Abstract. Although the synthesis problem is often undecidable for distributed, synchronous systems, it becomes decidable for the subclass of uniformly well-connected (UWC) architectures, provided that only robust specifications are considered. It is then an important issue to be able to decide whether a given architecture falls in this class. This is the problem addressed in this paper: we establish the decidability and precise complexity of checking this property. This problem is in 2-NEXPTIME in the general case, but becomes NP-complete if restricted to a natural subclass of architectures.
Introduction
The synthesis problem consists in, given a high-level description of a system, automatically deriving a program that behaves according to the specification. We consider here the synthesis problem for reactive and open systems, i.e., systems whose role are to maintain an ongoing interaction with an environment. The specification should describe the expected behavior of the system throughout its activity. This problem is closely related to Church's problem [4] , that was solved in [2] . Later, [16] has observed that even though the specification is expressed on strings, its synthesis is actually a problem on tree automata.
Since then, it has received a lot of attention, and various refinements have been studied. The precise setting of the problem has several parameters: centralized or distributed systems (in a distributed setting, one is given, along with the specification, a set of processes and an architecture of communication between them -typically a communication through variables whose domains are fixed), synchronous (at each time step, the environment produces an input, and the system reacts with a corresponding output) or asynchronous behaviors (in which the environment and the system do not evolve at the same speed), type of specifications and type of memory assumed for the processes. In the centralized framework, Pnueli and Rosner have proven the synthesis problem decidable for both synchronous and asynchronous semantics and specifications expressed by a formula in linear temporal logic -see [13] and [14] , with a complexity doubly exponential in the size of the formula. Another interesting problem arises when considering distributed systems: the question is now to synthesize a program for each process, that only depends on its local knowledge, such that the overall behavior of the system meets the given formula. This has been studied by [15] , for systems having a synchronous behavior, and with external specifications in linear temporal logic. By external we mean a specification that only relates input to output values and is not allowed to constrain internal variables of communication. Unfortunately, this problem is undecidable in general for LTL specifications [15] and later, [5] has adapted the undecidability proof to the case of CTL specifications. However, [15] proved that synthesis for pipeline architectures is non-elementarily decidable -the lower bound following from a former result on multiplayer games [12] . This decidability result has been strengthened in [8] where it is shown that synthesis for pipelines is decidable even with CTL * full specifications, i.e., specifications that are allowed to constrain internal links of communication between the processes. In [5] a decision criterion has been established, again for full specifications. A different approach has been taken in [9] : when considering local specifications, i.e., specifications that only relate input and output of a same process, the synthesis problem remains undecidable in general, but doubly-flanked pipelines are decidable.
For asynchronous systems, [10] have exhibited a specific subclass of controllers for which the problem is decidable, provided trace-closed specifications. This result has been strenghtened in [11] where a more generic class of controllers have been considered. In an incomparable framework, [6] have identified another subclass of decidable architectures, using an enhanced memory for the processes. More recently, [3] have considered a model where processes communicate through signals (a sort of handshaking but initiated by only one process). If the specifications respect some natural closure properties, the asynchronous synthesis problem becomes decidable for strongly connected architectures.
This very active line of research has clearly shown that the synthesis problem for distributed systems is largely influenced by the hypotheses on specifications and the architectures.
Contributions. In [7] , we have considered the synthesis problem for external specifications, and synchronous semantics, where each process is assigned a nonnegative delay. The delays can be used to model latency in communications, or slow processes. This model has the same expressive power as the one where delays sit on communication channels, and it subsumes both the 0-delay and the 1-delay classical semantics [15, 8] . We have defined a subclass of architectures, the uniformly well-connected (UWC) architectures, for which we have found a decidability criterion. Informally, an architecture is UWC if there exists a routing allowing each output process to get, as soon as possible, the values of all inputs it is connected to. However the decidability of the criterion itself had not been proved. Indeed, for the processes to decode the messages they receive and obtain the values of said inputs, we may need memory. If it is infinite, or without a bound on the size of this memory, a naive algorithm enumerating the different possible routings and decoding functions may not terminate. In this paper we show that if an architecture is UWC, then there exist decoding functions with finite memories. We derive an algorithm to decide whether an architecture is UWC and evaluate its complexity: 2-NEXPTIME in the general case. We also make explicit the link between this notion and communication flow problems with network coding introduced in [1] . This relation allows us to establish a complexity lower bound. We also show that under natural restrictions checking UWC becomes NP-complete.
Preliminaries
We use the formalism and notations defined in [7] .
Architectures.
is a finite directed acyclic bipartite graph, where V ⊎ P is the set of vertices, and E ⊆ (V × P ) ∪ (P × V ) is the set of edges, such that |E −1 (v)| ≤ 1 for all v ∈ V . Elements of P will be called processes and elements of V variables. Intuitively, an edge (v, p) ∈ V × P means that process p can read variable v, and an edge (p, v) ∈ P × V means that p can write on v. Thus, |E −1 (v)| ≤ 1 means that a variable v is written by at most one process. Input and output variables are defined, respectively, by
Variables in V \ (V I ∪ V O ) will be called internal. We assume that no process is minimal or maximal in the graph. Each variable v ranges over a finite domain S v , given with the architecture. When U ⊆ V , S U will denote v∈U S v . A configuration of the architecture is given by a tuple s = (s v ) v∈V ∈ S V describing the value of all variables. For U ⊆ V , we denote by s U = (s v ) v∈U the projection of the configuration s to the variables in U . The initial configuration is
V . We will consider that |S v | ≥ 2 for all v ∈ V . In fact, if not, such a variable would always have the same value, and could be ignored. It will be convenient in some proofs to assume that {0, 1} ⊆ S v and that s v 1 = 0 for all v ∈ V . Each process p ∈ P is associated with a delay d p ∈ N that corresponds to the time interval between the moment the process reads the variables v ∈ E −1 (p) and the moment it will be able to write on its output variables in E(p). Note that delay 0 is allowed. In the following, for v ∈ V \ V I , we will often write d v for d p where E −1 (v) = {p}. An example of an architecture is given in Figure 1 , where processes are represented by boxes and variables by circles.
Runs.
A run of an architecture is an infinite sequence of configurations, i.e., an infinite word over the alphabet S V , starting with the initial configuration s 1 ∈ S V given with the architecture. If σ = s 1 s 2 s 3 · · · ∈ (S V ) ω is a run, then its 
Programs, strategies. We consider a discrete time, synchronous semantics. Informally, at each step the environment provides new values for input variables. Then, each process p reading values written by its predecessors or by the environment at step i − d p , computes values for the variables in E(p), and writes them. Let v ∈ V \ V I and let R(v) = E −2 (v) be the set of variables read by the process writing to v. Intuitively, from a word
+ representing the projection on R(v) of some run prefix, a program (or a strategy) advices a value to write on variable v. But, since the process may have a certain delay d v , the output of the strategy must not depend on the last
. This condition -called delay-compatibility or simply d-compatibility -ensures that the delay d v is respected when computing the next value of variable v.
ω which is F -compatible and such that σ VI = ρ.
Memoryless strategies. The strategy f v is memoryless if it does not depend on the past, that is, if there exists g :
In case d v = 0, this corresponds to the usual definition of a memoryless strategy.
Routing. A routing for an architecture
Observe that a routing does not include local strategies for output variables.
Delays. The smallest cumulative delay of transmission from u to v is defined by
, if there is no path from u to v in the architecture, and for
We then say that an architecture is uniformly well connected if there exists a routing Φ that allows to transmit with a minimal delay to every process p writing to an output variable v, the values of the variables in View(v). Definition 1. An architecture A is uniformly well-connected (UWC) if there exist a routing Φ and, for every v ∈ V O and u ∈ View(v), a decoding function g u,v : S R(v) + → S u that can reconstruct the value of u, i.e., such that for any
In case there is no delay, the uniform well-connectedness refines the notion of adequate connectivity introduced by Pnueli and Rosner in [15] , as we no longer require each output variable to be communicated the value of all input variables, but only those in its view.
Decidability and complexity of checking UWC
As already pointed out in [7] , the definition of uniform well connectedness is not symetric: whereas the routing functions are memoryless, some memory is required for the decoding functions. We take the example given in [7] to prove this fact. Consider the architecture given in Figure 2 . The delays are written next to the processes, and all variables range over the domain {0, 1}. It is clear that this architecture is UWC: process p writes to t the xor of u 1 and u 2 with delay 1. This could be written t = Y u 1 ⊕ Y u 2 where Y x denotes the previous value of variable x. In order to recover (decode) Y u 2 , process q 1 memorizes the previous value of u 1 and make the xor with t: Y u 2 = t ⊕ Y u 1 . But if we restrict to memoryless decoding functions, then we only know u 1 and t and we cannot recover Y u 2 .
Let us show formally that if we restrict to memoryless decoding functions, we cannot recover the values of the input variables. Fix a routing Φ = f t , where f t is memoryless, and fix decoding functions (g u,v ) v∈VO,u∈View(v) satisfying (1 and we get
It follows that g u2,v1 is not memoryless. However, and interestingly, if an architecture is uniformly well-connected, the decoding functions have finite memory, which allows to prove the decidability of this criterion. 
Decidability
To show decidability, we start by proving that if the architecture is UWC with a routing Φ = (f v ) v∈V \(VI∪VO) and decoding functions (g u,v ) u∈View(v) for all v ∈ V O , then the decoding functions are finite-state. In the following, we will denote by g v the tuple (g u,v ) u∈View(v) of decoding functions associated with an output variable v. Observe that since the routing functions are memoryless and delay-compatible, the value of any variable in a Φ-compatible sequence is influenced only by a limited number of input values in the past. This is expressed by the following lemma.
First, we introduce some additional notations. Here we use not only the minimal transmission delay d(u, v) from u to v but also the maximal transmission delay 
Lemma 2. For all v ∈ V \V O , for any routing Φ and any Φ-compatible sequence σ = s 1 . . . s i , the value s
Proof 
The sequence σ being a Φ-compatible sequence, we have s
). The routing functions are mem-
. We have View(v) = w∈R(v) View(w). Hence, using the definitions of the minimal and maximal transmission delays d and D we deduce that s
The next proposition shows that Ψ v (σ) is the only memory needed to decode the input values.
Proof. We write σ · s = s 1 . . . s |σ| s |σ|+1 and similarly for σ
and s ′′u = s ′u . The remaining input variables can be set arbitrarily. We claim
. This claim is proved below but we first show how it allows to derive the lemma.
Since σ ′ ·s ′ and σ ′′ ·s ′′ are both Φ-compatible sequences, for each u ∈ View(v) we have 
and the definition of σ ′′ and s ′′ , we get for each u ∈ View(v)
Let w ∈ R(v). Note that for u ∈ View(w) we have
We deduce using Lemma 2 that s ′′w = s w . Therefore,
which concludes the proof of the claim.
⊓ ⊔
Now we can define a deterministic automaton
with output that computes g v with a finite memory:
| σ is a finite Φ-compatible sequence} is the finite set of states and
Note that δ v is well-defined by Proposition 3. We immediately deduce by induction that δ v (q 0 , σ R(v) ) = Ψ v (σ) for all finite Φ-compatible sequence σ.
is the output function defined by
Note that α v is also well-defined by Proposition 3. For any Φ-compatible sequence σ · s, we have
Hence the finite state deterministic automaton B v computes g v .
Note that, if the architecture is 0-delay, i.e., d p = 0 for all p ∈ P , then Q v is a singleton and g v is memoryless. In the following, we let
Definition 4. For any finite Φ-sequence σ ∈ (S V \VO ) * , we denote by Suff Φ (σ) the Φ-sequence of length D induced by ρ = σ
We now show that verifying whether an automaton with output indeed computes the decoding functions is decidable. We will need for this the following intermediate results.
Lemma 6. Let C = (Q, q 0 , S R(v) , δ, α) be a finite automaton and consider the property P (σ) of finite Φ-sequences σ ∈ (S V \VO ) * defined by:
Then, P (σ) holds for any finite Φ-sequence if and only if P (σ) holds for any Φ-sequence of length D + 1.
Proof. Suppose that P (σ) holds for any Φ-sequence of length D + 1. Let σ be an arbitrary Φ-sequence. We prove that P (σ) holds by induction on the length of σ. If |σ| ≤ D then Suff Φ (σ) = σ and P (σ) holds. Assume now |σ| = k + 1 with k ≥ D. We write σ = s 1 . . . s k+1 with s i ∈ S V \VO . We have
. Also, for w ∈ R(v) and u ∈ View(w), we have D(u, w) ≤ D(u, v) − d v ≤ D, and Lemma 2 implies that s
To conclude, observe now that Suff Φ (σ ′ ) = Suff Φ (σ). Hence, we get P (σ). ⊓ ⊔ Lemma 7. Let C = (Q, q 0 , S R(v) , δ, α) be a finite automaton with output such that P (σ) holds for any finite Φ-sequence. Consider the property P ′ (σ) of finite Φ-sequences σ = s 1 . . . s k+1 ∈ (S V \VO ) * defined by:
with the convention s u i = 0 for i ≤ 0. Then, P ′ (σ) holds for any finite Φ-sequence if and only if P ′ (σ) holds for any Φ-sequence of length at most D + 1.
Proof. Suppose that P ′ (σ) holds for any Φ-sequence of length at most D + 1.
As in the proof of Lemma 6, let
Now, by definition of σ ′ , we have s
From the above results, we will deduce that the problem of checking UWC for an architecture is decidable and we establish an upper bound on the complexity of this problem.
Complexity of checking UWC
In this subsection we state the main result of this paper: we formally show that checking uniform well-connectedness is decidable, and establish the precise complexity of checking it.
Proposition 8. The problem of checking whether a given architecture is UWC is decidable. Moreover, this problem is
in NP if we restrict to architectures
-which are 0-delay, i.e., such that d v = 0 for all variables v, -the size of the variable domains is fixed, i.e., |S v | ≤ c s for all variables v, where c s is a constant which does not depend on the input, -the read-degree is fixed, i.e., |R(v)| ≤ c r for all variables v, where c r is a constant which does not depend on the input. 2. in NEXPTIME if the delays are bounded by a constant, i.e., d v ≤ c d for all variables v, where c d is a constant which does not depend on the input. 3. in 2-NEXPTIME if the architectures are arbitrary.
Proof. Consider an architecture
The nondeterministic procedure to check whether A is UWC is the following:
and for any sequence ρ ∈ (S VI ) + of length D + 1, compute the induced Φ-sequence σ ∈ (S V \VO ) + such that σ VI = ρ and check that P (σ) holds and that
Indeed, assume first that the architecture is UWC with routing Φ and decoding functions g u,v . For each output variable v, the automaton B v defined after Proposition 3 satisfies the above requirements by Remark 5 and since it computes the decoding functions g v = (g u,v ) u∈View(v) . Conversely, if we can find a routing Φ and for each output variable v an automaton C satisfying the requirements above, then using Lemma 7 we deduce that the output function computed by C satisfies Equation (1) of Definition 1. Therefore, the architecture is UWC.
We investigate now the complexity of this decision procedure. We first compute the size needed to store a routing Φ and an automaton C. For each variable v ∈ V \(V I ∪V O ), the size needed to write the memoryless routing
Note that, given Φ and ρ ∈ (S VI ) + , we can compute the induced Φ-sequence σ such that σ VI = ρ and also Suff Φ (σ) in polynomial time w.r.t. |Φ| + |ρ|. Now, for each output variable v ∈ V O , and each u ∈ View(v) we have
Hence, the size of the deterministic automaton C is |C| = |δ| + |α| where
Given C, a Φ-sequence σ and Suff Φ (σ), we can check whether P (σ) and P ′ (σ) hold in polynomial time w.r.t. |C| + |σ|.
Considering that we write in binary the number of variables and of processes, the size of each domain S v and the value of each delay d p , the size of the architecture is
We consider now the three cases of Proposition 8. . Now, the number of input sequences ρ ∈ (S VI ) D+1 that we have to consider in our algorithm is also in 2
. We deduce that our non-deterministic algorithm works in exponential time. 3. In the last case, we can only bound D by 2 |A| and we get double exponential time for our non-deterministic algorithm.
⊓ ⊔
To establish a lower bound for the complexity we first relate uniform wellconnectedness to the network information flow problem introduced by Ahlswede, Cai, Li and Yeung in [1] . Instances of such problems are directed acyclic graphs in which two subsets of nodes have been distinguished: the sources and the sinks. Along with such a graph come a certain amount of messages, and each sink demands a subset of the messages. Formally, an instance of the network information flow problem is a tuple (P, E, M, S, demand) where M is the set of messages (input variables), P is the set of processes, E ⊆ (P × P ) ∪ (M × P ) is the edge relation defining an acyclic graph and the set V = E ∩ (P × P ) corresponds to the (implicit) internal variables of the network. All variables in M ∪ V of the network have the same domain S. A process is a source if it is connected to some input message, i.e., the set of sources is E(M ). Finally, the map demand : P → 2 M defines what messages should be routed to which processes. A sink is a process p ∈ P with demand(p) = ∅. We impose that demand(p)
The solution of such a problem is a 0-delay routing
We say then that F satisfies the demands.
One specific problem that has been more extensively studied in that area is the multicast : an instance of the aforementioned problem in which there is a unique source, and every sink demands all messages.
The networks considered in information flow problems mainly differ from our architectures on the following aspects. First, a variable is attached to an edge, hence there is exactly one process that can read each variable whereas in our case several processes might read the same variable. Second, there is a single (uniform) domain for all variables of the network instance of an information flow problem whereas we may have domains with different sizes for the variables of our architectures. And last, there is no delay in the transmission of information when we may add various delays to our processes. Hence, our architectures are more flexible and we get:
There is a polynomial reduction from the multicast problem to the uniform well-connectedness problem.
Proof. Let A = (P, E, M, S, demand) be an instance of the multicast problem.
We have E(M ) = {p 0 } where p 0 is the unique source. We define an architecture
Observe that for all v ∈ V O ′ , we have View(v) = V I ′ = M and for all internal variables v ∈ V we have R ′ (v) = R(v). Hence, the notion of 0-delay routing on A coincides with the notion of routing on A ′ . Next, we have seen in Section 3.1 that if decoding functions exist for A ′ then these decoding functions have finite memory. We have also proved that memory ). Therefore, the notion of decoding functions for A which are memoryless by definition coincides with the notion of decoding functions for A ′ . Therefore, the multicast problem for A coincides with the uniform wellconnectedness problem for A ′ . ⊓ ⊔ Rasala Lehman and Lehman [17] have shown that the multicast problem with alphabet size q = p k , where p is prime, is NP-hard. Since this can be reduced to our problem by Lemma 9, we also obtain the NP-hardness.
Corollary 10. The problem of checking whether a given architecture is UWC is NP-hard.
Actually, it follows from [17] that the multicast problem restricted to the case where alphabet size is fixed and equal to 2, and indegree is fixed and such that E −1 (v) ≤ 2 for any node v of the graph, is also NP-hard. Hence, using the same arguments than in the proof of Lemma 9, we get Corollary 11. The problem of checking whether a given architecture such that:
-the delay d v = 0 for all variables v, -the size of the variable domains is fixed, i.e., |S v | ≤ c s for all variables v, where c s is a constant which does not depend on the input, -the read-degree is fixed, i.e., |R(v)| ≤ c r for all variables v ∈ V \ (V I ∪ V O ), where c r ≥ 2 is a constant which does not depend on the input.
is NP-complete.
Conclusion
We have proved that the problem of deciding wether an architecture is uniformly well-connected is decidable and established its complexity. In [7] , we have studied another subclass of architectures: the well-connected architectures. An architecture is well-connected, if for each output variable v ∈ V O , the sub-architecture consisting of (E −1 ) * (v) is uniformly well-connected. Informally this means that each output variable can be transmitted the values of input variables in its view, within a minimal delay, but we do not require anymore the routing to be uniform for all the output variables. Technically, to check if an architecture is well-connected, it suffices to verify that every sub-architecture consisting in (E −1 ) * (v) is uniformly well-connected. However, the architectures obtained in that way are less intricated than the general case, so the complexity of checking uniform well-connectedness of such architectures must be simpler. In case there is no delay, checking uniform well-connectedness when there is a single output variable is basically a flow problem, and can thus be solved in polynomial time. However the reduction does not work when we introduce delays in the architectures. It would be interesting to study the complexity of checking whether an architecture is well-connected in the general case.
