IEEE 802.3 CSMA/CD Protocol

mcpta 1.0

Please note: The syntax of the examples presented here is not compatible with current versions of mcpta. The mcpta download includes updated model files.

The IEEE 802.3 standards define portions of the Ethernet wired LAN technology, which uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD) to allow transmissions to be aborted early when a collision is detected.

Modelling

Our Modest model of the CSMA/CD protocol is based on the probabilistic timed automata given in the corresponding PRISM case study. The model's parameters are PD, the signal propagation delay, TD, the packet transmission delay, and BCMAX, the maximum value of the backoff counter.

Click to expand

// Modest model for the IEEE 802.3 CSMA/CD protocol
action send, send1, send2;
action end, end1, end2;
action busy, busy1, busy2;
action cd;

const int RED = 2; // reduction factor
const int PD = (int)(26 / RED); // signal propagation delay
const int TD = (int)(808 / RED); // packet transmission delay
const int ST = 2 * PD; // backoff time slot length
const int BCMAX = 1; // 1 or 2

// Properties
// Probabilistic reachability
// "with probability 1, eventually both stations send their packet correctly"
property P_1 = P(<> did(end1) && did(end2)) >= 1.0;

// Probabilistic time-bounded reachability
// "the minimum/maximum probability of both stations
// correctly delivering their packets by the deadline D"
const int D = (int)(1800 / RED);
property D_max = Pmax(<> did(end1) && did(end2) && time <= D);
property D_min = Pmin(<> did(end1) && did(end2) && time <= D);

// Expected reachability
// "the minimum/maximum expected time until both stations correctly deliver their packets"
property E_min = Tmin(did(end1) && did(end2));
property E_max = Tmax(did(end1) && did(end2));


process Medium()
{
   clock c;

   do {
      :: alt { :: send1 {= c=0 =} :: send2 {= c=0 =} };
         do {
            :: alt { :: end1 {= c=0 =} :: end2 {= c=0 =} }; // transfer finished
               urgent break
            :: when(c <= PD)
               alt { :: send1 {= c=0 =} :: send2 {= c=0 =} }; // collision
               invariant(c <= PD) cd {= c=0 =}; // collision detection
               urgent break
            :: when(c >= PD)
               alt { :: busy1 :: busy2 } // carrier is sensed busy
         }
   }
}

process Station()
{
   clock c;
   int bc limit [0..BCMAX];
   int backoff limit [0..pow(2, BCMAX + 1) - 1];

   invariant(c <= 0) send {= c=0 =};
   do {
      :: invariant(c <= TD) alt {
         :: when(c == TD) end {= c=0 =};
            urgent break
         :: cd {= c=0, bc=min(bc + 1, BCMAX) =};
            do {
               :: urgent {= backoff=DiscreteUniform(0, pow(2, bc + 1) - 1) =};
                  invariant(c <= backoff * ST) when(c == backoff * ST) alt {
                     :: send {= c=0 =}; urgent break
                     :: busy {= c=0, bc=min(bc + 1, BCMAX) =}
                  }
            }
         }
   }
}


par {
   :: Medium()
   :: relabel { send, end, busy } by { send1, end1, busy1 } Station()
   :: relabel { send, end, busy } by { send2, end2, busy2 } Station()
}

Properties

The following properties have been checked using the Modest model of the CSMA/CD protocol:

Probabilistic reachability properties

P_≥1: with probability 1, eventually both stations send their packet correctly
P(<> did(end1) && did(end2)) >= 1.0

Expected-time reachability properties

E_max: the maximum expected time until both stations correctly deliver their packets
T_max(did(end1) && did(end2))
E_min: the minimum expected time until both stations correctly deliver their packets
T_min(did(end1) && did(end2))

Probabilistic time-bounded reachability properties

D_max: the maximum probability of both stations correctly delivering their packets by the deadline D
P_max(<> did(end1) && did(end2) && time <= D)
D_min: the minimum probability of both stations correctly delivering their packets by the deadline D
P_min(<> did(end1) && did(end2) && time <= D)

Results and Performance

We checked the properties for PD = 26 µs, TD = 808 µs and BCMAX = 1. D was 1800 µs. We used PRISM 3.2 with the "sparse" engine, which performed best.

Results

The following table lists the model-checking results for the properties we checked.

	Result
P_≥1	true
E_max	1770 μs
E_min	1735 μs
D_max	0.872
D_min	0.729

State-space size

The following table lists the number of states in the underlying MDP for the Modest models, as reported by PRISM:

	States
Standard	22 991
Deadlines	12 165 193

Performance

The following table lists the model-checking time and memory usage, as reported by PRISM. All runs were performed on an Intel Core Duo T9300 (2.5 GHz) system. MC refers to the model construction time.

	Time	Memory
MC	5 s	-
P_≥1	3 s	n/a
MC	6 s	-
E_max	3 s	1441 kB
E_min	9 s	1441 kB
MC	267 s	-
D_max	760 s	305376 kB
D_min	230 s	305346 kB