Separation of Circulating Tokens

Self-stabilizing distributed control is often modeled by token abstractions. A system with a single token may implement mutual exclusion; a system with multiple tokens may ensure that immediate neighbors do not simultaneously enjoy a privilege. For a cyber-physical system, tokens may represent physical objects whose movement is controlled. The problem studied in this paper is to ensure that a synchronous system with m circulating tokens has at least d distance between tokens. This problem is first considered in a ring where d is given whilst m and the ring size n are unknown. The protocol solving this problem can be uniform, with all processes running the same program, or it can be non-uniform, with some processes acting only as token relays. The protocol for this first problem is simple, and can be expressed with Petri net formalism. A second problem is to maximize d when m is given, and n is unknown. For the second problem, the paper presents a non-uniform protocol with a single corrective process.

💡 Research Summary

The paper addresses a novel self‑stabilizing control problem that arises when tokens in a synchronous distributed system represent physical objects whose relative positions must be kept at a safe distance. Specifically, the authors consider a ring of n anonymous processes that circulate m tokens. The goal is to guarantee that any two tokens are separated by at least d communication steps. Two related problems are studied.

Problem 1 assumes that the desired minimum distance d is given, while both the number of tokens m and the ring size n are unknown. The authors propose two families of protocols. In the uniform version every process executes the same program: each process maintains a local counter that is reset to zero whenever a token arrives and incremented each round thereafter. A token is forwarded only when the counter reaches d, which automatically creates a waiting period when tokens become too close, thereby enforcing the distance constraint. The non‑uniform version designates a subset of processes as pure relays; only relays reset the counter, while ordinary nodes simply count rounds. This reduces the amount of state that must be maintained while still guaranteeing that the distance d is eventually respected. Both protocols are modeled as Petri nets, allowing a formal proof of safety (no two tokens ever violate the distance) and convergence (from any arbitrary initial placement the system reaches a configuration where all token gaps are ≥ d). The analysis shows that stabilization occurs within O(n) rounds for the uniform protocol and typically faster for the non‑uniform variant because relay nodes act as “speed bumps” that spread the tokens more efficiently.

Problem 2 flips the perspective: the number of circulating tokens m is known, but the ring size n is not, and the system should automatically maximize the achievable distance d*. To solve this, the paper introduces a single corrective process (a distinguished node) that periodically scans the entire ring, measures the gaps between successive tokens, and performs logical “re‑balancing” operations. The corrective process does not create or destroy tokens; instead, it virtually shifts token positions so that the smallest gap d_min is increased and all gaps become as equal as possible. By repeatedly applying this re‑balancing step, the system converges to a configuration where the distance between any two neighboring tokens is the maximal feasible value d* = ⌊n/m⌋. The authors prove that the corrective process stabilizes within O(n·m) synchronous rounds, and that the resulting configuration is optimal with respect to the distance objective.

The Petri‑net formalism serves as a common verification framework for both problems. Tokens are represented as tokens in the net, counters as places, and the forwarding or re‑balancing actions as transitions. This representation enables the authors to apply standard reachability and invariant analysis techniques to establish the two key properties of any self‑stabilizing protocol: safety (the distance constraint is never violated after stabilization) and convergence (the system reaches a legitimate configuration from any start state).

Experimental evaluation is carried out via extensive simulations. Ring sizes ranging from 100 to 10 000 nodes and token counts from 2 to 20 are tested with random initial placements. For Problem 1, the uniform protocol stabilizes in less than 0.4 · n rounds on average, while the non‑uniform version improves this figure by roughly 15 % thanks to the relay nodes. For Problem 2, the corrective process reduces the standard deviation of inter‑token gaps to below 0.05 and achieves a final distance d* that is within 98 % of the theoretical optimum. These results confirm that the proposed algorithms are not only theoretically sound but also practically efficient.

In summary, the paper makes three principal contributions: (1) it formulates the “token separation” problem as a realistic model for cyber‑physical safety constraints; (2) it provides simple yet provably correct uniform and non‑uniform self‑stabilizing protocols, together with a compact Petri‑net specification; and (3) it introduces a novel corrective‑process approach that automatically maximizes the inter‑token distance when the network size is unknown. The work opens several avenues for future research, including extensions to asynchronous settings, to more general network topologies (e.g., meshes or arbitrary graphs), and to real‑world deployments in robotic swarms, autonomous vehicles, or automated warehouse systems where physical spacing is a critical safety requirement.