Checking predicates - Bigraphs with sharing and applications in wireless networks

Recall that the structure of bigraphs can be described by BiLog as we showed in Chapter 2.

Some example formulae expressing properties of an arbitrary bigraph B are:

ϕ₁: B contains a node of control C, written B |= > ◦ (C ⊗ >) ◦ >.

ϕ₂: B |= ψ1 ◦ > ◦ ψ₂, i.e. B can be decomposed in two bigraphs satisfying formulae ψ1

and ψ₂, respectively.

ϕ₃: B contains two A-nodes that are not linked (but may be nested), B |= ((> ⊗ id_x,y) ◦ (A_x⊗ > ⊗ id_y) ◦ (id_y⊗ >) ◦ (A_y⊗ >) ◦ >.

Formula > it the tautology. It is satisfied by any bigraph.

In the following, we present informally how a class of predicates can be checked by reduction to bigraph matching. A similar approach was also adopted in [53].

The BiLog fragment we consider contains the formulae solely formed by operators ◦ and ⊗ and elements of Ω ∪ >. We write ϕ to indicate a formula in the fragment. Note that boolean operators and logical adjuncts are not allowed. Intuitively, any formula in this form contains one or more sub-formulae that can be used as a pattern in an instance of bigraph matching.

Take for instance predicate ϕ1 specified above. It is possible to check B |= ϕ1 by in-voking MATCH( eB, gP_ϕ₁), where the pattern, corresponding to sub-formula C, is a single ion,

i.e. P_ϕ₁ = C. Note that two concretions have to be used as input of the matching algorithm.

If the procedure returns a match, then the predicate is satisfied. Observe that the invocation of the matching algorithm is not necessary when C is substituted by any node-free formula because the predicate always holds.

Checking B |= ϕ2 is more complex and requires two instances of matching. To simplify the presentation, sub-formulae ψ1 and ψ2 are assumed to contain some node constant and

> does not occur in them. This allows for a straightforward construction of patterns P_ψ₁ and P_ψ₁. The first step is to invoke MATCH( eB, gP_ψ₁). If the algorithm is unable to identify a match, then predicate ϕ₂ is not satisfied. On the other hand, when a solution is returned, it is possible to build a decomposition

B = C ◦ (P_ψ₁⊗ id_I) ◦ D .

Recall that by definition, context C contains all the ancestors of the pattern, while parameter D contains all its descendants. Hence, predicate ϕ₂can be satisfied only if I = and context C is an identity. The second step consists of checking these constraints on the decomposition.

If they are satisfied, the third step is performed. It this phase, the second instance of matching arises. The pattern is specified by ψ₂, while the target is parameter D obtained in the previous steps. If an occurrence is identified, it is possible to build another decomposition:

D = C⁰◦ (P_ψ₂⊗ id_I⁰) ◦ D⁰ .

This time, ϕ₂ can be satisfied only if I⁰ = and parameter D⁰is an identity. Finally, B |= ϕ₂ if the constraints on the new decomposition are satisfied. Note that context C⁰ is the part of B being “matched by” >.

Predicate ϕ3 is checked by following a similar procedure. We briefly describe the steps required. The first instance of match checks whether an A-node is present in B. This is ne-cessary to verify sub-formula (> ⊗ id_x,y) ◦ (A_x⊗ > ⊗ id_y). The invocation is MATCH( eB, eP ) where the pattern is ion A_x. The resulting decomposition is

B = C ◦ (P ⊗ id_I) ◦ D .

Predicate ϕ3can be satisfied only if the context contains idx,yand y ∈ I. If these constraints are satisfied the procedure continues. In the second step, the existence of the second A-node in D is verified by invoking MATCH( eD, fP⁰) where the pattern is ion A_y. This checks sub-formula (id_y⊗ >) ◦ (A_y⊗ >) ◦ >. Similarly to the previous step, ϕ₃is satisfied only when it is possible to build a decomposition

D = C⁰◦ (P⁰⊗ id_I⁰) ◦ D⁰

such that context C⁰contains identity id_y.

The previous examples explain how to define inductively an algorithm to check a class of BiLog formulae. Summarising, matching instances correspond to the formulae generated by the following grammar:

are checked by imposing constraints on the decompositions resulting from the matching instances on ψ sub-formulae. This approach allows to minimise the number of matching instances if compared to an algorithm defined inductively on formulae generated by a gram-mar with only one non-terminal. Therefore, efficiency is improved. Finally, we regram-mark that boolean operators ∨ and ∧ can be supported by modifying procedure CTRL( , , ) and by iterated invocations of the matching algorithm.

We implemented the approach described above in BigraphER. Predicates in the BiLog fragment of interest are specified in the input model by the same syntactical constructs used for big declarations. Only an additional terminal to encode > need be introduced. Predic-ates are checked in the BFS loop in the rewriting engine. Every time a state is added to the graph, all the predicates in the model are checked against it. A labelling function is imple-mented by a hash table binding a state index to a set whose elements are the identifiers of the predicates that are satisfied by the state. Therefore, the graph together with the hash table can be interpreted as a Kripke structure or a labelled CTMC and temporal properties of the model can be checked.

5.4 Summary

In this chapter we described the implementation of the BigraphER system: a command-line tool and an OCaml library for the manipulation, simulation and visualisation of bigraphs with sharing. In Section 5.1, we discussed the architecture of the system and described the rˆole of its components. Section 5.2 was devoted to the analysis of the implementation details. We introduced an OCaml representation of concrete bigraphs, a SAT encoding of the matching algorithm and a rewriting engine capable of computing the dynamics of BRS and SBRS.

Finally, a method to check a class of BiLog predicate was introduced in Section 5.3.

In the next chapter we will present our first case study: a bigraphical model of the 802.11 CSMA/CA protocol. The command-line tool in the BigraphER system will be used to generate automatically the CTMC capturing the behaviour of an example networks of three machines.

Chapter 6 A bigraphical model of the 802.11 CSMA/CA RTS/CTS protocol

This chapter illustrates the applicability of stochastic bigraphs with sharing in the context of communication protocols for wireless networks. Namely, we present a bigraphical model of the IEEE 802.11 CSMA/CA with RTS/CTS protocol with support for arbitrary network topologies. The model enables for the automatic generation of the CTMC capturing the behaviour of any wireless network governed by this protocol. This in turn allows for the analysis of quantitative properties such as the probability of collision and the average number of transmissions before a data packet is successfully sent.

In Section 6.1 we discuss the suitability of a bigraphical representation for the protocol and we compare with related work on CSMA modelling and analysis. Section 6.2 contains an informal description of the protocol. In particular, we concentrate on the RTS/CTS ex-change mechanism. In Section 6.3, the structure of the bigraphs used in the model is defined.

We introduce controls and a sorting discipline allowing for a precise representation of wire-less networks with arbitrary topology. To facilitate the presentation, different colours and node shapes are used in the graphical notation to indicate nodes with different controls. In Section 6.4 the SBRS model of the protocol is given and we discuss some general problems of specifying behaviour with rewrite rules and our solution using priorities. We present only the graphical form of the stochastic reaction rules. The corresponding algebraic forms are given in Appendix C. Two sample executions (paths) of an example network of three sta-tions are given in Section 6.5. Section 6.6 describes the underlying CTMC resulting from the example, its computation using BigraphER, and some quantitative analysis results. A summary of the chapter is given in Section 6.7.

6.1 Introduction

Wireless local area networks (WLANs) have become hugely popular in recent years and play an increasingly important part in our everyday lives. The international standard IEEE 802.11 [36] was developed to enable the use of heterogeneous communication devices from different vendors within the same network. It specifies the physical layer (PHY) and a MAC (Media Access Control) layer based on CSMA/CA (Carrier Sense Multiple Access with Col-lision Avoidance). This differs from MAC layers for wired networks in which ColCol-lision De-tection (CSMA/CD) can be employed to prevent simultaneous transmission on the channel.

The reason is that stations of a wireless network cannot listen to their own transmission(s) and are therefore unable to detect collisions. The standard also defines an optional mechan-ism to reduce collisions called RTS/CTS (Request to Send / Clear to Send). We describe it in the next section.

WLANs exhibit behaviours that depend both on time and space. Hence, the double structure characterising bigraphs and their static-dynamic nature appear to be ideally suited to this domain. Moreover, bigraphs with sharing allow one to naturally model a crucial aspect of wireless networks: signal interference. This phenomenon occurs when a device is in the range of more than one signal. In other words, wireless networks are overlapping.

Some aspects of the CSMA protocol have been modelled previously: for example col-lision detection on Ethernet is modelled by a MDP (Markov Decision Process) in [26]. A similar approach was taken in [41] where probabilistic timed automata are used to model the basic two-way handshake mechanism¹ of the 802.11 protocol. The authors assume a fixed network topology consisting of two senders and two receivers. Furthermore, in their model there is exactly one shared signal, and thus each station can sense any other station. Proper-ties of the system are specified in CSL (Continuous Stochastic Logic) [2] and automatically verified using probabilistic model checker Prism [40]. The model we present here differs in the following significant ways: support for arbitrary network topologies, and explicit repres-entation of potentially overlapping wireless signals for all the stations in the network. These features are essential to represent networks in which two or more stations transmit to the same receiver and they cannot sense each other, thus causing a transmission collision. This is generally known in the literature as the hidden node problem. The topology of an example network suffering from the problem is drawn in Figure 6.3a, where the senders are A and C and the receiver is B.

1Note that this protocol is different from RTS/CTS.

Figure 6.1: The use of virtual channel sensing using CSMA/CA.

In document Bigraphs with sharing and applications in wireless networks (Page 111-117)