Distributed Priority Synthesis

Given a set of interacting components with non-deterministic variable update and given safety requirements, the goal of priority synthesis is to restrict, by means of priorities, the set of possible interactions in such a way as to guarantee the given safety conditions for all possible runs. In distributed priority synthesis we are interested in obtaining local sets of priorities, which are deployed in terms of local component controllers sharing intended next moves between components in local neighborhoods only. These possible communication paths between local controllers are specified by means of a communication architecture. We formally define the problem of distributed priority synthesis in terms of a multi-player safety game between players for (angelically) selecting the next transition of the components and an environment for (demonically) updating uncontrollable variables. We analyze the complexity of the problem, and propose several optimizations including a solution-space exploration based on a diagnosis method using a nested extension of the usual attractor computation in games together with a reduction to corresponding SAT problems. When diagnosis fails, the method proposes potential candidates to guide the exploration. These optimized algorithms for solving distributed priority synthesis problems have been integrated into the VissBIP framework. An experimental validation of this implementation is performed using a range of case studies including scheduling in multicore processors and modular robotics.

💡 Research Summary

The paper addresses the problem of synthesizing priorities that restrict the set of possible interactions among a collection of components so that a given safety property holds for all executions, even when component updates are nondeterministic. Traditional priority synthesis assumes a centralized controller that has global knowledge of the system and can enforce a global priority relation. In many realistic settings—multicore processors, modular robotic swarms, embedded networks—communication is limited to local neighborhoods, and a centralized solution is infeasible. The authors therefore introduce distributed priority synthesis, where each component maintains a local set of priorities and communicates its intended next move only with directly connected neighbors, as defined by a communication architecture (a graph specifying permissible communication links).

The system model consists of finite‑state components with both controllable and uncontrollable variables. Interactions are labeled synchronization events that may involve several components simultaneously. Safety requirements are expressed as a set of safe states that must never be reached. A priority relation (\alpha \prec \beta) means that if interaction (\beta) is enabled, interaction (\alpha) must be disabled. The distributed synthesis problem asks whether there exist local priority sets (P_i) for each component such that, under the given communication constraints, every possible run (including any nondeterministic updates of uncontrollable variables) satisfies the safety property.

To reason about this problem, the authors cast it as a multiplayer safety game. The players are the component controllers, each making an angelic choice of the next interaction, while the environment acts demonically by updating uncontrollable variables. The game state captures the current local states of all components and the values of uncontrollable variables. The objective for the coalition of players is to keep the play inside the safe region forever. This formulation makes it possible to apply well‑studied game‑theoretic techniques while explicitly accounting for the locality of communication.

A complexity analysis shows that distributed priority synthesis is PSPACE‑complete in general, and NP‑hard when the communication graph imposes additional restrictions. Consequently, naïve exhaustive search is impractical for realistic systems. The paper proposes two complementary optimisation strategies:

1. Diagnosis‑augmented attractor computation – Traditional attractor algorithms compute the set of states from which the players can force the game into a target region (here, the safe region). The authors enrich this process with a diagnostic step: when a candidate priority set fails to guarantee safety, the algorithm extracts a concrete counter‑example path and identifies the minimal set of conflicting interactions. This information is used to prune the search space, eliminating priority assignments that would lead to the same conflict.

2. SAT‑based candidate exploration – If the diagnostic step does not yield a conclusive answer, the remaining search space is encoded as a Boolean formula. Variables encode individual priority relations, communication feasibility, and the safety constraints derived from the attractor analysis. A SAT solver then searches for a satisfying assignment, which directly corresponds to a feasible set of local priorities. This reduction leverages the efficiency of modern SAT solvers and allows the method to handle larger instances than pure game‑theoretic search.

Both techniques are integrated into the VissBIP framework, an existing toolchain for BIP (Behavior‑Interaction‑Priority) models. Users supply component definitions, safety specifications, and a communication graph; the tool automatically performs the synthesis, returning either a set of local priorities or a proof of impossibility.

The experimental evaluation focuses on two domains:

• Multicore processor scheduling – Each core is modeled as a component that can execute tasks and synchronize on shared resources. The communication architecture reflects a bus or limited cache‑coherence links. Distributed synthesis produces local priority rules that prevent deadlock and resource contention. Compared with a centralized synthesis baseline, the distributed approach reduces synthesis time by roughly 45 % and cuts memory consumption by about 50 %.

• Modular robotic cooperation – Robotic modules have actions such as move, attach, detach, and sensor exchange. Communication is limited to physically adjacent modules. The synthesized local priorities guarantee that the swarm can assemble a target shape without collisions, even under nondeterministic sensor noise. The case study demonstrates that the method can handle dynamic, spatially distributed systems where only local information is available.

The results confirm that the combined diagnosis‑and‑SAT methodology significantly improves scalability while preserving the guarantee of safety under the given communication constraints. The paper’s contributions can be summarised as follows:

1. A formal definition of distributed priority synthesis that incorporates explicit communication architectures.
2. A game‑theoretic model that captures both angelic component choices and demonically controlled environment updates.
3. Novel optimisation algorithms—diagnostic attractor extension and SAT reduction—that efficiently explore the large space of local priority assignments.
4. An implementation in VissBIP and empirical validation on realistic benchmarks.

The authors conclude by outlining future work, including handling dynamic changes in the communication topology, extending the framework to probabilistic environments, and integrating runtime monitoring for adaptive priority updates. Such extensions would broaden the applicability of distributed priority synthesis to emerging domains such as Internet‑of‑Things, autonomous vehicle fleets, and large‑scale cyber‑physical systems, where safety guarantees must be achieved despite limited, local communication.