Fast Uniform Dispersion of a Crash-prone Swarm
FFast Uniform Dispersion of a Crash-prone Swarm
Michael Amir
Technion - Israel Institute of TechnologyEmail: [email protected]
Alfred M. Bruckstein
Technion - Israel Institute of TechnologyEmail: [email protected]
Abstract —We consider the problem of completely covering anunknown discrete environment with a swarm of asynchronous,frequently-crashing autonomous mobile robots. We representthe environment by a discrete graph, and task the robotswith occupying every vertex and with constructing an implicitdistributed spanning tree of the graph. The robotic agentsactivate independently at random exponential waiting times ofmean and enter the graph environment over time from a sourcelocation. They grow the environment’s coverage by ‘settling’ atempty locations and aiding other robots’ navigation from theselocations. The robots are identical and make decisions drivenby the same simple and local rule of behaviour. The local ruleis based only on the presence of neighbouring robots, and onwhether a settled robot points to the current location. Whenevera robot moves, it may crash and disappear from the environment.Each vertex in the environment has limited physical space, sorobots frequently obstruct each other.Our goal is to show that even under conditions of asynchronic-ity, frequent crashing, and limited physical space, the simplemobile robots complete their mission in linear time asymptoticallyalmost surely, and time to completion degrades gracefully withthe frequency of the crashes. Our model and analysis are basedon the well-studied “totally asymmetric simple exclusion process”in statistical mechanics. I. I
NTRODUCTION
In swarm robotics, a vast number of autonomous mobilerobots cooperate to achieve complex goals [26]. Individualmembers of the swarm are usually assumed to be simple,expendable, and computationally limited, and to move and actaccording to online local rules of behaviour. In this work, ourgoal is to formally study the ability of a simple, “two-layered”swarm-robotic system to complete an environmental coveragetask called uniform dispersal assuming asynchronicity and thatrobots may crash whenever they attempt to move.“Coverage” algorithms that enable a single- or multi-robotsystem to cover or explore unknown or dynamically uncertainenvironments are an important topic in mobile robotics. Therehas been great interest in applications to, for example, mapping[6, 25, 19], servicing and surveillance [16], or search and res-cue operations [28, 15, 11, 31], and a rich body of theoreticalwork exists (we refer the reader to the surveys [5, 23]). Anatural coverage problem for robotic swarms is the uniformdispersal problem, introduced in [26]. In uniform dispersal ,many robotic agents enter an unknown discrete graph envi-ronment over time via one or several source locations and aretasked to eventually occupy every vertex of the graph with arobot while avoiding collisions.Swarms are often claimed to be highly fault-tolerant, asredundancy and sheer numbers can enable the swarm to go on with its mission even if many robots malfunction [39].However, as the size of a robotic fleet grows, so too does theopportunity for error. Specifically, three different complica-tions that arise in multi-robot systems are further exacerbatedin the swarm setting:
Asynchronicity.
As the number of robots grows, coordi-nating the robots’ actions becomes a formidable task, as theiractions and internal clocks can become highly unsynchronized.
Crashes.
We cannot expect to release a huge swarm of sim-ple robots to an unknown environment without the occurrenceof hardware or software faults that may cause robots to crash.
Traffic.
To avoid collisions, we do not wish for there to betoo many robots crowding a given area, and so mobile robotsshould maintain safe distances from each other. In restrictedphysical environments, such requirements cause traffic delays,as robots must wait for other robots to move away beforeentering a target location.Such challenges are discussed as a central direction ofresearch for swarm robotics in [33]. If the number of errorsscales with the number of robots, are swarms “worth thetrouble”? The purpose of this work is to give a perspectiveon this question via a formal mathematical analysis. Westudy, in an abstract setting, the ability of a simple localrule to achieve uniform dispersal in the presence of crashesand asynchronicity. We are specifically interested in how thefrequency of crashes affects the time to mission completion.We first describe a “two-layered” rule of behaviour forswarms that is capable of achieving uniform dispersal. Usingthis algorithm, we show that a swarm can complete its missionquickly and reliably in unknown discrete environments, evenin the presence of asynchronicity and frequent crashes. Hence,we claim that in our setting, many robots can win againstmany errors. In the spirit of swarm robotics, the algorithmrelies only on local information to dictate robots’ actions andis quite simple. This simplicity makes it amenable to analysis.Our swarm consists of a large reservoir of simple, anony-mous, identical, and autonomous mobile robots that enter theenvironment over time via a source location s . The robotsmove across a discrete environment represented by an a prioriunknown connected graph G whose vertices represent spatiallocations. The robots gradually expand their coverage of theenvironment by occupying certain locations and assisting othernearby robots in navigational tasks using a local, indirectcommunication scheme.The swarm’s robots switch between two modes: mobileand settled. The settled robots act as ‘nodes’ of the current a r X i v : . [ c s . D M ] J un overage of the graph environment, and the mobile robotsmove between locations with settled robots until they canfind a new location where they themselves can settle. Thesettled ‘robot nodes’ are capable of pointing to (“ marking ”)a single neighbouring location where there is another settledrobot. “Marking” is understood to be a generic capabilityof the robots and could be accomplished by many differenttechnologies, such as local radio communication or visualsensing; we refer to the Related Work section for possibleimplementations.As more and more mobile robots become settled, theirmarks serve as a navigational network of the environment thatis utilised by the remaining mobile robots. The mobile robotsare capable of sensing the number of robots in neighbourlocations, and sensing when a settled robot is pointing to(marking) their location. They rely only on this informationto make decisions. Hence, they operate in a GPS-denied,low memory setting, meaning they act based only on localcommunications and local geographic features. The robots aretasked with settling at every vertex of G , and constructing animplicit spanning tree of G via the settled robots and theirpointer marks.There are no restrictions on G as long as it is connected.In principle, different robots need not even agree on the graphrepresentation of their environment for our algorithm to work(e.g., in case they gradually build it from local sensory data),as the settled robots gradually construct a spanning tree whichall robots agree on and use to move between locations. Weassume, for simplicity, that they share the same representation. Physical constraints and asynchronicity.
We model themobile robots as activating repeatedly at stochastic, inde-pendent exponential waiting times of rate . When a robotactivates, it may move or move-and-settle at a nearby location(once a robot settles, it remains stationary). We assume thephysical constraint that any given location may contain nomore than a single mobile robot and a single settled robot (andperhaps a number of crashed robots). Frequent traffic obstruc-tions occur as robots block each other off from progressing.This model of asynchronicity and limited vertex capacity ina graph environment is motivated by the totally asymmetricsimple exclusion process (TASEP) in statistical mechanics.There is an extensive literature on this process as a model for agreat variety of transport phenomena, such as traffic flow [18]and biological transport [17]. Rigorous exact and asymptoticresults for TASEP are known [27, 38], and our analysistechnique shall be to compare our swarm’s performance to atwo-layered TASEP-like process. Since our robots are mostlyin a state of ”traffic flow” (waiting for other robots to move),references such as [18] suggest that our model in fact capturesmany of the relevant traffic phenomena that will occur in reallife implementations. Adversarial crashing.
Similar to, e.g., [28], we consider arisky traversal model where robots may crash whenever theytry to move across an edge. We assume robots remain safewhen not moving, as remaining put is less risky than travelling(in fact, we need just the weaker assumption that settled robots, which never move, are safe). To facilitate analysis, we assumecrashed robots do not prevent travel between the graph’s vertexhubs. This assumption is applicable when such robots can bemanoeuvred around or pushed aside, or the crash causes therobot to disappear. For example, we may consider crashedair-based robots falling to the ground during exploration ofan environment. Alternatively, in a ground robot scenario, wecan with foresight expand vertex sizes to be big enough suchthat vertices can contain a small number of crashed robots inaddition to the two active robots (and such local crashed robotsare then bypassed using, e.g., local collision avoidance).Since, in our model, at most one new robot may arrive inthe environment per time step, we assume that the numberof crashes that occur is bounded by the current time t , anda parameter c which reflects the frequency at which crashesoccur over time. When c is close to , the vast majority ofrobots that enter the environment will crash before achievinganything.Besides these limitations, we assume nothing more aboutthe crashes that occur. In particular, a virtual adversary maychoose crashes so as to be as obstructing as possible. Results.
We describe a local rule of behaviour (Algorithm1) that can achieve uniform dispersion, even in the presencefrequent crashes and traffic obstructions. The rule is easy tounderstand and implement and is well-suited for a swarmof simple robots, mimicking a kind of branching depth-firstsearch. In many mobile robot systems one wishes to constructa spanning tree of the environment for purposes of mapping,routing or broadcasting [1, 4, 14, 21, 22]. Our rule achievesthis as well, by having robots act as nodes of the tree, andmaking them aware of their immediate descendants. Our goalis to study how crashes, asynchronicity, and traffic affect theswarm’s performance under this rule of behaviour.We prove that our robots are able to complete their mis-sion in time linear in the size of the environment, and thatperformance degrades gracefully (by a factor (1 − c ) − ) withfrequency of crashes. Given our assumptions and algorithm,it is not surprising that the robots can complete the dispersionassuming some crashes; rather, we show that even with manyfrequent crashes, the robots can still do so efficiently.Specifically, let n be the number of vertices in the envi-ronment G . We prove that dispersal completes before time · (cid:0) (1 − c ) − + o (1) (cid:1) n asymptotically almost surely (meaningwith probability approaching as n grows)–a worst-casebound on performance. No dispersal algorithm can complete inless than O ( n ) expected time, since this is the time it takes toeven explore n vertices, so when there are no crashes (but stillthere is traffic and asynchronicity) this bound is asymptoticallytight. For, say, c = 0 . , we expect up to (roughly) % ofrobots to crash before achieving anything, and our analysissays that therefore the swarm will take twice as long to achievedispersal. This seems intuitive, but consider that the robotsthat eventually crash are (uselessly) present in the environmentin the time leading to the crash, blocking other robots fromentering or progressing. The analysis says that nevertheless,the ability of the rest of the swarm to achieve its goal is not eference Environment Time Communication Makespan Crashes[26] Arbitrary Synch. Radio O ( n ) x[7] Hole-lessgrid Synch. Visual O ( n ) x[24] Grid Synch. Visual O ( n ) x[9] Hole-lessgrid Asynch. Visual undefined x[10] Grid Asynch. Radio undefined xOur work Arbitrary StochasticAsynch. Marking O ( n ) (cid:88) TABLE I:
A comparison of works on uniform dispersal. disproportionately worsened.To the best of our knowledge, with or without crashes,we are the first to consider a non-synchronous setting forthe uniform dispersal problem where time to completion canexplicitly be bounded, hence also the first to give explicitperformance guarantees in a non-synchronous setting. In anasynchronous as opposed to a synchronous setting, there aremany more possible configurations that the robots might existin, which makes the analysis more difficult. We believe thereferences and techniques from statistics [27, 38, 18] mightbe of general interest for tackling these kinds of topics.Our analysis extends also to a synchronous time setting,and to the case where robots enter the environment from multiple locations. Multiple entrance locations result insteadin the robots constructing instead an implicit spanning forest .In both these settings, dispersion completes faster. The boundon performance we derive for the synchronous case is exact.Finally, we confirm our findings by numerically simulatingour system in a number of environments and measuringperformance.
A. Related work
Uniform dispersal was introduced by Hsiang et al. in[26] for discrete grid environments of connected pixels (buttheir work can be extended to arbitrary graph environments).They considered a synchronous time setting where robots areallowed to send short messages to nearby robots, and showedtime-optimal algorithms for this setting. Many variations havesince been studied. Barrameda et al. extend the problem to theasynchronous setting with no explicit non-visual communica-tion [10, 9]. Recent works include dispersal with weakenedsensing [24], dispersal in arbitrary graph environments [30],and dispersal under energy constraints [7]. Our model differsfrom previous work on several central points, including thepresence of crashes, the two layers, and the ability to markneighbours. Marking is weaker than the radio communicationavailable to robots in [26], that enables robots to transfermany bits of data locally, but stronger than the indirect, visualcommunication assumed in several other works.Because of differences in the settings, assumptions, andconstraints, quantitative comparison of works on uniformdispersal is very difficult. Table I gives a rough, non-exhaustive overview of some differences, such as the supported kinds ofenvironments (grid environment, hole-less grid environment,or arbitrary graph environment), synchronous versus asyn-chronous time, expected makespan (i.e., how long it takes therobots to complete their mission), and whether crashes areconsidered in the model.Robotic coverage, patrolling, and exploration with adversar-ial interference, as well as crashes, have been studied in differ- ent problem settings from our own. Agmon and Peleg studieda gathering problem for robots where a single robot may crash[3], and gathering with multiple crashes was later discussed byZohir et al. in a similar setting [13]. Robotic exploration in anenvironment containing threats has been studied in [40, 41].Moreover, adversarial crashes of processes are often studiedin general distributed algorithms (e.g., [20]). Differing frommany of these works, we study a situation where the number ofcrashes scales with the mission’s complexity (the time it takesto cover the environment), and where even the vast majority ofrobots may crash. However, to enable this, we assume accessto a huge reservoir of robots waiting to replace crashed robots–i.e., a robotic swarm.Robotic coverage in various hazardous or adversarial GPS-denied settings has become an important topic in recentdecades, since this opens the possibility of deploying roboticswarms in the real world, outside laboratory conditions [23, 5,2]. Theoretical and empirical results about the performance ofswarms in such settings may help inform our expectations ofreal world swarm-robotic fleets. To implement such systemsin practice, the robots themselves must be capable of relativevisual localization. This poses a technical challenge, as con-siderations of depth, angle of view, and persistent coveragecome into play. In [12] a system of relative visual localizationfor mobile ground vehicles with low computing power isproposed. The system enables autonomous ground vehiclesto navigate their environment while avoiding obstacles. In[36] a relative visual localization technique is developed forsmall quadcopters, with similar capabilities. In [34] the authorsdiscuss a localization algorithm for lightweight asynchronousmulti-robot systems with lossy communication. These areexamples of the techniques that may be used for the sensorsof robots in such systems as the one described in this paper(see similar discussion in [7]).A fascinating introduction to TASEP-like processes andtheir connection to other fields is [29].II. M
ODEL AND S YSTEM
We consider a swarm of mobile robotic agents performingworld-embedded calculations on an unknown discrete environ-ment represented by a connected graph G . The vertices of G represent spatial locations, and the edges represent connectionsbetween these locations, such that the existence of an edge ( u, v ) indicates that a robot may move from u to v .We assume an infinite collection of robots (also referred toas ‘agents’) attempt to enter G over time through a source vertex s ∈ G . The robots are identical and execute the samealgorithm. They begin in the mobile state, and eventually enterthe settled state. Settled robots are stationary, and are capableof marking a neighbouring vertex that contains another settledrobot. Mobile robots move between the vertices of G andsometimes crash while in motion. They are oblivious, anddecide where to move based only on local information pro-vided by their sensors: the number of robots at neighbouringvertices, and whether any of the neighbouring settled robotsark their current location. Each vertex has limited capacity:it can contain at most one settled and one mobile robot.Mobile robots are only allowed to move to a neighbouringvertex when they are activated . Each robot, including robotsoutside G , reactivates infinitely often and independent of otherrobots, at random exponential waiting times of mean .When s contains less than two robots, robots from outside G attempt to enter it when they are activated. It is convenient togive the robots arbitrary labels A , A , . . . and assume that A i cannot enter s before all robots with lower indices entered orcrashed. This assumption makes the analysis simpler, but theperformance bound we prove in this work holds also for theentrance model where robot entrance depends only on whichrobot is activated first. Hence, whenever the current lowest-index robot outside of G activates and there is no mobile robot at s , it moves to s . If s is completely empty, the robotsettles upon arrival and becomes the root of the spanning tree.Otherwise it remains a mobile robot.We denote by G ( t ) the graph whose vertices are vertices of G containing settled robots at time t , and there is a directededge ( u, v ) ∈ G ( t ) if u is marked by a settled robot at v . Thegoal of the robots is to reach a time T wherein G ( T ) is aspanning tree of the entire environment G . The makespan ofan algorithm is the first time T when this occurs.Crashes are modelled as follows: when a robot A i isactivated and attempts to enter s or move from u to v viathe edge ( u, v ) , occasionally an adversarial event occurs,causing the deletion of A i from G . Robots do not crash unlessattempting to move. Hence, mobile robots are volatile butsettled robots are safe. This assumption is somewhat strongerthan necessary: our results still hold if mobile (but not settled)robots are allowed to crash while they stay put, but thistediously lengthens the analysis. We assume the number ofadversarial events before time t is bounded by a fractionof t . Adversarial events may otherwise be as inconvenientas possible: we may assume there is an adversary choosingcrashes to maximize the makespan of our algorithm.Unless stated otherwise, when discussing the configurationof robots “at time t ”, we always refer to the configurationbefore any activation at time t has occurred.III. D ISPERSAL AND S PANNING T REES
We study a simple local behaviour (Algorithm 1) thatdisperses robots and incrementally constructs a distributedspanning tree of G . The rule determines the behaviour of mobile robots whenever they are activated (settled robotsmerely remain in place and continue to mark their target).We prove that using this rule, the makespan is linear in thenumber of vertices of G asymptotically almost surely, and thatperformance degrades gracefully with the density of crashes.The rule grows G ( t ) as a partial spanning tree of G . It actsas a kind of depth first search that splits into parallel processeswhenever a mobile robot is blocked by another mobile robot.Every vertex of the tree G ( t ) is marked by settled robots atits descendants. Mobile robots follow these marks to discoverthe leaves of the current tree G ( t ) and expand it. Robots grow Algorithm 1
Local rule for a mobile robot A .Let v be the current location of A in G (if A is outside G ,see Section II). if a neighbour u of v contains exactly one robot, and thisrobot marks v then Attempt to move to u . else if a neighbour u of v contains no robots then Attempt to move to u and become settled if no crash. Mark the vertex v . else Stay put. end if the tree by settling at unexplored vertices that then becomenew leaves. Our main result is Theorem III.1:
Theorem III.1.
If for all t the number of adversarial eventsbefore time t is allowed to be at most ct/ , ≤ c < , thenthe makespan of Algorithm 1 over graph environments with n vertices is at most − c ) − + o (1)) n asymptotically almostsurely as n → ∞ . Figure 1 shows an execution of our algorithm on a gridenvironment with n = 62 square vertices (white region) andobstacles (blue region). We allowed a naive adversary to arbi-trarily delete at most ct/ robots before time t , with c = 0 . .This corresponded to a deletion of 56% of robots that enteredthe environment before the makespan. In a more constrainedtopology (such as a path graph, see Section III-A3), the robotswould progress more slowly, and a greater percentage wouldbe deleted. The makespan (bottom right figure) was ,consistent with the upper bound of Theorem III.1. After thethe spanning tree completes, robots keep entering the regionuntil there are two robots at every vertex. This is related tothe “slow makespan”, which we will later define. The slowmakespan was 831. See Section IV for more simulations. Fig. 1:
An execution of Algorithm 1 on a grid environment. Thesource is denoted by a square box in the center. The arrows denotesettled robots, and their direction points to the adjacent location witha settled robot that they mark. Red arrows indicate a mobile robot ison top of the settled robot (note that by the algorithm, a mobile robotwill never occupy a vertex that does not have a settled robot). Theenvironment is a priori unknown to the robots, and they construct aspanning tree representation over time. . Analysis
We study the makespan of Algorithm 1. Some of the proofsare placed in the Appendix.For the analysis, we will assume that robots from A , A , . . . that settle or crash keep being activated. This isa purely “virtual” activation: such robots of course do andaffect nothing upon being activated. We start with a structuralLemma: Lemma III.2. G ( t ) is a tree at all times t with probability .Proof: When the first robot enters and successfully settles, G ( t ) contains only s . No settled robots are ever deleted, so G ( t ) can only gain new vertices. Whenever a mobile robotsettles, it extends the tree G ( t ) by one vertex, connectingits current location v to G ( t ) via a single directed edge. Bydefinition, the edge is directed from the vertex the settled robot marks –which is its previous location–to v . This turns v into aleaf of G ( t ) . With probability no two robots on G activate atthe exact same time, so no two robots settle the same vertex.Hence G ( t ) remains a tree.
1) Event orders:
We explain how we intend to bound themakespan. Our strategy shall be to use coupling to compare theperformance of Algorithm 1 by the performance of differentrandom processes of robots moving on different structures.Coupling is a technique in probability theory for comparingdifferent random processes (see [32]).The basic idea is this: whenever we run Algorithm 1 on G ,we can log the exact times at which the robots activate, as wellas the times adversarial events happen and which robots theyaffect. This gives us an order of events S sampled from somerandom distribution. Note that robots keep activating forever(but these activations do nothing once the graph is full), so S is infinitely long. We then “re-enact” or “simulate” S ona new environment (or several new environments) involvingthe robots A , A , . . . by activating and deleting the robotsaccording to S .To make things more precise, by “simulating” S on dif-ferent environments we mean that we consider the cou-pled process ( G, G , . . . , G m ) wherein different environments G, G , . . . G m have robots that are paired such that whenever A i in G is scheduled for an activation or a deletion accordingto the event order S ( S is simply an infinite list of scheduledactivation and deletion times), the copies of A i in all theenvironments G , . . . G m also activate or are deleted. Whenthe copies of A i are activated they act according to Algorithm1 with respect to their local neighborhood. Robots entrancesare modelled as usual (Section II), but note that even if A i manages to enter G following an activation, its copy mightnot enter its own environment because in that environment theentrance is blocked, or there is a lower-index robot waitingto enter. During Algorithm 1’s analysis, we will often betalking about a deterministic event order S being simulatedover different environments. The end-goal, however, is tosay something about the event order S when it is randomlysampled from the execution of Algorithm 1 on G . The event order S must be a possible set of events thatoccurred during an execution of our algorithm on the basegraph environment G . This means, due to our model, that arobot A i in G will never be scheduled for deletion except attimes when it is activated and attempts to move. However,while simulating S on the environments G , . . . G m , we mustbe allowed to break the rules of the model: we might deleterobots even when they don’t attempt to move, or while theyare outside of the new graph environment. Whenever we say“for any event order S ”, we mean event orders S that couldhave happened over G .In S , define t to be the first time A activates, t to be thefirst time after t that either A or A activate, and t i to be thefirst time t > t i − that any robot in the set { A , . . . , A i +1 } isactivated. Definition III.3.
The times t < t < t < . . . in S are calledthe meaningful event times of S . For meaningful event times to be well-defined there must bea minimal time t > t i − where one of the robots A , . . . , A i activates. Because the activation times of the robots areindependent exponential waiting times of mean , this is truewith probability for a randomly sampled S . Moreover, withprobability , at any time t i there is precisely one robot A of A , A , . . . , A i +1 scheduled for activation by S . Becauseboth these things are true with probability , we assume theyare true for any event order S referred to at any point in thisanalysis. This does not affect our main result (Theorem III.1),which is probabilistic.Our end-goal is randomly sample S from G and simulateit on four increasingly “slower” environments: P ( n ) , P ( ∞ ) , P ∗ ( ∞ ) , B , so that all environments ( G and these four) arecoupled. Meaningful event times are so called because, priorto the first activation of A i , any of the robots A i +1 , A i +2 , . . . cannot enter or move in any of these environments, andactivating them causes nothing. Hence, at any time t whichis not a meaningful event time, the configuration of robotscannot change (no robots move and no robots are deleted inany of the environments S is simulated on).The possibility to create an event order S is the only reasonwe labelled the robots and made the assumption about entranceorders in Section II. Fig. 2:
The processes P ( n ) , P ( ∞ ) , P ∗ ( ∞ ) , B that we will beinterested in. White vertices are empty, black vertices contain a settledrobot, and red vertices contain both a mobile and a settled robot. Edgedirections indicate edge directions in G ( t ) . Note that B does not havea source vertex. P ( n ) versus G : Let n be the number of vertices of G . The path graph P ( n ) over n vertices is a graph over theertices v v . . . v n such that there is an edge ( v i , v i +1 ) for all ≤ i ≤ n − . We simulate S on the graph environment P ( n ) where the source vertex s is v . Simulating S on P ( n ) resultsin what is mostly a normal-looking execution of Algorithm 1on P ( n ) , but as discussed, it might lead to some oddities suchas robots being deleted while they are still outside the graphenvironment.Let us introduce some notation. A Gi refers to the copy of A i being simulated by S on G , and A P ( n ) i is similarly defined. Definition III.4.
The depth of A Gi at time t , written d ( A Gi , t ) ,is the number of times A Gi has successfully moved before time t . Depth is initially . Entering at s is considered a movement,so robots entering s have depth . d ( A P ( n ) i , t ) is similarly defined with respect to P ( n ) . Definition III.5.
Let T be a tree graph environment (such as P ( n ) ) with source vertex s . A vertex v of T becomes slow at time t if a mobile robot on v was activated and found novertex it could move to, and also, either v is a leaf of T orall of its descendants in T are slow at time t .A robot A i is slow at time t if it is located at a slow vertexat time t . Definition III.6.
The slow makespan of S on T , M Tslow , isthe first time all vertices of T are slow when simulating theevent order S . G is not always a tree, but given a fixed event order S , wecan associate to S a spanning tree of G , T S , containing G ( t ) as a subtree for all times t . Lemma III.2 says robots only useedges of T S , so we may define the slow makespan of S onthe G -simulation as the slow makespan on T S . Slow makespanis clearly also defined for the P ( n ) -simulation. Furthermore, M Gslow is an upper bound on the (regular) makespan of the G -simulation, since every vertex must have a settled robot beforeit becomes slow and, as the settled robots of G never move,they cannot be deleted by S .Our motivation for introducing slow makespan is that wewish to show P ( n ) is the environment that maximizes slowmakespan on n vertices. However, it does not maximizenormal makespan (see Table II for an example). Lemma III.7.
A slow robot A Gi is forever unable to move andnever deleted in the event order S .Proof: Only robots attempting to move can be deleted. If A Gi is at a leaf of T S , it can never move, since its parent vertexin T S contains a settled robot marking the vertex of a robotin a different location, and settled robots are never deleted.Hence, A Gi is never deleted. Slow vertices propagate upwardsfrom the leaves of T S , so the statement of the lemma followsby induction. Proposition III.8.
For any event order S , M Gslow ≤ M P ( n ) slow . An intuitive argument for this proposition is that if thespanning tree T S of G is not P ( n ) , then some vertex v of T S must have multiple descendants, hence robots entering v will be able to branch to different neighbours and v is lesslikely to be blocked. Consequently, robots will enter G fasterthan P ( n ) , and so M Gslow ≤ M P ( n ) slow . We need to formalize thisintuition into an argument that holds for any event order S . Itturns out there are many subtleties involving asynchronicity,settling and crashing which make this not straightforward, andwe require a rather technical argument. (Such subtleties arealso why it is simpler to compare the environments G, P ( n ) , P ( ∞ ) , P ∗ ( ∞ ) , B rather than compare G to B directly.)We prove Proposition III.8 by induction on the meaningfulevent times t , t , . . . in the event order S . We show thefollowing statements to be true for non-deleted robots at alltimes t m :(a) If A Gi is not slow or settled, then d ( A Gi , t m ) ≥ d ( A P ( n ) i , t m ) .(b) If A P ( n ) i is slow or settled, then A Gi ( t m ) is slow orsettled, and d ( A Gi , t m ) ≤ d ( A P ( n ) i , t m ) .We note that both statements are (trivially) true at time t ,as no event has occurred yet. Lemma III.9.
If statement (b) is true up to time t m , settledand slow robots of P ( n ) neither move nor get deleted as aresult of an event of S scheduled for time t m (i.e., the robotsstill exist and are in the same place at time t m +1 ). Assuming (a) and (b) hold at all times, let us see how toinfer Proposition III.8. If a vertex becomes slow at some time t , it must contain a settled and a mobile robot, both of whombecome slow. Lemma III.9 says that slow and settled robots of P ( n ) never get deleted. Hence, the first time there are n slowrobots on P ( n ) (two at every vertex) is M P ( n ) slow . Statement(b) implies that if P ( n ) has n slow robots, G must alsocontain n slow or settled robots. It is immediate to verifythat this can only happen when G has n slow robots. Hence,at time M P ( n ) slow , G has n slow robots–two at every vertex.The inequality M P ( n ) slow ≥ M Gslow follows by definition.
Lemma III.10.
If statements (a) and (b) are true up to time t m , statement (a) is true at time t m +1 . Lemma III.11.
If statements (a) and (b) are true up to time t m , statement (b) is true at time t m +1 .3) P ( n ) versus P ( ∞ ) : We wish to bound M P ( n ) slow (whichis determined by the event order S ). We do this by comparingsimulations of S on different environments. To start, let P ( ∞ ) be the path graph with infinite vertices, and where s = v . Wemay simulate S on P ( ∞ ) as we did on P ( n ) . Lemma III.12.
For any event order S simulated on P ( n ) and P ( ∞ ) and any time t < M P ( n ) slow , P ( n ) and P ( ∞ ) contain theexact same number of robots.Proof: The configuration of robots in the first n verticesof P ( n ) and P ( ∞ ) is identical until v n becomes slow in P ( n ) .After v n becomes slow, the configuration of robots in the first n − vertices is still the same in both graphs until a robotin v n − is prevented from moving by a robot in v n , meaning n − becomes slow. By induction, the configuration of robotsin the first k vertices of both graphs is identical until v k in P ( n ) becomes slow (we use Lemma III.9 to infer that the slowrobots at v k +1 are never deleted). Hence, until v becomesslow, robots enter at the same times in P ( n ) and P ( ∞ ) . v becomes slow precisely at time M P ( n ) slow . P ( ∞ ) versus P ∗ ( ∞ ) : We simulate S on the environ-ment P ∗ ( ∞ ) . P ∗ ( ∞ ) is P ( ∞ ) with the modification thatthere is at time t = 0 a settled robot at every vertex v i . Thesettled robot at v i marks v i − . These “dummy” robots arenever activated, and are not of the indexed robots A , A , . . . .Because there is already a settled robot at every vertex, therobots A , A , . . . never become settled. Call this environment P ∗ ( ∞ ) . Lemma III.13 shows P ∗ ( ∞ ) is strictly slower than P ( ∞ ) : Lemma III.13.
For any event order S and at any time t , theamount of mobile -state robots in P ∗ ( ∞ ) at time t is at mostthe total amount of robots in P ( ∞ ) .5) P ∗ ( ∞ ) versus totally asymmetric simple exclusion: We bound the arrival rate of robots at P ∗ ( ∞ ) by another,even slower process. This process, B , takes place on thepath graph P ( ∞ ) where we also have non-positive vertices v , v − , v − , . . . , and such that there is an edge ( v i , v i +1 ) for every i . Like P ∗ ( ∞ ) there is initially a settled robot atevery vertex, marking the vertex before it. Unlike the otherprocesses, robots do not enter at s : the robot A i begins insidethe graph environment as a mobile robot located at v − i +1 .To compare B with P ∗ ( ∞ ) , we count the robots that crossthe edge ( v , v ) . There is one more crucial feature of B :robots are never deleted from B . Scheduled robot deletionsat S are treated as a regular activation of the robot. Besidesthese differences, S can be simulated on B as before. Lemma III.14.
For any event order S and at any time t , thenumber of mobile robots that crossed the ( v , v ) edge of B is at most the number of robots that entered or were deletedbefore entering P ∗ ( ∞ ) . Recall that S is an event order of some execution ofAlgorithm 1 on the graph environment of interest, G . We mayrandomly sample S by running Algorithm 1 on G and loggingthe events.The stochastic process resulting from simulating a randomlysampled event order S on B is called a totally asymmetricsimple exclusion process (TASEP) with step initial condition,first introduced in [37]. In this process, robots (called also“particles”) are activated at exponential rate and attempt tomove rightward whenever no other robot blocks their path.This is precisely the outcome of simulating S on B (sincerobot activations that lead to a deletion in the other processesare treated as a regular activation in B ).In TASEP with step initial condition, let us write B t todenote the number of robots that have crossed ( v , v ) at time t . It is shown in [35] that B t converges to t asymptoticallyalmost surely (i.e., with probability 1 as t → ∞ ). [27] showsthat the deviations are of order t / . Specifically we have in the limit: lim t →∞ P ( B t − t ≤ − / st / ) = 1 − F ( − s ) (1)Valid for all s ∈ R , where F is the Tracy-Widom distri-bution and obeys the asymptotics F ( − s ) = O ( e − c s ) and − F ( s ) = O ( e − c s / ) as s → ∞ . We employ Equation 1and the prior analysis to prove Theorem III.1: Proof:
Let G be a graph environment with n vertices. Let S be the randomly sampled event order of an execution ofAlgorithm 1 on G . We will bound the slow makespan, M Gslow .We simulate S over the environments P ( n ) , P ( ∞ ) , P ∗ ( ∞ ) ,and B . From Lemma III.14 we know that at all times thenumber of robots that crossed the ( v , v ) edge of B , meaning B t , is less than the number of robots that entered P ∗ ( ∞ ) orwere deleted before entering. At most ct/ robots are deletedby time t , so the number of mobile robots at P ∗ ( ∞ ) at time t is at least B t − ct/ . Lemmas III.12 and III.13 imply this isat least the number of robots at P ( n ) at any time t < M P ( n ) slow .At any time t , there cannot be more than n robots at P ( n ) .Hence, if B t − ct/ > n , then t ≥ M P ( n ) slow . By PropositionIII.8, we shall then also have t ≥ M Gslow .Write t n = 8((1 − c ) − + n − / ) n . We wish to show t n isan upper bound on M Gslow asymptotically almost surely, whichis precisely the statement of Theorem III.1. To show this, weare interested in X n = P ( B t n ≤ n ) , the probability that B t n is less than n at time t n . Showing X n tends to as n → ∞ completes our proof. Define the probability p ( n, s ) = P ( B t n − t n ≤ − / st / n ) (2) p ( n, s ) is the parametrized left innermost part of Equation1 with t = t n ( n is a positive integer). Note that p ( n, s ) ismonotonic increasing in s . Define s n = (2 n − t n / / t − / n .By algebra, we have X n = p ( n, s n ) . Fix any constant S ∗ anddefine Y n = p ( n, S ∗ ) . Again by algebra, s n tends to −∞ as n → ∞ . Hence, for a large n , we must have s n < S ∗ and therefore X n ≤ Y n (by the monotonicity of p ( n, s ) ). ByEquation 1, Y n tends to − F ( −S ∗ ) as n → ∞ . Hence X n is at most − F ( −S ∗ ) in the limit. By taking S ∗ → −∞ wesee that X n in the limit is at most − F ( ∞ ) = 0 .We note that slow makespan can be nearly equal tomakespan (see Table II, or consider a path graph P ( n ) thesource vertex placed at s = v and robots initially movingrightwards). Hence, one does not “miss out” on much by usingit to bound makespan. B. Synchronous time and multiple sources
We describe extensions of our results to two settings.
Synchronous time . We may consider a synchronous timesetting that is discretized to steps t = 1 , , . . . such that atevery step, all the robots activate at once. In this setting,Algorithm 1 ends up exploring just one branch of the tree at atime, like depth-first-search; so no two robots ever attempt toenter the same vertex. Analysis similar to the asynchronouscase shows that robots then enter at rate t/ (instead ofapproximately t/ ) on P ( n ) , and analogous reasoning toLemma III.8 and Theorem III.1 gives an upper bound of (1 − c ) − n on the makespan of a graph with n vertices,assuming ct/ adversarial events. Consider the path graph P ( n ) with s = v (not the usual s = v ), and where the robotsfirst fill the vertices v , v , . . . with a double layer beforereaching v . The synchronous makespan of this environment isasymptotically − c ) − n . Hence, the bound on the makespanin the synchronous case is exact. Multiple source vertices.
Instead of just having a singlesource vertex s , we may consider environments with multiplesource vertices such that each of them corresponds to its ownset of robots A , A , . . . entering over time. In asynchronoustime, Lemma III.2 can be generalized to show that G ( t ) isthen a forest , and the robots attempt to create a spanningforest of G . The technique in this paper can be generalizedto show that the makespan bound of Theorem III.1 holds. Ingeneral graph environments multiple sources may not improvethe makespan by much. For example, consider the path graph P ( n ) with k sources on v , v , . . . v k . The makespan of thisgraph is bounded below by the makespan of the path graph P ( n − k − with a single source vertex v .IV. S IMULATION AND EVALUATION
For empirical confirmation of our analysis, we numeri-cally simulated our algorithm on a number of environments.On these environments, we measured the makespan andthe percentage of robots that crashed for the parameters c = 0 , . , . , averaging them over 30 simulations perconfiguration and rounding to the nearest integer. Data onseveral environments is found in Table II. Figure 3 shows stillsfrom some simulations. Fig. 3:
An execution of Algorithm 1 on (a) an × square gridand (b) an “indoor” environment. The legend is same as Figure 1. n c = 0 c = 0 . c = 0 . Figure 1 62 272;373 321;446 (18%) 555;743 (52%)Figure 3, (a) 121 463;554 484;586 (13%) 715;921 (39%)Figure 3, (b) 300 1791;1907 2154;2281 (19%) 3894;4116 (56%) P (300)
300 1677;2325 1940;2883 (23%) 3727;6147 (66%)
TABLE II:
The makespan and slow makespan of Algorithm 1 overthe environments in the referred-to Figures and over the path graphof length , P (300) . We vary the crash density parameter c . Thecell format is makespan ; slow makespan (% of robots crashed) . Thecolumn “ n ” gives the number of vertices in the environment. From the data, it is clear that makespan is affected bythe shape of the environment and by c . We see that an increase in the percentage of robots crashed scales makespanup gracefully, and that spacious environments generally havelower makespans. We also confirm that the slow makespans arealways lower than the bound of Theorem III.1. Closest to thebound is the scenario where the environment is the path graph P (300) and c = 0 , in which case slow makespan is almostexactly the bound, · . This is consistent with our analysisthat the P ( n ) environment has the largest slow makespan. Italso verifies that Theorem III.1 gives a correct upper bound.Such data further suggests that for spacious environments,and for large c , performance on average is better than the worst-case performance guarantee of Theorem III.1. In thesimulations, we did not choose our adversarial events to bemaximally obstructing, but rather crashed robots arbitrarily–a cleverer adversary would cause the makespan and slowmakespan to be closer to the worst-case (and cause a largerpercentage of robots to crash).V. D ISCUSSION
In swarm robotics, where one must coordinate an enormousrobotic fleet, we must anticipate many faults, such as crashingand traffic jams. Because robots in the swarm are usuallyassumed to be autonomous and have limited computationalpower, complex techniques for handling such faults are notnecessarily feasible. Hence, it is important to ask whethersimple rules of behaviour can be effective. To this end,we investigated the problem of covering an unknown graphenvironment, and constructing an implicit spanning tree, with aswarm of frequently crashing robots. We showed a simple andlocal rule of behaviour that enables the swarm to quickly andreliably finish this task in the presence of crashes. The swarm’sperformance degrades gracefully as crash density increases.We outline here several directions for future research. First,our model interprets the “swarm” part of swarm robotics as avast and redundant fleet of robots that can be dispersed intothe environment over time. We used this model for uniformdispersal, but it would be interesting to adapt it to otherkinds of missions, and design algorithms for those missionsthat can handle crashes or other forms of interference. Forexample, in [8], mobile agents entering at a source node s overtime sequentially pursue each other to discover shortest pathsbetween s and some target node t . The algorithm succeedseven if some of the agents are interrupted and have theirlocation changed.Next, in this work, we made the simplifying assumption thatthe environment of the robots is discrete. If the robots insteadattempted to cover a continuous planar domain by an algorithmsimilar to ours, the robots would need to construct a shareddiscrete graph representation of the environment through thesettled robots in G ( t ) and their markings. We believe that ouralgorithm can readily be extended to such settings.Lastly, can we exploit the large number of robots in a swarmto handle other kinds of errors? There are many situationsand modes of failure that can be discussed, such as Byzantinerobotic agents, or dynamic changes to the environment. EFERENCES [1] Sheila Abbas, Mohamed Mosbah, and Akka Zemmari.Distributed computation of a spanning tree in a dynamicgraph by mobile agents. In , pages1–6. IEEE, 2006.[2] Noa Agmon. Robotic strategic behavior in adversarialenvironments. In
Proceedings of the 26th InternationalJoint Conference on Artificial Intelligence , pages 5106–5110. AAAI Press, 2017.[3] Noa Agmon and David Peleg. Fault-tolerant gatheringalgorithms for autonomous mobile robots.
SIAM Journalon Computing , 36(1):56–82, 2006.[4] Noa Agmon, Noam Hazon, and Gal A Kaminka. Con-structing spanning trees for efficient multi-robot cover-age. In
Proceedings 2006 IEEE International Conferenceon Robotics and Automation, 2006. ICRA 2006. , pages1698–1703. IEEE, 2006.[5] Yaniv Altshuler, Alex Pentland, and Alfred M Bruck-stein. Introduction to swarm search. In
Swarms andNetwork Intelligence in Search , pages 1–14. Springer,2018.[6] Francesco Amigoni and Vincenzo Caglioti. Aninformation-based exploration strategy for environmentmapping with mobile robots.
Robotics and AutonomousSystems , 58(5):684–699, 2010.[7] Michael Amir and Alfred M. Bruckstein. Minimizingtravel in the uniform dispersal problem for robotic sen-sors. In
Proceedings of the 18th International Confer-ence on Autonomous Agents and MultiAgent Systems .International Foundation for Autonomous Agents andMultiagent Systems, 2019.[8] Michael Amir and Alfred M Bruckstein. Probabilisticpursuits on graphs.
Theoretical Computer Science , 2019.[9] Eduardo Mesa Barrameda, Shantanu Das, and NicolaSantoro. Deployment of asynchronous robotic sensorsin unknown orthogonal environments. In
InternationalSymposium on Algorithms and Experiments for SensorSystems, Wireless Networks and Distributed Robotics ,pages 125–140. Springer, 2008.[10] Eduardo Mesa Barrameda, Shantanu Das, and NicolaSantoro. Uniform dispersal of asynchronous finite-statemobile robots in presence of holes. In
InternationalSymposium on Algorithms and Experiments for SensorSystems, Wireless Networks and Distributed Robotics ,pages 228–243. Springer, 2013.[11] Nicola Basilico and Francesco Amigoni. Explorationstrategies based on multi-criteria decision making forsearching environments in rescue operations.
Au-tonomous Robots , 31(4):401, 2011.[12] Joydeep Biswas and Manuela Veloso. Depth camerabased indoor mobile robot localization and navigation.In
Robotics and Automation (ICRA), 2012 IEEE Inter-national Conference on , pages 1697–1702. IEEE, 2012.[13] Zohir Bouzid, Shantanu Das, and S´ebastien Tixeuil. Gathering of mobile robots tolerating multiple crashfaults. In , pages 337–346. IEEE,2013.[14] Andrei Broder. Generating random spanning trees. In , pages 442–447. IEEE, 1989.[15] Daniele Calisi, Alessandro Farinelli, Luca Iocchi, andDaniele Nardi. Autonomous navigation and explorationin a rescue environment. In
IEEE International Safety,Security and Rescue Rototics, Workshop, 2005. , pages54–59. IEEE, 2005.[16] Yushan Chen, Jana Tumova, Alphan Ulusoy, and CalinBelta. Temporal logic robot control based on automatalearning of environmental dynamics.
The InternationalJournal of Robotics Research , 32(5):547–565, 2013.[17] T Chou, K Mallick, and RKP Zia. Non-equilibriumstatistical mechanics: from a paradigmatic model to bio-logical transport.
Reports on progress in physics , 74(11):116601, 2011.[18] Debashish Chowdhury, Ludger Santen, and AndreasSchadschneider. Statistical physics of vehicular trafficand some related systems.
Physics Reports , 329(4-6):199–329, 2000.[19] Micah Corah and Nathan Michael. Efficient onlinemulti-robot exploration via distributed sequential greedyassignment. In
Robotics: Science and Systems , 2017.[20] Carole Delporte-Gallet, Hugues Fauconnier, RachidGuerraoui, and Andreas Tielmann. The disagreementpower of an adversary.
Distributed Computing , 24(3-4):137–147, 2011.[21] Dariusz Dereniowski and Andrzej Pelc. Drawing mapswith advice.
Journal of Parallel and Distributed Comput-ing , 72(2):132–143, 2012. (Journal version of the samepaper from DISC2010).[22] Yoav Gabriely and Elon Rimon. Spanning-tree basedcoverage of continuous areas by a mobile robot.
Annalsof mathematics and artificial intelligence , 31(1-4):77–98,2001.[23] Enric Galceran and Marc Carreras. A survey on coveragepath planning for robotics.
Robotics and Autonomoussystems , 61(12):1258–1276, 2013.[24] Attila Hideg and Tam´as Lukovszki. Uniform dispersal ofrobots with minimum visibility range. In
InternationalSymposium on Algorithms and Experiments for SensorSystems, Wireless Networks and Distributed Robotics ,pages 155–167. Springer, 2017.[25] Andrew Howard, Maja J Matari´c, and Gaurav SSukhatme. An incremental self-deployment algorithmfor mobile sensor networks.
Autonomous Robots , 13(2):113–126, 2002.[26] Tien-Ruey Hsiang, Esther M Arkin, Michael A Bender,S´andor P Fekete, and Joseph SB Mitchell. Algorithmsfor rapidly dispersing robot swarms in unknown environ-ments. In
Algorithmic Foundations of Robotics V , pages77–93. Springer, 2004.27] Kurt Johansson. Shape fluctuations and random matrices.
Communications in Mathematical Physics , 209(2):437–476, feb 2000. doi: 10.1007/s002200050027. URL https://doi.org/10.1007/s002200050027.[28] Stefan Jorgensen, Robert H Chen, Mark B Milam, andMarco Pavone. The risk-sensitive coverage problem:Multi-robot routing under uncertainty with service leveland survival constraints. In , pages 925–932. IEEE, 2017.[29] Thomas Kriecherbauer and Joachim Krug. A pedestrian’sview on interacting particle systems, kpz universality andrandom matrices.
Journal of Physics A: Mathematicaland Theoretical , 43(40):403001, 2010.[30] Ajay D. Kshemkalyani and Faizan Ali. Efficient dis-persion of mobile robots on graphs. In
Proceedingsof the 20th International Conference on DistributedComputing and Networking , ICDCN ’19, pages 218–227, New York, NY, USA, 2019. ACM. ISBN 978-1-4503-6094-4. doi: 10.1145/3288599.3288610. URLhttp://doi.acm.org/10.1145/3288599.3288610.[31] Alberto Quattrini Li, Riccardo Cipolleschi, MicheleGiusto, and Francesco Amigoni. A semantically-informed multirobot system for exploration of relevantareas in search and rescue settings.
Autonomous Robots ,40(4):581–597, 2016.[32] Torgny Lindvall.
Lectures on the coupling method .Courier Corporation, 2002.[33] David Peleg. Distributed coordination algorithms formobile robot swarms: New directions and challenges. In
International Workshop on Distributed Computing , pages1–12. Springer, 2005.[34] Amanda Prorok and Alcherio Martinoli. A reciprocalsampling algorithm for lightweight distributed multi-robot localization. In , pages3241–3247. IEEE, 2011.[35] Hermann Rost. Non-equilibrium behaviour of a manyparticle process: Density profile and local equilibria.
Zeitschrift f¨ur Wahrscheinlichkeitstheorie und VerwandteGebiete , 58(1):41–53, 1981.[36] Martin Saska, Tomas Baca, Justin Thomas, Jan Chu-doba, Libor Preucil, Tomas Krajnik, Jan Faigl, GiuseppeLoianno, and Vijay Kumar. System for deployment ofgroups of unmanned micro aerial vehicles in gps-deniedenvironments using onboard visual relative localization.
Autonomous Robots , 41(4):919–944, 2017.[37] Frank Spitzer. Interaction of markov processes. In
Ran-dom Walks, Brownian Motion, and Interacting ParticleSystems , pages 66–110. Springer, 1991.[38] Craig A Tracy and Harold Widom. Asymptotics inasep with step initial condition.
Communications inMathematical Physics , 290(1):129–154, 2009.[39] Alan FT Winfield and Julien Nembrini. Safety innumbers: Fault tolerance in robot swarms.
Interna-tional Journal on Modelling Identification and Control , 1(ARTICLE):30–37, 2006.[40] Roi Yehoshua, Noa Agmon, and Gal A Kaminka.Robotic adversarial coverage: Introduction and prelimi-nary results. In , pages 6000–6005.IEEE, 2013.[41] Roi Yehoshua, Noa Agmon, and Gal A Kaminka.Frontier-based rtdp: A new approach to solving therobotic adversarial coverage problem. In
Proceedingsof the 2015 International Conference on AutonomousAgents and Multiagent Systems , pages 861–869. Inter-national Foundation for Autonomous Agents and Multi-agent Systems, 2015.I. F
AST U NIFORM D ISPERSION OF A S WARM -S UPPLEMENTARY A PPENDIX
Reminder:(a) If A Gi is not slow or settled at time t m , then d ( A Gi , t m ) ≥ d ( A P ( n ) i , t m ) .(b) If A P ( n ) i is slow or settled at time t m , then A Gi ( t m ) isslow or settled, and d ( A Gi , t m ) ≤ d ( A P ( n ) i , t m ) . A. Proof of Lemma III.9Proof:
Referring to the Lemma’s statement, we remindthat here “time t m ” refers to the configuration of agents at time t m before any scheduled events. Hence, even if something istrue at time t m , we still need to show that it remains true afterthe events that happen at time t m .Let A P ( n ) i be slow or settled at time t m . To show A P ( n ) i will not be deleted, it suffices to show the event order S willnot delete A Gi . (b) implies A Gi is settled or slow at time t m .Lemma III.7 says S never deletes slow agents. S never deletessettled agents of G as, in our model, agents are only deletedwhen they move, and S obeys the rules of the model whensimulated on G . Hence, S will not delete A Gi .Next we show that A P ( n ) i will not move as a result of anevent scheduled for time t m . If A P ( n ) i is settled, this is trueby definition. Otherwise, A P ( n ) i is slow. By assumption, (b) istrue at all times up to t m . Hence, by the same reasoning as theabove paragraph, agents of P ( n ) that became slow or settledat or prior to time t m have not been deleted. Consequently,the argument of Lemma III.7 applies also here, allowing us toconclude that agents cannot move after they become slow. Inparticular this applies to A P ( n ) i . B. Proof of Lemma III.10Proof:
Only one event occurs at time t m . This event iseither an uninterrupted activation of an agent (meaning theagent is not deleted), or an activation that leads to a deletion.If the event is a deletion, (a) holds at time t m +1 trivially, sowe assume that it is an uninterrupted activation.Let A Gi and A P ( n ) i be the agents that are activated at time t m . The depth of any other agent is unchanged, so we needonly verify (a) for these two agents. Assuming (a) it true attime t m , it is only possible for (a) to become false at time t m +1 if A Gi did not move, but A P ( n ) i did. We assume this isthe case.If A Gi does not move as a result of its activation at time t m ,then either it is settled, in which case (a) is true and we aredone, or there is a mobile agent at every neighbouring vertexin G ( t m ) . If A Gi is mobile and all of its neighbours are slowat time t m , then A Gi becomes slow at time t m +1 and (a) istrue. Otherwise there is a mobile agent, A Gj , that is preventing A Gi from moving and is not slow. We must have that d ( A Gi , t m +1 ) + 1 = d ( A Gj , t m +1 ) (3)Because A Gi and A Gj are always moving down a spanningtree T S of G , hence the depth of A Gj must be precisely onegreater than A Gi ’s in order to prevent movement. Because A Gj is not activated at time t m , (a) and (b) are stilltrue for it at time t m +1 . Because A Gj is not slow or settled,(a) implies that d ( A Gj , t m +1 ) ≥ d ( A P ( n ) j , t m +1 ) (4)And the contrapositive of (b) implies that A P ( n ) j is notsettled. However, consider the structure of the graph P ( n ) :if A P ( n ) j is mobile, then since it entered before A P ( n ) i , it mustbe further ahead. In particular, we must have d ( A P ( n ) j , t m +1 ) ≥ d ( A P ( n ) i , t m +1 ) + 1 (5)As otherwise A P ( n ) j would have prevented A P ( n ) i frommoving when activated at time t m .(In)equalities 3, 4 and 5 imply d ( A Gi , t m +1 ) ≥ d ( A P ( n ) i , t m +1 ) . This shows (a) is true at time t m +1 . C. Proof of Lemma III.11Proof:
As in Lemma III.10, we can assume that the eventat time t m is the uninterrupted activation of a pair of agents A Gi and A P ( n ) i , and we need only verify that (b) is still truefor this pair of agents. We separate our proof into cases. Case 1:
Assume A P ( n ) i is settled at time t m +1 . Because P ( n ) is a path graph and using Lemma III.9, A P ( n ) i can onlybe settled if every non-deleted agent that entered before it issettled behind it. At time t m +1 (b) is still true for all agentsother than A Gi and A P ( n ) i . Hence, it follows from (b) that forany non-deleted agent A Gj where j < i we have: d ( A Gj , t m +1 ) ≤ d ( A P ( n ) j , t m +1 ) (6)Algorithm 1 guarantees that any agent in G always neigh-bours a settled agent or is at the same location as a settledagent. Thus, we know that d ( A Gi , t m +1 ) ≤ d ( A Gj , t m +1 ) + 1 for some settled agent A j . Furthermore, this inequality musthold for some A Gj that entered before A Gi (i.e., j < i ), becauseany settled agent that entered after A Gi must have gone downa different branch of T S , otherwise it would be blocked by A Gi and unable to settle. Let j max = max j
Assume A P ( n ) i is slow and not settled at time t m +1 .If A P ( n ) i is slow at t m , then it follows from (b) that A Gi islow or settled at t m , and so activation cannot affect either ofthese agents, meaning (b) remains true at t m +1 and we aredone. Thus, we may assume A P ( n ) i is not slow at time t m .Using Lemma III.9, A P ( n ) i can only become slow at time t m +1 if all vertices behind it contain settled agents, and allvertices ahead of it contain two slow agents (one settled andone mobile). If d ( A P ( n ) i , t m ) is k there are n +( n − k ) = 2 n − k slow or settled agents in P ( n ) at time t m . These n − k agentsmust have entered P ( n ) before A P ( n ) i , because any agent thatenters after A P ( n ) i must pass it to become slow or settled, andthis is impossible because A P ( n ) i is not settled.Using (b) we learn from the above that in G , at time t m there are at least n − k settled or slow agents that enteredbefore A Gi . Of these, at least n − k agents are slow and mobile,and have greater depth than A Gi or are in a different branch of T S (because they arrived before A Gi and A Gi could not havepassed them). There are thus at most n − ( n − k ) = k vertices A Gi could have visited since entering G , meaning its depth isat most k , and we have d ( A Gi , t m ) ≤ d ( A P ( n ) i , t m ) .If this inequality is strict, then from statement (a) we learnthat A Gi is settled or slow, so (b) is true and we are done.Otherwise, d ( A Gi , t m ) = k . We saw there are (at least) n − k slow mobile agents in G that have greater depth than A Gi orare in a different branch of T S . From this, we infer that anydescendant of A Gi must contain a slow mobile agent, or that A Gi is at a leaf of T S and has no descendants. Thus, if A Gi is not already settled or slow, it will become slow after theactivation at time t m , since its slow descendants will preventit from moving. This completes the proof. D. Proof of Lemma III.13Proof:
Let A ∗ i be the copy of A i simulated over P ∗ ( ∞ ) .Let t , t , t , . . . be the meaningful event times of S . We showby induction that at any time t m , for all non-deleted agents:either A P ( ∞ ) i is settled or d ( A ∗ i , t m ) ≤ d ( A P ( ∞ ) i , t m ) (8)This implies any agent that enters P ∗ ( ∞ ) must have alreadyor concurrently entered P ( ∞ ) , completing the proof.The induction statement is trivially true at time t , as noevent has occurred yet. We assume it is true up to time t m ,and show it remains true at t m +1 .If the event scheduled for time t m was a deletion of someagent, the statement remains trivially true (as both simulatedversions of the agent are deleted). Otherwise, the scheduledevent is the uninterrupted activation of some pair of agents A ∗ i and A P ( n ) i .Any agent A j where j (cid:54) = i does not move, so we need onlyverify the inductive statement remains true for A ∗ i and A P ( n ) i .The only situation in which Inequality 8 is falsified at time t m +1 if it is true at time t m is if d ( A ∗ i , t m ) = d ( A P ( ∞ ) i , t m ) and A P ( ∞ ) i is mobile at time t m +1 , but A ∗ i manages to movewhereas A P ( ∞ ) i is blocked by a mobile agent A P ( ∞ ) j . Bythe inductive hypothesis, d ( A ∗ j , t m ) ≤ d ( A P ( ∞ ) j , t m ) . Because P ∗ ( ∞ ) is a path graph and j < i , we know that d ( A ∗ j , t ) >d ( A ∗ i , t ) at all times t after A ∗ j entered the environment. Hence,if d ( A ∗ i , t m ) = d ( A P ( ∞ ) i , t m ) and A P ( ∞ ) j blocks A P ( ∞ ) i , then A ∗ j must also block A ∗ i when it attempts to move. This showsthat the inductive hypothesis is correct at time t m +1 . E. Proof of Lemma III.14Proof:
Unlike Lemma III.13, here we count the numberof agents that enter P ∗ ( ∞ ) , and not the number of currentlyexisting agents that entered it. This means we count alsoagents that entered at P ∗ ( ∞ ) but were deleted. This differenceis necessary for the comparison, because agents cannot bedeleted from B .Despite this difference, the proof is very similar to LemmaIII.13. One shows by induction on the meaningful event times t , t , t , . . . that at any time t m , for any i such that A P ∗ ( ∞ ) i was not deleted we have: d ( A Bi , t m ) − i + 1 ≤ d ( A P ∗ ( ∞ ) i , t m ) (9)Note that d ( A Bi , t m ) − i +1 is the index of the vertex of A Bi at time t m . If A Bi crossed ( v , v ) we must have d ( A Bi , t m ) − i + 1 ≥ . Recalling that if A P ∗ ( ∞ ) i is outside of G at time t then d ( A P ∗ ( ∞ ) i , t ) = 0 , we see by (9) that crossing ( v , v ) can only happen if A P ∗ ( ∞ ) i entered P ∗ ( ∞ ) , or if A P ∗ ( ∞ ) i wasdeleted before entering. Hence, the Lemma follows from (9).Let us show (9) holds by induction. It holds trivially for all i at t . Now, assume (9) holds at time t m , and we will showit holds at time t m +1 .Suppose the pair of agents activated at t m is A P ∗ ( ∞ ) i and A Bi . Then these are the only agents for which (9) might befalse at t m +1 . Assuming (9) is true at t m , it can only becomefalse at t m +1 if d ( A Bi , t m ) − i + 1 = d ( A P ∗ ( ∞ ) i , t m ) , but A Bi successfully moves as a result of activation at time t m whereas A P ∗ ( ∞ ) i does not and also is not deleted. If A P ∗ ( ∞ ) i does not move this means some A P ∗ ( ∞ ) j , j < i is blocking it.Hence, we must have d ( A P ∗ ( ∞ ) j , t m +1 ) = d ( A P ∗ ( ∞ ) i , t m +1 )+1 . By the inductive hypothesis we have d ( A Bj , t m +1 ) − j +1 ≤ d ( A P ∗ ( ∞ ) j , t m +1 ) . Since j < i , A Bj is always ahead of A Bi , meaning d ( A Bi , t m +1 ) − i + 1 < d ( A Bj , t m +1 ) − j +1 . Combining these (in)equalities we get d ( A Bi , t m +1 ) − i +1 < d ( A P ∗ ( ∞ ) i , t m +1 ) + 1 , hence d ( A Bi , t m +1 ) − i + 1 ≤ d ( A P ∗ ( ∞ ) i , t m +1 ))