Dynamic Link Properties

of the stations; in particular, if a station moves thus far from the AP that no more frames will be received. Inconsistency of the failures raises another important issue, especially in cooperative applications. Inconsistent failures leave the intended recipients of the frame in inconsistent states, which may lead to inconsistent actions of the stations.

Summarizing we assume a synchronous system model with omission failures. This holds for both the process and the communication model. For both, a timely predictable behavior is assumed since the services have timing specification and do not exhibit timing failures.

While our CPU scheduling achieves this for the process model, the basic medium proper-ties under the PCF ensure it for the communication model. We do not assume a limit on the number of omission failures as part of the basic system model. Thus, the general model presented so far does not allow realizing a reliable and timely communication between the stations. In fact, in a wireless network with mobile stations, this cannot be ensured for all stations and at all times. For which stations such a service can be provided and for which not depends on the dynamically changing link properties, which will be considered in the following sub-section.

sta-tions (a formal definition will be presented below). Beyond this area, there is an area wherein stations, may still receive frames from AP, and vice versa, but without any upper bound on the number of omissions between the receptions of two frames. Such stations are called partially valid stations. Stations beyond this area, called invalid stations, receive no frames at all from the AP and the AP receives no frames from these stations. As a matter of fact, the boundaries between these areas are not as clear as the figure may suggest. More-over, we should thing of them as being time varying since they depend on environmental settings, which are subject to change.

AP

bounded omissions

link crash unknown no.

of omissions invalid

partially valid

valid

Figure 4-13. Omission failures in the AP’s environment

So far, we noticed that reliable and timely communication services can only be provided as long as the number of omission failures is bounded and that we cannot assume that the number of omission failures is bounded in general. Nevertheless, as Figure 4-13 suggests, there are stations that can communicate with the AP with a bounded number of omissions failures. Now, the idea is to require the protocols to provide their services in time to these valid stations. Regarding stations that are not valid, it must be ensured that

• The presence of such stations does not prevent the protocols from providing a timely service to the valid stations, and

• The service provided to these stations fulfills certain safety requirements.

In this approach, the protocols have two kinds of properties: safety and progress properties.

Safety properties require that if a service is provided it adheres to certain safety require-ments; for example, if messages are delivered they are delivered in the correct order. The protocols ensure that safety properties hold for all stations at all times, no matter whether they are valid or not. Progress properties, on the other hand, require that a service is actu-ally provided and within a given time bound; for example, that a message is delivered to its intended recipients in bounded time. The protocols ensure progress properties for valid stations only. Thus, progress properties are conditional properties.

Validity, invalidity, and partial validity are not static properties of the stations. Mobile stations are expected to move from area to area and hence to change from invalid to par-tially valid, from parpar-tially valid to valid, and so forth. Moreover, as explained above, the areas themselves may change dynamically such that even a station at a fixed location may change its state.

In the following we present a formal definition of validity and invalidity. We will define two special kinds of validity. One (Polling Validity) considers the poll-reply styled com-munication that allows clients to transmit messages to the AP. Remember that each client is expected to transmit a frame, called reply frame in the definitions, to the AP in response to each polling frame it receives. The other kind of validity considers the transmission of messages from the AP to the stations. We define the constant δm := δframe + δsched, which denotes the maximum delay between the time a frame is sent and the time at which it has been processed at the receiving station.

Given a constant OD we define:

Definition 4-1 (Polling Valid). For all stations si and all times t, t' with t < t', si is polling valid during [t,t'] if and only if for each sequence of OD+1 consecutive polling frames the AP sends to si during [t,t'-(δm + δframe)] it receives at least one reply frame from si.

Definition 4-2 (Receive Valid). For all stations si, and all times t, t' with t < t', si is re-ceive valid during [t,t'] if and only if the following holds: If a protocol entity at the AP sends a message in at least OD+1 frames to si during [t,t'- δm], si processes at least one of these frames.

Definition 4-3 (Valid). For all stations si, and all times t, t' with t < t', si is valid during [t,t'] if and only if it is polling valid and receive valid during [t,t'].

Definition 4-4 (Invalid). For all stations si and times t, t' with t < t', si is invalid during [t,t'] if and only if each frame si sends during [t,t'-δm] is not processed at the AP and vice versa.

The definition of “invalid” is not the negation “valid”. There may be intervals, during which a station is neither valid nor invalid, in which case it is called partially valid. Fur-thermore, during intervals in which only few frames are transmitted, both predicates may be true. For example, if less than OD+1 polling frames are sent to si during an interval I, si

could be valid or invalid. However, as long as we know that the protocols ensure certain properties if a station is valid during an interval of a specified length, it is not of so much interest that the station could also be viewed as being invalid during a fraction of the inter-val. In the remainder of the thesis we will usually omit the interval and only talk of valid or invalid stations where it is clear from the context which intervals are relevant. For exam-ple, if the transmission of some message is considered, the relevant interval is [t,t'+δm], being t the time of the first and t' the time of the last transmission of the message.

As will be pointed out in Section 4.4, the presented model is similar to timed asynchronous system model (Cristian and Schmuck 1995,Cristian 1996,Cristian and Fetzer 1999). In particular, the ideas of using predicates to describe the connectivity status of stations and to condition progress properties on these predicates are inspired by this work.