Synthesis in presence of dynamic links

https://doi.org/10.1016/j.ic.2021.104856Get rights and content

Abstract

We consider the problem of distributed synthesis: Given a distributed architecture and a specification, can we generate a distributed algorithm that satisfies the specification?

While previous work focused on static architectures and fixed message sizes, we assume that the communication network changes dynamically and that processes piggy-pack previously received messages onto current messages.

Specifically, we address two processes communicating in rounds over a dynamic link. Given a network model, i.e., a set of link directions, an adversary picks, in each round, an arbitrary link from the network model. We show that the synthesis problem is decidable for a network model if and only if it does not contain the 'empty' link. For a more general setting allowing for sequences of links, the synthesis problem is decidable if and only if the number of consecutive empty links in all possible sequences is uniformly bounded from above.

Introduction

Starting from Church's work [1] on synthesizing circuits from arithmetic specifications in the 1960s, automatic synthesis of programs or circuits has been widely studied.

In the case of a reactive system, given a specification, the goal is to find an implementation for a system that repeatedly receives inputs from the environment and generates outputs such that the system's behavior adheres to the specification. Early work [2], [3], [4] was synthesizing algorithms that require knowledge of the complete system state, inherently yielding single-process solutions.

Single-process synthesis is related to finding a strategy for a player representing the process that has to win against the adversarial environment, and has been studied in the context of games [5], [6], [7] and with automata techniques [4], [8].

For systems with more than one process, different models for how communication and computation is organized have been studied. Their two extremes are message-triggered asynchronous computation [9], [10] and round-wise synchronous computation.

An example for the latter is the work by Pnueli and Rosner [11], who considered synchronous distributed systems with an a priori fixed communication network. In their model, the network is given by a directed communication graph, whose nodes are the processes and with a link from process p to q if p can send messages to q (or write to and read from a shared variable). Messages are from a fixed, finite alphabet per link. A solution to the synthesis problem is a distributed algorithm that operates in rounds, repeatedly reading inputs, exchanging messages, and setting outputs. Already the case of two processes with separate inputs and outputs, and without a communication link to each other, was shown to be undecidable for linear temporal logic (LTL) specifications [12] on the inputs and outputs. As a positive result, the paper presents a solution for unidirectional process chains.

Still in the case of static architectures and bounded messages, Kupferman and Vardi [13], [14] extended decidability results to branching time specifications and proved sufficient conditions on communication networks for decidability, while Finkbeiner and Schewe [15] presented a characterization of networks where synthesis is decidable. Since specifications are allowed to talk about message contents, however, they are powerful enough to break existing communication links between processes, leading to undecidability like in the two-process system without communication [11]. Gastin et al. [16] proved a necessary and sufficient condition for decidability on a class of communication networks if specifications are only on the inputs and outputs of processes used by these to communicate with the environment and not on messages sent between processes. Like [16], our work only allows “input-output” specifications that talk about environmental inputs inp and outputs outp of processes p and do not constrain message contents exchanged between processes. In addition, we allow specifications to talk about communication links, e.g., constraining the network dynamics under which an algorithm has to work correctly as in

. For such specifications, we obtain decidability in several cases where the framework of [15] does not provide decidability.

Like in the single-process scenario, synthesis in distributed systems can be modeled as a game, which, in this context, are partial information games played between a cooperating set of processes against the environment [17], [18], [19], [20]. With the exception of Berwanger et al. [20], all the above approaches assume static, reliable networks. In [20], Berwanger et al. study games in which information that players have about histories is hierarchically ordered, and this order may change dynamically during a play. The main difference to our work is that we consider a memory model where messages carry the complete causal history allowing for unbounded communication messages, while [20] is based on local observations so that, at every round, a bounded amount of information is transmitted between players. Further, while asynchronous solutions to the synthesis problem considered potentially unbounded messages [10], [9], previous synchronous solutions assume an a priori fixed message size. Also Madhusudan et al. [10] assume that processes that communicate infinitely often encounter each other within a bounded number of steps.

The above assumptions have two shortcomings:

Modeling unreliability. Distributed computing has a long history of studying algorithms that provide services in presence of unstable or unreliable components [21]. Indeed, classical process and link failures can be treated as particular dynamic network behavior [22]. Early work by Akkoyunlu et al. [23] considered the problem of two groups of gangsters coordinating a coup despite an unreliable channel between both parties; later on generalized to the Byzantine generals problem [24]. Protocols like the Alternating Bit Protocol [25] aim at tolerating message loss between a sender and receiver node, and Aho et al. [26] studies optimal transmission rates over unreliable links. Afek et al. [27] discuss protocols that implement reliable links on top of unreliable links. Further, for algorithms that have to operate in dynamic networks, see, e.g., [28], [29], [30], network changes are the normal case rather than the exception.

Synthesis with unstable or faulty components has been studied by Velner and Rabinovich [31] for two player games in presence of information loss between the environment and the inputs of a process. The approach is restricted to a single process, however. Dimitrova and Finkbeiner [32] study synthesis of fault-tolerant distributed algorithms in synchronous, fully connected networks. Processes are partitioned into correct and faulty. It is assumed that at every round at least one process is correct and the output of a correct process must not depend on the local inputs of faulty processes. While unreliable links can be mapped to process failures, the above assumptions are a priori too restrictive to cover dynamic networks.

Modeling full-information protocols. An important class of distributed algorithms are full-information protocols, where nodes piggy-pack previously received messages onto current messages [21], [33]. By construction, such algorithms do not have bounded message size. This kind of causal memory has been considered in [9], [10], [34], [35] for synthesis and control of Zielonka automata over Mazurkiewicz traces with various objectives, ranging from local-state reachability to ω-branching behaviors. Zielonka automata usually model asynchronous processes (there is no global clock so that processes evolve at their own speed until they synchronize) and symmetric communication (whenever processes synchronize, they mutually exchange their complete history).

In this work we consider the synthesis problem for a system of two nodes communicating in synchronous rounds, where specifications are given as LTL formulas or, more generally, ω-regular languages. The nodes are connected via a dynamic link. As in Coulouma et al. [29] and Charron-Bost et al. [30], a network is specified by a set of communication graphs, the network model, also referred to as oblivious message adversary in literature [29]. A distributed algorithm operates in rounds as in the model by Pnueli and Rosner [11], with the difference that the communication graph is chosen by an adversary per round. Motivated by communication buses, like the industry standard I2C bus [36] and CAN bus [37], with direct acknowledge mechanisms after message transfers, we assume that nodes are aware if messages have been delivered successfully. In contrast to the Pnueli-Rosner setting, we suppose full-information protocols where processes have access to their causal history. That is, the dynamic links have unbounded message size. Unlike in Zielonka automata over traces, however, we consider synchronous processes and potentially asymmetric communication. In particular, the latter implies that a process may learn all about the other's history without revealing its own. Observe that, when restricting to Zielonka automata, synthesis of asynchronous distributed systems is not a generalization of the synchronous case.

We show that the synthesis problem for two processes is decidable for a network model if and only if it does not contain the empty link that dismisses both processes' messages. As we assume that LTL specifications can not only reason about inputs and outputs, but also about the communication graph, our result covers synthesis for dynamic systems where links change in more restricted ways. In particular, this includes processes that do not send further messages after their message has been lost, bounded interval omission faults, etc.

We then extend this characterization to sets of network sequences. We show that in case the adversarial environment can choose from an ω-regular language of network sequences, the synthesis problem is decidable if and only if the number of consecutive empty links is uniformly bounded from above.

The work is an extended version of [38].

Outline. We define the synthesis problem for the dynamic two-process model in Section 2. In Section 3, we discuss the asymmetric model where communication to process 1 never fails. Central to the analysis is to show that, despite the availability of unbounded communication links, finite-memory distributed algorithms actually suffice. We then prove that the synthesis problem is decidable (Theorem 2). In Section 5 we reduce the general case of dynamic communication to the asymmetric case, obtaining our main result of decidability in network models that do not contain the empty link (Theorem 1). In Section 6, we extend our results to the case of network sequences where the number of successive empty links is uniformly bounded. We conclude in Section 7.

Section snippets

The synthesis problem

We start with a few preliminaries. Let N={0,1,2,}. For a (possibly infinite) alphabet A, the set of finite words over A is denoted by A, the set of nonempty finite words by A+, and the set of countably infinite words by Aω. We let ε be the empty word and denote the concatenation of w1A and w2AAω by w1w2 or simply w1w2.

Fix the set of processes P={1,2}. Every process pP comes with fixed finite sets Xp and Yp of possible inputs and outputs, respectively. We assume that there are at least

Finite-memory distributed algorithms for

In this section, we suppose

. We will provide the first ingredient of the proof of Theorem 2: Every realizable specification φ comes with a distributed algorithm with finite memory fulfilling it (Lemma 2).

Remark 2

For the sake of technical simplification, we assume in Sections 3 and 4, without loss of generality, that input sequences start with a symbol from

. Instead of the original formula φˆ, we then simply take φ=Xφˆ. That is, we can henceforth consider that
and
,

Games with imperfect information

The existence of finite-memory distributed algorithms shown in Section 3 paves the way for a reduction of the synthesis problem to (2,1)-player games with imperfect information, where two players form a coalition against an environment in order to fulfill some objective. The main differences between games and the synthesis problem are twofold: Games are played in an arena, on a finite set of nodes (or states), while the input of the synthesis problem is a logical specification. More

Reduction from
to

In this section, we show decidability for the network model

, with input alphabet Σ=X1×N×X2 and output alphabet Ω=Y1×Y2. Recall that this also implies decidability for the network model
.

The idea is to reduce the problem to the case of the network model

that we considered in Sections 3 and 4, choosing as input alphabet Σ=X1×N×X2 where X1=X2=(X1X2){#}, and as output alphabet Ω=Y1×Y2 where Y1=Y2=(Y1Y2){#}. To do so, we will rewrite the given specification φ

−×-block-boundedness

In this section, we propose an extension of the decidability result for subsets of

where the number of consecutive empty links in an input sequence is uniformly bounded. We reduce the synthesis problem over network model
to the synthesis problem over
. The general case can be obtained by combining this reduction with the previous one. We also show that relaxing the hypothesis over the number of consecutive empty links leads to undecidability, so the boundedness

Conclusion

Highly dynamic networks can be modeled by a set N of communication graphs from which the adversarial environment may choose arbitrary sequences. We showed that synthesis in such synchronous two-node system is decidable for LTL specifications if and only if the network model does not contain the empty network. Our model covers full-information protocols where nodes communicate their complete unbounded causal history.

While network models account for highly unstable networks, minimal stability

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgement

We thank Dietmar Berwanger for valuable feedback. We are grateful to the reviewers for their careful reading and their comments, which led to an improved presentation. We also thank an anonymous reviewer of a previous version for pointing out that using parity automata instead of Rabin automata saves one exponential. This work was partly supported by ANR FREDDA (ANR-17-CE40-0013).

References (45)

  • J.R. Büchi et al.

    Solving sequential conditions by finite-state strategies

  • M. Abadi et al.

    Realizable and unrealizable specifications of reactive systems

  • W. Thomas

    On the synthesis of strategies in infinite games

  • O. Kupferman et al.

    Church's problem revisited

    Bull. Symb. Log.

    (1999)
  • P. Gastin et al.

    Distributed games with causal memory are decidable for series-parallel systems

  • P. Madhusudan et al.

    The MSO theory of connectedly communicating processes

  • A. Pnueli et al.

    Distributed reactive systems are hard to synthesize

  • O. Kupferman et al.

    Synthesis with incomplete information

  • O. Kupferman et al.

    Synthesizing distributed systems

  • B. Finkbeiner et al.

    Uniform distributed synthesis

  • P. Gastin et al.

    Distributed synthesis for well-connected architectures

    Form. Methods Syst. Des.

    (2009)
  • G.L. Peterson et al.

    Multiple-person alternation

  • Cited by (0)

    View full text