Dataplane equivalence and its applications

We present the design and implementation of netdiff, an algorithm that uses symbolic execution to check the equivalence of two network dataplanes modeled in SEFL [42]. We use netdiff to find new bugs in Openstack Neutron, to test the differences between related P4 programs and to check the equivalence of FIB updates in a production network. Our evaluation highlights that equivalence is an easy way to find bugs, scales well to relatively large programs and uncovers subtle issues otherwise difficult to find.

[1]  Kesha Hietala Detecting Behaviorally Equivalent Functions via Symbolic Execution , 2016 .

[2]  Zhendong Su,et al.  Automatic mining of functionally equivalent code fragments via random testing , 2009, ISSTA.

[3]  Costin Raiciu,et al.  OpenStack networking for humans: Symbolic execution to the rescue , 2016, 2016 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN).

[4]  George Varghese,et al.  Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .

[5]  Yuanyuan Zhou,et al.  CP-Miner: A Tool for Finding Copy-paste and Related Bugs in Operating System Code , 2004, OSDI.

[6]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[7]  Peter M. Athanas,et al.  p4pktgen: Automated Test Case Generation for P4 Programs , 2018, SOSR.

[8]  Dawson R. Engler,et al.  Under-Constrained Symbolic Execution: Correctness Checking for Real Code , 2015, USENIX Annual Technical Conference.

[9]  Amin Vahdat,et al.  A scalable, commodity data center network architecture , 2008, SIGCOMM '08.

[10]  Shinji Kusumoto,et al.  CCFinder: A Multilinguistic Token-Based Code Clone Detection System for Large Scale Source Code , 2002, IEEE Trans. Software Eng..

[11]  Arutyun Avetisyan,et al.  Scalable and accurate detection of code clones , 2016, Programming and Computer Software.

[12]  Jean-Baptiste Jeannin,et al.  Correct by Construction Networks Using Stepwise Refinement , 2017, NSDI.

[13]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[14]  George Varghese,et al.  Compiling Packet Programs to Reconfigurable Switches , 2015, NSDI.

[15]  Marco Canini,et al.  FatTire: declarative fault tolerance for software-defined networks , 2013, HotSDN '13.

[16]  Alexandra Silva,et al.  A Coalgebraic Decision Procedure for NetKAT , 2015, POPL.

[17]  Jens Palsberg,et al.  The essence of compiling with traces , 2011, POPL '11.

[18]  Costin Raiciu,et al.  Debugging P4 programs with vera , 2018, SIGCOMM.

[19]  Ofer Strichman,et al.  Regression Verification - A Practical Way to Verify Programs , 2005, VSTTE.

[20]  Kathi Fisler,et al.  The Margrave Tool for Firewall Analysis , 2010, LISA.

[21]  Russell J. Clark,et al.  Kinetic: Verifiable Dynamic Network Control , 2015, NSDI.

[22]  Martín Casado,et al.  The Design and Implementation of Open vSwitch , 2015, NSDI.

[23]  Nick McKeown,et al.  p4v: practical verification for programmable data planes , 2018, SIGCOMM.

[24]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[25]  George Candea,et al.  Efficient state merging in symbolic execution , 2012, Software Engineering.

[26]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[27]  Ramesh Govindan,et al.  A General Approach to Network Configuration Analysis , 2015, NSDI.

[28]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[29]  Alvin Cheung,et al.  Packet Transactions: High-Level Programming for Line-Rate Switches , 2015, SIGCOMM.

[30]  Kirill Levchenko,et al.  Uncovering Bugs in P4 Programs with Assertion-based Verification , 2018, SOSR.

[31]  Matei Popovici,et al.  Verifying large-scale networks using NetCheck , 2017, 2017 European Conference on Networks and Communications (EuCNC).

[32]  Samuel T. King,et al.  Debugging the data plane with anteater , 2011, SIGCOMM 2011.

[33]  Salvatore Pontarelli,et al.  FlowBlaze: Stateful Packet Processing in Hardware , 2019, NSDI.

[34]  George Varghese,et al.  Checking Beliefs in Dynamic Networks , 2015, NSDI.

[35]  Costin Raiciu,et al.  SymNet: Scalable symbolic execution for modern networks , 2016, SIGCOMM.

[36]  Sorin Lerner,et al.  Proving optimizations correct using parameterized program equivalence , 2009, PLDI '09.