Integrated analysis of communication protocols by means of PLA formalism, Journal of Telecommunications and Information Technology, 2004, nr 4 by Pranevicius, Henrikas
Paper Integrated analysis
of communication protocols
by means of PLA formalism
Henrikas Pranevicius
Abstract—Aggregate approach and its possibilities for speci-
fication and analysis of computer network protocols are pre-
sented. The theoretical basis of the aggregate approach is
a piece-linear aggregate (PLA) for formal specification of sys-
tems. The advantage of that approach is that it permits to
create models both for analysis correctness of specifications
and simulation. Some methods that can be used for valida-
tion and verification of aggregate specifications are presented
also.
Keywords— piece-linear aggregates, ESTELLE/Ag specification
language, validation, simulation, communication protocols.
1. Introduction
The stage of formal specification is one of the most impor-
tant during the design of software of communication proto-
cols. Such formal specification is usually used for analysis
and implementation purposes. In the stage of analysis it is
necessary to resolve two tasks: analysis of logical correct-
ness and evaluation of the system functioning parameters.
Different mathematical schemes are used for creating for-
mal descriptions of systems, such as: different automate
models, Petri-nets, data flow and state transition diagrams,
temporal logic technique, abstract communicating methods
and other [1, 2].
When a formalization method is chosen, it is desirable
that both above mentioned analysis tasks could be resolved
on the bases of a single formal description. The aggre-
gate approach has such property and it has been success-
fully used both for correctness analysis and for simulation
of computer network protocols [3–5]. Specification lan-
guage ESTELLE/Ag and the specifications analysis tool
PRANAS-2 have been created on the base of the aggre-
gate method (Ag). There are some differences between
ESTELLE/Ag and the ESTELLE standard ISO: the piece-
linear aggregate model is used in ESTELLE/Ag. The use
of such a model instead of a finite-state automate, which is
the formal background of the standard ESTELLE, enables
to create models both for validation and simulation. This is
possible due to the special structure of the piece-linear ag-
gregate. Apart from the discrete components describing the
state of the modules, there are also continuous components
to control event-sequences in the module. These continuous
components are called operations. By means of operators,
sequences of actions are described, the intermediate results
of which are invisible on the outside. If such operation
sequence is being performed at a given instance of time
the corresponding operation is called “active”. Thus, an
individual module involves two types of events: arrival of
an input signal and completion of an active operation. The
specification analysis system PRANAS-2 consists of the fol-
lowing software tools: a specification editor, a validation
subsystem and a simulation subsystem. The editor provides
the capability to create a specification in ESTELLE/Ag.
The validation subsystem permits to construct a validation
model for the program generating the reachability graph.
After completing the construction of the reachability graph,
it is possible to verify the following specification charac-
teristics: completeness, deadlock freeness, boundedness,
absence of static deadlock, absence of dynamic deadlock,
termination.
The same specification changes are carried out when the
simulation model is creating. This is necessary in order to
define the duration of operations and to introduce additional
variables for gathering statistics about the evaluated system
parameters.
Section 2 describes the general principles of piece-linear
aggregates (PLA) formalism. Methods used for correct-
ness analysis of PLA specification are presented in Sec-
tion 3. Section 4 illustrates the use PLA formalism for
formal specification and integrated analysis of event driven
local computer network protocol.
2. General principles of the aggregate
approach
In the application of the aggregate approach for system
specification, the system is represented as a set of interact-
ing piece-linear aggregates. The PLA is taken as an object
defined by a set of states Z, input signals X , and output
signals Y . The aggregate functioning is considered in a set
of time moments t ∈ T . The state z ∈ Z, the input signals
x ∈ X , and the output signals y ∈ Y are considered to be
time functions. Apart from these sets, transition H and
output G operators must be known as well.
The state z ∈ Z of the piece-linear aggregate is the same
as the state of a piece-linear Markov process, i.e., z(t) =(
υ(t), zυ(t)
)
, where υ(t) is a discrete state component tak-
ing values on a countable set of values; and zυ(t) is a con-
tinues component comprising of zυ1(t), zυ2(t), . . . , zυk(t)
co-ordinates.
84
Integrated analysis of communication protocols by means of PLA formalism
When there are no inputs, the state of the aggregate changes
in the following manner:
υ(t) = const,
dzυ(t)
dt =−αυ ,
where αυ = (αυ1, αυ2, . . . , αυk) is a constant vector.
The state of the aggregate can change in two cases only:
when an input signal arrives at the aggregate or when a con-
tinuous component acquires a definite value. The theoret-
ical basis of piece-linear aggregates is their representation
as piece-linear Markov processes.
Aggregate functioning is examined on a set of time mo-
ments T = {t0, t1, . . . , tm, . . .} at which one or several events
take place, resulting in the aggregate state alternation. The
set of events E which may take place in the aggregate
is divided into two non-intersecting subsets E ′ = E ′ ∪E ′′.
The subset E ′ = {e′1, e
′
2, . . . , e
′
N} comprises classes
of events (or simply events) e′i, i = 1,N resulting from the
arrival of input signals from the set X = {x1,x2, . . . ,xN}.
The class of events e′′i = {e
′′
i j, j = 1,2,3, . . .}, where e′′i j is
an event from the class of events e′′i taking place the jth
time since the moment t0. The events from the subset E ′
are called external events. A set of aggregate input signals
is unambiguously reflected in the subset E ′, i.e., X → E ′.
The events from the subset E ′′ = {e′′1 ,e
′′
2 , . . . ,e
′′
f } are called
internal events, where e′′i = {e
′′
i j, j = 1,2,3, . . .}, i = 1, f are
the classes of the aggregate internal events. Here, f deter-
mines the number of operations taking place in the ag-
gregate. The events in the set E ′′ indicate the end of the
operations taking place in the aggregate.
The events of the subsets E ′ and E ′′ are called the evolu-
tionary events of the aggregate. The main evolution events
are sufficient for unambiguous determination of the aggre-
gate evolution. Apart from the basic evolutionary events,
auxiliary evolutionary events may be considered, which are
simultaneous to the basic ones and determine the start of
the operations.
For every class of events e′′i from the subset E ′′, control
sequences are specified
{ξ (i)j }, where ξ (i)j – the duration
of the operation, which is followed by the event e′′i j as well
as event counters
{
r(e′′i , tm)
}
, where r(e′′i , tm), i = 1, f is
the number of events from the class e′′i taken place in the
time interval [t0, tm].
In order to determine start and end moments of operation,
taking place in the aggregate the so-called control sums{
s(e′′i , tm)
}
,
{
w(e′′i , tm)
}
, i = 1, f are introduced, where
s(e′′i , tm) – the time moment of the start of operation fol-
lowed by an event from the class e′′i . This time moment is
indeterminate if the operation was not started; w(e′′i , tm) is
the time moment of the end of the operation followed by the
event from the class e′′i . In case of no priority operations,
the control sum w(e′′i , tm) is determined in the following
way: w(e′′i , tm) = s
′(e′′i , tm)+ξr(e′′i ,tm)+1, if at moment tm an
operation is taking place, which is followed by the event ei;
in the opposite case w(e′′i , tm) = ∞. The infinity symbol (∞)
is used to denote the undefined values of the variables.
Control sums determine only the possibility conditions for
the events after the moment tm, while the event occurrence
moments are not determined.
Let us specify the meaning of the co-ordinates of the ag-
gregate state. The discrete component of the state, υ(tm) ={
υ1(tm),υ2(tm), . . . ,υp(tm)
}
, presents the system state:
zυ(tm) =
{
w(e′′i , tm),w(e
′′
2 , tm), . . . ,w(e
′′
f , tm)
}
are control co-ordinates specifying the moment of evolu-
tionary events occurrence.
The control co-ordinate w(e′′i , tm) corresponds to every
each e′′i from the subset of events E ′′, while always
w(e′′i , tm)≥ tm.
The state co-ordinates z(tm) can change their values only at
discrete time moments tm , m = 1,2, . . . of event occurrence,
remaining fixed in each interval [tm, tm+1),m = 0,1,2, . . .
where t0 – the initial moment of system functioning.
When the state of the system z(tm), m = 0,1,2, . . ., is
known, the moment tm+1 of the following event is deter-
mined by a moment of input signal arrival to the aggregate
or by the equation:
tm+1 = min
{
w(e′′i , tm)
}
, 1 ≤ i ≤ f .
Class of the next event em+1 is specified by an input signal
if it arrives at the time moment tm+1 or is determined by
the control co-ordinate, which acquire minimal value at the
moment tm, i.e., if w(e′′i , tm) acquires minimal value, then
em+1 = e
′′
i .
The operator H states the new aggregate state:
z(tm+1) = H
[
z(tm),ei
]
, ei ∈ E ′∪E ′′.
The output signals yi from the set of output signals
Y = {y1, y2, . . . , ym} can be generated by an aggregate
only at occurrence moments of events from the subsets E ′
and E ′′. The operator G determines the content of the out-
put signals:
y = G
[
z(tm),ei
]
, ei ∈ E ′∪E ′′, y ∈ Y.
Further transition and output operators will be denoted
H(ei) and G(ei).
3. Correctness analysis of aggregate
specifications
3.1. Reachable states approach for aggregate model
validation
An essence of the reachable states method is a use of the
global state which is considered as a joint state of a sys-
tem after aggregate system composition. A graph of the
reachable states is created as oriented one: its nodes stand
for global states of the system, its arcs indicate the possible
transitions from one state to another. Initial and final states
must be specified in working out the graph. The resulting
85
Henrikas Pranevicius
states graph is used for an analysis of defined properties of
a system, as some of them are closely related with the graph
structure. The given validation method allows to investi-
gate general properties of a system such as boundedness,
absence of redundancy in specification, completeness, ab-
sence of static deadlocks, absence of dynamic deadlocks,
termination.
3.2. Invariant approach for aggregate model validation
A system invariant (I) is the assertion, which describes
correct system functioning and it must remain true in spite
of the events taking place and system transition from one
state to another.
The essence of the method is as follows: assertions are
formulated in relation to the co-ordinates of the aggregate
model so as to express the requirements for the system
functioning.
On the base of a conceptual model of an analysed system
we can describe system functioning by the event sequence,
which may be represented by the graph G(V ), where V is
a set of vertices and A = {ai j} is an adjacency matrix.
In this case V = {e1,e2, . . . ,en}, where ei is ith event, n is
a number of events. (eie j) 6= (e jei), i.e., the graph is ori-
ented.
The set of states, which the system may enter after the
event e1, is called as the ith set of possible states (SSi –
symbolic state). SSi =
{
z∈ Z|(∃z′)
(
(z′ ∈ Z)∧EPi(z′)∧(z =
Hi(z′,P))
)}
, where Z is a set of all possible system states,
EPi(z′) is an enabling predicate of the event ei in the state
z′, P is a set of probabilistic parameters of the system and
Hi is a transition operator determining the new system state
when the event ei occurs.
The system considered being in the symbolic state SSi only
if it is in the state z and z∈ SSi. Relying this SSi definition,
every event ei is related to the symbolic state SSi, therefore
replacing the set of vertices V in the graph G(V ) by V ′ =
{SS1,SS2, . . . ,SSn} while the adjacency matrix A remains
unchanged. We obtain the graph of symbolic states G(V ′)
which describes the system operation by determining the
possible set of states and transitions from one symbolic
state to another.
The presented formalization and analysis method will be
illustrated by example of specification and integrated anal-
ysis of timed protocol with slot reuse.
4. Specification, validation and
simulation of event-driven local
computer network protocol
4.1. Conceptual model of on event-driven local computer
network protocol
There are many computer communication applications re-
quiring high bandwidth and high reliability in operation,
which still allow simple and low cost implementation. This
type of network exists in robotics, vehicles, homes, etc.
These applications set restrictions on the system in terms
of usable hardware, cost, and cabling. Such networks are
in many cases meant for one special application and not
for a general purpose use. The number of stations is gen-
erally small compared with typical LAN applications, and
the variation in the number of stations is small during the
life cycle of the network.
Typical requirements for the media access protocols in these
applications are: high reliability of the environment, where
the electrical disturbance level is a high scalable bandwidth:
self-stabilizing properties; and simplicity combined with
low cost of implementation. Solutions based on the existing
media access standards do not meet these requirements in
many cases.
The protocol described by Sintonen is design to offer high
bandwidth while keeping the structure simple. The config-
uration is a physical bus, where stations form a logical ring.
The algorithm is based on the noticeable events on the bus
(hence the name event-driven bus protocol). The proto-
col is distributed, except in the initialization phase. Every
station listens to the bus and receives both the destination
address and the source address, and stores them in the reg-
isters DA and SA respectively. A station is also capable of
sending the bus and detecting the event frame ended. The
algorithm for sending and receiving is as follows.
Receiving:
When a station notices it’s own address in the DA field,
it receives the frame.
Sending:
When a station has a frame to send, it waits until it receives
the address of it’s predecessor in the SA of the frame. Then
it waits for the event frame ended. After that event, it waits
a time period D′,D′ ≤ 2d, where d is the end to end delay
of, the bus. Then it sends its frame, and waits for a time
delay D′,D′ > 2d to hear the next station begin sending.
When this happens, the sending phase is ended. If a station
has nothing to send its turn comes, it sends an empty no
data frame, a kind of a token, to pass the turn to next station
in sequence.
There is one station which initializes the ring, known as
the fixed control station. The control station can also detect
a failed station and is capable of executing a reconfiguration
algorithm to restore the normal operation of the ring.
5. Aggregate specification
of on event-driven local computer
network protocol
An aggregate schemes of a specification of an analyzed
event oriented protocol is depicted in Fig. 1. The aggregates
Station 0,Station 1, . . . ,Station (n− 1) depict the stations
86
Integrated analysis of communication protocols by means of PLA formalism
which are switched on to the network, and the aggre-
gate Bus describes the performance channel. Station 0 is
the controlling one. The signals that are transmitted be-
tween the aggregates have also been shown in Fig. 1.
Fig. 1. Aggregate scheme of a model.
Aggregate Station nr, nr = 1,n−1
1. Set of input signal
Xnr = { f r end(m), bus is oc, no data(m), f ail};
where: f r end(m) – end of the transmitting;
bus is oc – bus is occupied; no data (m) – no data
for transmission; st on – switching on of the station;
n – number o station; m – the number of station
where packet is sending.
2. Set of output signals Ynr = {y},
y ∈ {beg f r, end trans, no data, f ail};
where: beg f r – beginning of the frame transmitting;
end trans – end of the frame transmitting; no data –
no data for transmitting; f ail – station is switched
off.
3. Set of internal events
E ′′nr =
{
e′′1(taim DI), e′′2(taim D), e′′3(trans f r),
e′′4(arr f r), e′′5(swit o f )
}
;
where: e′′1(taim DI) – end of timer DI; e′′2(taim D) –
end of timer D; e′′3(trans f r) – end of the frame
transmitting; e′′4(arr f r) – moment of a frame arrival;
e′′5(swit o f ) – moment of the station switching.
4. Controlling sequences:
e′′i (. . .)→{ξi j}, i = 1, 5, j = 1, ∞;
where ξi j – duration of an operation, followed by the
event e′′i (. . .).
5. Discreet component of state
υ(tm) =
{
st(tm), actD(tm), sw(tm)
}
;
where: st(tm)∈ {0, 1}; 0 – no frame for transmitting,
1 – there is a frame for transmitting;
actD(tm) =
{
0, timer D is switched off;
1, timer D is switched on;
sw(tm) =
{
0, station is switched off;
1, station is switched on;
6. Initial state: st(t0) = 0; act D(t0) = 0; sw(t0) = 0;
w
(
e′′1(taim DI), t0
)
= ∞;
w
(
e′′2(taim D), t0
)
= ∞;
w
(
e′′3(trans f r), t0
)
= ∞;
w
(
e′′4(arr f r), t0
)
= t0 +ξ4 j;
w
(
e′′5(swit o f ), t0
)
= t0 +ξ5 j.
7. Transfer operators:
H
(
e′( f r end)): (The end of packet sending)
w
(
e′′1(taim DI), tm+1
)
= tm +ξ1 j
if sw(tm) = 1∧m = nr.
H
(
e′(bus is oc)
)
: (Bus is busy)
w
(
e′′2(taim D), tm+1
)
= ∞,
w
(
e′′4(arr f r), tm+1
)
= tm +ξ4 j,
act D(tm+1) = 0

 ,
if sw(tm) = 1∧act D(tm) = 1.
H
(
e′(no data)
)
: (There are no data for sending)
w
(
e′′1(taim DI), tm+1
)
= tm +ξ1 j
if sw(tm) = 1∧m = nr;
w
(
e′′2(taim D), tm+1
)
= ∞,
w
(
e′′4(arr f r), tm+1
)
= tm +ξ4 j,
act D(tm+1) = 0

 ,
if sw(tm) = 1∧act D(tm) = 1.
H
(
e′′1(taim DI)
)
: (Timer DI has expired)
w
(
e′′3(trans f r), tm+1
)
= tm +ξ3 j,
y = beg f r
}
,
if st(tm+1) = 1;
87
Henrikas Pranevicius
w
(
e′′2(taim D), tm+1
)
= tm +ξ2 j,
act D(tm+1) = 1,
y = no data

 ,
if st(tm+1) 6= 1.
H
(
e′′2(taim D)
)
: (Timer D has expired)
y = f ail .
H
(
e′′3(trans f r)
)
: (The end of packet sending)
st(tm+1) = 0;
w
(
e′′2(taim D), tm+1
)
= tm +ξ2 j ;
act D(tm+1) = 1;
y = end trans .
H
(
e′′4(arr f r)
)
: (The packet has arrived)
st(tm+1) = 1 .
H
(
e′′5(swit o f )
)
: (The station is seething of)
sw(tm+1) = 0;
w
(
e′′1(taim DI), tm+1
)
= ∞ ;
w
(
e′′2(taim D), tm+1
)
= ∞ ;
w
(
e′′3(trans f r), tm+1
)
= ∞ ;
w
(
e′′4(arr f r), tm+1
)
= ∞ ;
act D(tm+1) = 0;
st(tm+1) = 1 .
Aggregate Station 0
The functioning of this aggregate is similar to that of the
aggregate Station nr. Therefore, only the differences are
presented in respect to the agregate Station nr.
1. Set of input signals:
X0 = Xnr \{st on}∪{ f ail(m)};
where: Xnr – set of input signal of aggregate Sta-
tion nr; m – is the number of the stations switched
on.
2. Set of output signals:
Y0 = Ynr \{ f ail}∪{new st(m)};
where: Ynr – set of output signal of aggregate Sta-
tion nr; m – the number of the switched on station.
3. Set of internal events:
E ′′0 = E
′′
nr \
{
e′′5(swit o f f ), e′′7(taim T )
}
∪
{
e′′8i(swit on), . . . ,e′′8,n−1(swit on)
}
;
where: e′′7(taim T ) – end of timer T ; e′′8i(swit on) –
ith station switched on.
4. Controlling sequences for the events are introduced
e′′7(. . .) and e
′′
8i(. . .):
e′′7(taim T ) 7→ {T};
e′′8i(swit on) 7→ {ξi j}, i = 1, n−1, j = 1, ∞;
where: ξ8i j – the operation duration after finishing of
which the ith station is switched on; T – the duration
of timer T .
5. Discrete component of state
υ(tm) =
{
st(tm), actD(tm)
}
.
6. Initial state:
act D(t0) = 1; st(tm) = 0;
w
(
e′′7(taim D), t0
)
= t0 +T ;
w
(
e′′8i(swit on), t0
)
= ∞, i = 1, n−1.
7. Transfer operators:
H
(
e′( f r end)): (Bus is busy)
w
(
e′′(taim DI), tm+1
)
= tm +ξ1 j,
act DI(tm+1) = 1
}
,
if m = nr ;
w
(
e′′7(taim T ), tm+1
)
= tm +T,
if m 6= nr .
H
(
e′(bus is oc)
)
: (Bus is occupied)
w
(
e′′7(taim T )
)
= tm +T
w
(
e′′2(taim D), tm+1
)
= ∞ ,
w
(
e′′4(arr f r), tm+1
)
= tm +ξ4 j
act D(tm+1) = 0

 ,
if act D(tm+1) = 1.
H
(
e′(no data)
)
: (There are no data for sending)
w
(
e′′1(taim DI), tm+1
)
= tm +ξ1 j,
w
(
e′′7(taim T ), tm+1
)
= ∞,
w
(
e′′2(taim D), tm+1
)
= ∞,
act DI(tm+1) = 1,
act D(tm+10) = 0


,
if m = 0;
w
(
e′′2(taim D), tm+1
)
= ∞,
w
(
e′′4(arr f r), tm+1
)
= tm +ξ4 j,
act D(tm+1) = 0

 ,
if m = 0∧act D(tm) = 1;
w
(
e′′7(taim T ), tm+1
)
= tm +T.
H
(
e′( f ail)): (The station is)
w
(
e′′8m
(
swit on(m)
))
= tm +ξm j.
H
(
e′′1(taim DI)
)
: (End of timer DI)
act DI = 0;
w
(
e′′3(trans f r), tm
)
= tm +ξ3 j,
y = beg f r
}
,
if st(tm+1) = 1;
w
(
e′′2(taim D), tm
)
= tm +ξ2 j,
act D(tm+1) = 1,
y = no date

 ,
if st(tm+1) 6= 1 .
H
(
e′′2(taim D)
)
: (The end of timer D)
act D(tm+1) = 0;
w
(
e′′1(taim DI), tm+1
)
= tm +ξ1 j,
act DI(tm+1) = 1;
w
(
e′′4(arr f r), tm+1
)
= tm +ξ4 j;
y = f ail .
H
(
e′′3(trans f r)
)
: (The transmission of packet has
ended)
st(tm+1) = 0;
w
(
e′′(taim D), tm+1
)
= tm +ξ2 j,
act D(tm+1) = 1;
y = end trans .
H
(
e′′4(arr f r)
)
: (The packet has arrived)
st(tm+1) = 1.
88
Integrated analysis of communication protocols by means of PLA formalism
H
(
e′′7(taim T )
)
: (The timer T has expired)
w
(
e′′1(taim DI), tm+1
)
= tm +ξ1 j ;
act DI(tm+1) = 1 .
H
(
e′′8k
(
swit on(k)
))
: (The station is switching on)
y = new st(k +1).
Aggregate Bus
1. Set of input signals:
X =
{
[beg f r, end trans, no data, new st(m)]0,
[beg f r, end trans, no data, f ail]1, . . . ,
[beg f r, end trans, no data, f ail]n−1
}
.
2. Set of output signals:
Y =
{
[ f r end(m), bus is oc, no data(m), f ail(m)]0,
[ f r end(m), bus is oc,st on, no data(m)]1, . . . ,
[ f r end(m), bus is oc,st on, no data(m)]n−1
}
.
3. Set of internal events E ′′ = ∅.
4. State υ(tm) =
{
qi(tm), i = 1, N, kan(tm)
}
;
where: qi(tm) ∈ {1, 2, . . . , N}; qi(t) – the number of
successor for the ith station;
kan(tm) =
{
0, channel is idle;
1, channel is occupied.
5. Initial state:
kan(t0) := 0; i := 1;
while i < n do begin qi(t0) := i+1; i := i+1; end.
6. Transfer operators:
H
[
e′1k
(
new st(p)
)]
: k = 2, n; (New station)
i := p;
if i = n then i := 0;
while qi(tm) = 0 do begin i := i+1;
if i = n
then i := 0; end;
j := 1;
while q j(tm) 6= i+1 do j := j +1;
q j(tm+1) := p; qp(tm+1) := i+1;
yp := st on .
H
[
e′2k(beg f r)
]
: k = 1, n ; (The start of packet send-
ing)
kan(tm+1) := 1;
for i := 1 to n do
if i 6= k and qi(tm) > 0 then
yi := bus is oc .
H
[
e′3k(end trans)
]
: k = 1, n (The end of packet
transmission)
kan(tm+1) := 0;
for i := 1 to n do
if i 6= k and qi(tm) > 0 then
yi := f r end
[
qk(tm)
]
.
H
[
e′4k(no data)
]
: k = 1, n (There are no data for
sending)
for i := 1 to n do
if i 6= k and qi(tm) > 0 then
yi := no data
[
qk(tm)
]
.
H
[
e′5k( f ail)
]
: k = 2, n (The station is switching of)
y1 := f ail[k];
i := 1
while q j(tm) 6= k do i := i+1;
qi(tm+1) := qk(tm);
qk(tm+1) := 0 .
5.1. Results of validation and simulation
The correctness of the created specification was investigated
by means of protocol analysis system PRANAS-2. This
system permitted one to investigate general protocol prop-
erties such as: completeness; deadlock freeness; bounded-
ness; cyclic behavior; termination.
Table 1
Example of validation
{32} L: 2 3 1 0
MO: 1 0 1 1 0 1 3
Tim T Arr fr Taim DI
M[1]: 2 0 0 0 1 1
Swit of Arr fr
M[2]: 3 0 0 0 1 1
Swit of Arr fr
↓ Taim DI in MO
{58} L: 2 3 1 1
MO: 1 0 0 1 1 1 3
Tim T Arr fr Trans fr
M[1]: 2 0 0 0 1 1
Swit of Arr fr
M[2]: 3 0 0 0 1 1
Swit of Arr fr
↓ Trans Fr in MO
{104} L: 2 3 1 0
MO: 1 1 0 1 0 0 3
Tim T Arr fr Taim D
M[1]: 2 0 0 1 1 1
Swit of Arr fr Taim DI
M[2]: 3 0 0 0 1 1
Swit of Arr fr
↓ Taim DI in M1
{79} L: 2 3 1 1
MO: 1 0 0 1 0 0 3
Tim T Arr fr Taim D
M[1]: 2 0 1 0 1 1
Swit of Arr fr Trans fr
M[2]: 3 0 0 0 1 1
Swit of Arr fr
↓ Trans fr in M1
{150} L: 2 3 1 0
MO: 1 0 0 1 0 0 3
Tim T Arr fr Taim D
M[1]: 2 1 0 0 1 0
Swit of Arr fr Taim D
M[2]: 3 0 0 1 1 1
Swit of Arr fr Taim DI
↓ Taim DI in M1
{92} L: 2 3 1 1
MO: 1 0 0 1 0 0 3
Tim T Arr fr
M[1]: 2 0 0 0 1 0
Swit of Arr fr
M[2]: 3 0 1 0 1 1
Swit of Arr fr Trans fr
In Table 1, some validation results are represented. The
numbers included in brackets {. . . } refer to the number
of the state. Numbers written after L, MO and M[i] have
89
Henrikas Pranevicius
the following meanings of discrete and continuous coordi-
nates of state:
L: q1; q2; q3; kan;
MO: nr; act D; act DI; act T;
act trans fr; st; n act;
M[i],i=1,2: nr; act D;
act trans fr; act DI;sw;st.
5.2. Simulation results
Simulation results are represented in Table 2. The param-
eters of the model are the following: Taim Frame – dura-
tion of frames; Taim Head – duratin of the head of frames;
Taim D – duration of the timer D; Taim DI – duration of the
timer DI; Taim T – duration of timer T ; V – velocity of the
channel; n – number of stations; Arr Frame – parameter
of a puasonian input stream; T swit on and T swit off –
intensity of operations swit on and swit off, which
have exponential distributions.
Characteristics of the model: T Wait – the mean value of
transmitting a frame including the waiting time; L Wait –
mean value of the waiting time; K Useful – coefficient uti-
lization of a channel; K Full – coefficient of full utilization
of a channel.
Table 2
Simulation results
Taim Frame = 800 bit, Taim Head = 160 bit,
Tau Data = 4 bit, Taim D = 0.0000025 s,
Taim DI = 0.0000012 s, Taim T = 100 s,
T swit on = T swit of = 0.
1. V = 10000000 bit/s, Arr Frame = 0.001 s
n T Wait L Wait R Use f ul K Full
2 0.00011 0.00001 0.1418 0.8323
4 0.00013 0.00003 0.2806 0.8639
6 0.00016 0.00006 0.4118 0.8939
8 0.00019 0.00010 0.5297 0.9207
10 0.00025 0.00016 0.6304 0.9437
2. V = 50000000 bit/s, Arr Frame = 0.001 s
n T Wait L Wait R Use f ul K Full
2 0.00002 0.00000 0.0307 0.4639
4 0.00002 0.00001 0.0611 0.4831
6 0.00003 0.00003 0.0917 0.5025
8 0.00003 0.00001 0.1219 0.5217
10 0.00003 0.00001 0.1529 0.5413
3. V = 50000000 bit/s, Arr Frame = 0.000135 s
n T Wait L Wait R Use f ul K Full
2 0.00002 0.00000 0.0212 0.5921
4 0.00003 0.00001 0.3848 0.6882
6 0.00004 0.00002 0.5399 0.7864
8 0.00006 0.00004 0.6513 0.8569
10 0.00009 0.00007 0.7160 0.8979
6. Conclusions
The presented method of formal specification permits on
the base of single specification to carry out validation gen-
eral and individual properties and simulation. It permits to
investigate the analysed system more thoroughly.
References
[1] G. I. Holzmann, “The model checker SPIN”, IEEE Trans. Softw. Eng.,
vol. 23, no. 5, pp. 279–295, 1997.
[2] B. P. Zeigler, Theory of Modelling and Simulation. New York: Aca-
demic Press, 2000.
[3] H. Pranevicius, “Aggregate approach for specification, validation, sim-
ulation and implementation of computer network protocols”, in LNCS,
Berlin: Springer-Verlag, 1991, vol. 502, pp. 433–477.
[4] H. Pranevicius, V. Pilkauskas, and A. Chmieliauskas, “Aggregate ap-
proach for specification and analysis of computer network protocols”,
Technologija, Kaunas University of Technology, 1994.
[5] H. Pranevicius, “Formal specification and analysis of distributed sys-
tems”, in Lecturer Notes “Applications of AI to Production Engineer-
ing”, Technologija, Kaunas, 1997, pp. 269–322.
[6] H. Pranevicius, “Formal specification and analysis of distributed sys-
tems”, J. Intell. Manuf., no. 9, pp. 559–569, 1998.
Henrikas Pranevicius is a Pro-
fessor of the Kaunas Univer-
sity of Technology and the Head
of Business Informatics Depart-
ment. He is habilituated doctor
of Technical Sciences at Ryga
Electronic and Computer Tech-
nics Institute sinice 1984 and
doctor of science from Kau-
nas Politechnical Institute since
1970. Area of his research ac-
tivity is: formal specification, validation and simulation of
distributed systems including telecommunication and logis-
tic systems. The theoretical background of investigation is
piece-linear aggregate formalism, which permits to use the
single formal specification for models development both for
performance and behaviour analysis.
e-mail: hepran@if.ktu.lt
Kaunas University of Technology
Studentu st 50
LT-51368 Kaunas, Lithuania
90
