3 \text{ but no alert} \)

Master sends orders to other processes to simulate the strategy \( f \)

\[
\begin{align*}
1 & \quad a \quad a \quad a \\
2 & \quad c \quad c \\
3 & \quad \text{req}_3 \quad b \\
\end{align*}
\]

\( t \): \( (\text{Ord}_2, \text{grant}) \)

\[
\begin{align*}
1 & \quad a \quad a \quad a \\
2 & \quad c \quad c \\
3 & \quad \text{req}_3 \\
\end{align*}
\]

\( t' \): \( (\text{Nack}, \text{alert}) \)

\[
\begin{align*}
1 & \quad a \quad a \quad a \\
2 & \quad c \quad c \\
3 & \quad \text{req}_3 \quad b \quad a \\
\end{align*}
\]

\( f : \text{grant} \)
Tell processes what to output (2)

Example

Specification: \( \text{req}_3 \rightarrow F^{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no alert

Master sends orders to other processes to simulate the strategy \( f \)

\[ t: \quad a \quad a \quad a \quad \begin{array}{c} \text{(Ord}_2,\text{grant}) \end{array} \quad a \quad \quad \text{alert} \quad (\text{Nack,alert}) \quad \text{alert} \quad b \quad b \quad (\text{Nack,alert} \cdot b) \]

\[ t': \quad a \quad a \quad c \quad c \quad \text{req}_3 \quad b \quad a \quad \quad \quad \quad \quad \quad \quad \quad f: \text{grant} \]
Example

Specification: \( \text{req}_3 \rightarrow F_{32}(\neg Y_2 \text{alert} \leftrightarrow \text{grant}) \)

Strategy for the singleton: \( f(\sigma) = \text{grant} \) iff \( \sigma \) contains \( \text{req}_3 \) but no \( \text{alert} \)

Master sends orders to other processes to simulate the strategy \( f \)

\( (\text{Ord}_2, \text{grant}) \)

\( (\text{Nack}, \text{alert}) \)

\( (\text{Nack}, \text{alert} \cdot b) \)
Lemma

$t'$ is an extension of $\pi_\Gamma(t)$. 
Lemma

$\Gamma(t)$.

Lemma

$t'$ is an $f$-maximal $f$-run.
Lemma

t′ is an extension of πΓ(t).

Lemma
	

t′ is an \textit{f}-maximal \textit{f}-run.

Lemma

If \(x <' y\) in \(t'\) and \(x \parallel y\) in \(\pi_{\Gamma}(t)\) then \(\lambda(y) \in \text{In}\).
Lemma
$t'$ is an extension of $\pi_\Gamma(t)$.

Lemma
$t'$ is an $f$-maximal $f$-run.

Lemma
If $x <' y$ in $t'$ and $x \parallel y$ in $\pi_\Gamma(t)$ then $\lambda(y) \in \text{In}$.

Corollary
$\pi_\Gamma(t)$ is a weakening of $t'$. 
Lemma

$t'$ is an extension of $\pi_\Gamma(t)$.

Lemma

$t'$ is an $f$-maximal $f$-run.

Lemma

If $x <' y$ in $t'$ and $x \parallel y$ in $\pi_\Gamma(t)$ then $\lambda(y) \in \text{In}$.

Corollary

$\pi_\Gamma(t)$ is a weakening of $t'$.

Conclusion

Then $t' \models \varphi$ and, by closure property $\pi_\Gamma(t) \models \varphi$. 
Conclusion

- Asynchrony removes undecidability causes
- We have defined a new model of communication
- We have identified a class of decidable architectures
- Hopefully, many more to come!