You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

258 lines
11 KiB

  1. // IPv4: PTA model with digitial clocks
  2. // one concrete host attempting to choose an ip address
  3. // when a number of (abstract) hosts have already got ip addresses
  4. // gxn/dxp/jzs 02/05/03
  5. // model is an mdp
  6. mdp
  7. // reset or noreset model
  8. const bool reset=false;
  9. //-------------------------------------------------------------
  10. // we suppose that
  11. // - the abstract hosts have already picked their addresses
  12. // and always defend their addresses
  13. // - the concrete host never picks the same ip address twice
  14. // (this can happen only with a verys small probability)
  15. // under these assumptions we do not need message types because:
  16. // 1) since messages to the concrete host will never be a probe,
  17. // this host will react to all messages in the same way
  18. // 2) since the abstract hosts always defend their addresses,
  19. // all messages from the host will get an arp reply if the ip matches
  20. // following from the above assumptions we require only three abstract IP addresses
  21. // (0,1 and 2) which correspond to the following sets of IP addresses:
  22. // 0 - the IP addresses of the abstract hosts which the concrete host
  23. // previously tried to configure
  24. // 1 - an IP address of an abstract host which the concrete host is
  25. // currently trying to configure
  26. // 2 - a fresh IP address which the concrete host is currently trying to configure
  27. // if the host picks an address that is being used it may end up picking another ip address
  28. // in which case there may still be messages corresponding to the old ip address
  29. // to be sent both from and to the host which the host should now disregard
  30. // (since it will never pick the same ip address)
  31. // to deal with this situation: when a host picks a new ip address we reconfigure the
  32. // messages that are still be be sent or are being sent by changing the ip address to 0
  33. // (an old ip address of the host)
  34. // all the messages from the abstract hosts for the 'old' address (in fact the
  35. // set of old addresses since it may have started again more than once)
  36. // can arrive in any order since they are equivalent to the host - it ignores then all
  37. // also the messages for the old and new address will come from different hosts
  38. // (the ones with that ip address) which we model by allowing them to arrive in any order
  39. // i.e. not neccessarily in the order they where sent
  40. //-------------------------------------------------------------
  41. //-------------------------------------------------------------
  42. // VARIABLES
  43. //const int N; // number of abstract hosts
  44. const int K=5; // number of probes to send
  45. const double loss; // probability of message loss
  46. // PROBABILITIES
  47. const double old; //=N/65024; // probability pick an ip address being used
  48. const double new = (1-old); // probability pick a new ip address
  49. // TIMING CONSTANTS
  50. const int CONSEC = 2; // time interval between sending consecutive probles
  51. const int TRANSTIME = 1; // upper bound on transmission time delay
  52. const int LONGWAIT = 60; // minimum time delay after a high number of address collisions
  53. const int DEFEND = 10;
  54. const int TIME_MAX_X = 60; // max value of clock x
  55. const int TIME_MAX_Y = 10; // max value of clock y
  56. const int TIME_MAX_Z = 1; // max value of clock z
  57. // OTHER CONSTANTS
  58. const int MAXCOLL = 10; // maximum number of collisions before long wait
  59. // size of buffers for other hosts
  60. const int B0 = 20; // buffer size for one abstract host
  61. const int B1 = 8; // buffer sizes for all abstract hosts
  62. //-------------------------------------------------------------
  63. // ENVIRONMENT - models: medium, output buffer of concrete host and all other hosts
  64. module environment
  65. // buffer of concrete host
  66. b_ip7 : [0..2]; // ip address of message in buffer position 8
  67. b_ip6 : [0..2]; // ip address of message in buffer position 7
  68. b_ip5 : [0..2]; // ip address of message in buffer position 6
  69. b_ip4 : [0..2]; // ip address of message in buffer position 5
  70. b_ip3 : [0..2]; // ip address of message in buffer position 4
  71. b_ip2 : [0..2]; // ip address of message in buffer position 3
  72. b_ip1 : [0..2]; // ip address of message in buffer position 2
  73. b_ip0 : [0..2]; // ip address of message in buffer position 1
  74. n : [0..8]; // number of places in the buffer used (from host)
  75. // messages to be sent from abstract hosts to concrete host
  76. n0 : [0..B0]; // number of messages which do not have the host's current ip address
  77. n1 : [0..B1]; // number of messages which have the host's current ip address
  78. b : [0..2]; // local state
  79. // 0 - idle
  80. // 1 - sending message from concrete host
  81. // 2 - sending message from abstract host
  82. z : [0..1]; // clock of environment (needed for the time to send a message)
  83. ip_mess : [0..2]; // ip in the current message being sent
  84. // 0 - different from concrete host
  85. // 1 - same as the concrete host and in use
  86. // 2 - same as the concrete host and not in use
  87. // RESET/RECONFIG: when host is about to choose new ip address
  88. // suppose that the host cannot choose the same ip address
  89. // (since happens with very small probability).
  90. // Therefore all messages will have a different ip address,
  91. // i.e. all n1 messages become n0 ones.
  92. // Note this include any message currently being sent (ip is set to zero 0)
  93. [reset] true -> (n1'=0) & (n0'=min(B0,n0+n1)) // abstract buffers
  94. & (ip_mess'=0) // message being set
  95. & (n'=(reset)?0:n) // concrete buffer (remove this update to get NO_RESET model)
  96. & (b_ip7'=0)
  97. & (b_ip6'=0)
  98. & (b_ip5'=0)
  99. & (b_ip4'=0)
  100. & (b_ip3'=0)
  101. & (b_ip2'=0)
  102. & (b_ip1'=0)
  103. & (b_ip0'=0);
  104. // note: prevent anything else from happening when reconfiguration needs to take place
  105. // time passage (only if no messages to send or sending a message)
  106. [time] l>0 & b=0 & n=0 & n0=0 & n1=0 -> (b'=b); // cannot send a message
  107. [time] l>0 & b>0 & z<1 -> (z'=min(z+1,TIME_MAX_Z)); // sending a message
  108. // get messages to be sent (so message has same ip address as host)
  109. [send] l>0 & n=0 -> (b_ip0'=ip) & (n'=n+1);
  110. [send] l>0 & n=1 -> (b_ip1'=ip) & (n'=n+1);
  111. [send] l>0 & n=2 -> (b_ip2'=ip) & (n'=n+1);
  112. [send] l>0 & n=3 -> (b_ip3'=ip) & (n'=n+1);
  113. [send] l>0 & n=4 -> (b_ip4'=ip) & (n'=n+1);
  114. [send] l>0 & n=5 -> (b_ip5'=ip) & (n'=n+1);
  115. [send] l>0 & n=6 -> (b_ip6'=ip) & (n'=n+1);
  116. [send] l>0 & n=7 -> (b_ip7'=ip) & (n'=n+1);
  117. [send] l>0 & n=8 -> (n'=n); // buffer full so lose message
  118. // start sending message from host
  119. [] l>0 & b=0 & n>0 -> (1-loss) : (b'=1) & (ip_mess'=b_ip0)
  120. & (n'=n-1)
  121. & (b_ip7'=0)
  122. & (b_ip6'=b_ip7)
  123. & (b_ip5'=b_ip6)
  124. & (b_ip4'=b_ip5)
  125. & (b_ip3'=b_ip4)
  126. & (b_ip2'=b_ip3)
  127. & (b_ip1'=b_ip2)
  128. & (b_ip0'=b_ip1) // send message
  129. + loss : (n'=n-1)
  130. & (b_ip7'=0)
  131. & (b_ip6'=b_ip7)
  132. & (b_ip5'=b_ip6)
  133. & (b_ip4'=b_ip5)
  134. & (b_ip3'=b_ip4)
  135. & (b_ip2'=b_ip3)
  136. & (b_ip1'=b_ip2)
  137. & (b_ip0'=b_ip1); // lose message
  138. // start sending message to host
  139. [] l>0 & b=0 & n0>0 -> (1-loss) : (b'=2) & (ip_mess'=0) & (n0'=n0-1) + loss : (n0'=n0-1); // different ip
  140. [] l>0 & b=0 & n1>0 -> (1-loss) : (b'=2) & (ip_mess'=1) & (n1'=n1-1) + loss : (n1'=n1-1); // same ip
  141. // finish sending message from host
  142. [] l>0 & b=1 & ip_mess=0 -> (b'=0) & (z'=0) & (n0'=min(n0+1,B0)) & (ip_mess'=0);
  143. [] l>0 & b=1 & ip_mess=1 -> (b'=0) & (z'=0) & (n1'=min(n1+1,B1)) & (ip_mess'=0);
  144. [] l>0 & b=1 & ip_mess=2 -> (b'=0) & (z'=0) & (ip_mess'=0);
  145. // finish sending message to host
  146. [rec] l>0 & b=2 -> (b'=0) & (z'=0) & (ip_mess'=0);
  147. endmodule
  148. //-------------------------------------------------------------
  149. // CONCRETE HOST
  150. module host0
  151. x : [0..TIME_MAX_X]; // first clock of the host
  152. y : [0..TIME_MAX_Y]; // second clock of the host
  153. coll : [0..MAXCOLL]; // number of address collisions
  154. probes : [0..K]; // counter (number of probes sent)
  155. mess : [0..1]; // need to send a message or not
  156. defend : [0..1]; // defend (if =1, try to defend IP address)
  157. ip : [1..2]; // ip address (1 - in use & 2 - fresh)
  158. l : [0..4] init 1; // location
  159. // 0 : RECONFIGURE
  160. // 1 : RANDOM
  161. // 2 : WAITSP
  162. // 3 : WAITSG
  163. // 4 : USE
  164. // RECONFIGURE
  165. [reset] l=0 -> (l'=1);
  166. // RANDOM (choose IP address)
  167. [rec] (l=1) -> 1: true; // get message (ignore since have no ip address)
  168. // small number of collisions (choose straight away)
  169. [] l=1 & coll<MAXCOLL -> 1/3*old : (l'=2) & (ip'=1) & (x'=0)
  170. + 1/3*old : (l'=2) & (ip'=1) & (x'=1)
  171. + 1/3*old : (l'=2) & (ip'=1) & (x'=2)
  172. + 1/3*new : (l'=2) & (ip'=2) & (x'=0)
  173. + 1/3*new : (l'=2) & (ip'=2) & (x'=1)
  174. + 1/3*new : (l'=2) & (ip'=2) & (x'=2);
  175. // large number of collisions: (wait for LONGWAIT)
  176. [time] l=1 & coll=MAXCOLL & x<LONGWAIT -> (x'=min(x+1,TIME_MAX_X));
  177. [] l=1 & coll=MAXCOLL & x=LONGWAIT -> 1/3*old : (l'=2) & (ip'=1) & (x'=0)
  178. + 1/3*old : (l'=2) & (ip'=1) & (x'=1)
  179. + 1/3*old : (l'=2) & (ip'=1) & (x'=2)
  180. + 1/3*new : (l'=2) & (ip'=2) & (x'=0)
  181. + 1/3*new : (l'=2) & (ip'=2) & (x'=1)
  182. + 1/3*new : (l'=2) & (ip'=2) & (x'=2);
  183. // WAITSP
  184. // let time pass
  185. [time] l=2 & x<2 -> (x'=min(x+1,2));
  186. // send probe
  187. [send] l=2 & x=2 & probes<K -> (x'=0) & (probes'=probes+1);
  188. // sent K probes and waited 2 seconds
  189. [] l=2 & x=2 & probes=K -> (l'=3) & (probes'=0) & (coll'=0) & (x'=0);
  190. // get message and ip does not match: ignore
  191. [rec] l=2 & ip_mess!=ip -> (l'=l);
  192. // get a message with matching ip: reconfigure
  193. [rec] l=2 & ip_mess=ip -> (l'=0) & (coll'=min(coll+1,MAXCOLL)) & (x'=0) & (probes'=0);
  194. // WAITSG (sends two gratuitious arp probes)
  195. // time passage
  196. [time] l=3 & mess=0 & defend=0 & x<CONSEC -> (x'=min(x+1,TIME_MAX_X));
  197. [time] l=3 & mess=0 & defend=1 & x<CONSEC -> (x'=min(x+1,TIME_MAX_X)) & (y'=min(y+1,DEFEND));
  198. // receive message and same ip: defend
  199. [rec] l=3 & mess=0 & ip_mess=ip & (defend=0 | y>=DEFEND) -> (defend'=1) & (mess'=1) & (y'=0);
  200. // receive message and same ip: defer
  201. [rec] l=3 & mess=0 & ip_mess=ip & (defend=0 | y<DEFEND) -> (l'=0) & (probes'=0) & (defend'=0) & (x'=0) & (y'=0);
  202. // receive message and different ip
  203. [rec] l=3 & mess=0 & ip_mess!=ip -> (l'=l);
  204. // send probe reply or message for defence
  205. [send] l=3 & mess=1 -> (mess'=0);
  206. // send first gratuitous arp message
  207. [send] l=3 & mess=0 & x=CONSEC & probes<1 -> (x'=0) & (probes'=probes+1);
  208. // send second gratuitous arp message (move to use)
  209. [send] l=3 & mess=0 & x=CONSEC & probes=1 -> (l'=4) & (x'=0) & (y'=0) & (probes'=0);
  210. // USE (only interested in reaching this state so do not need to add anything here)
  211. [] l=4 -> 1 : true;
  212. endmodule