P 4 K : A Formal Semantics of P 4 and Applications

Programmable packet processors and P4 as a programming language for such devices have gained significant interest, because their flexibility enables rapid development of a diverse set of applications that work at line rate. However, this flexibility, combined with the complexity of devices and networks, increases the chance of introducing subtle bugs that are hard to discover manually. Worse, this is a domain where bugs can have catastrophic consequences, yet formal analysis tools for P4 programs / networks are missing. We argue that formal analysis tools must be based on a formal semantics of the target language, rather than on its informal specification. To this end, we provide an executable formal semantics of the P4 language in the K framework. Based on this semantics, K provides an interpreter and various analysis tools including a symbolic model checker and a deductive program verifier for P4. This paper overviews our formal K semantics of P4, as well as several P4 language design issues that we found during our formalization process. We also discuss some applications resulting from the tools provided by K for P4 programmers and network administrators as well as language designers and compiler developers, such as detection of unportable code, state space exploration of P4 programs and of networks, bug finding using symbolic execution, data plane verification, program verification, and translation validation.

[1]  Jitendra Padhye,et al.  CrystalNet: Faithfully Emulating Large Production Networks , 2017, SOSP.

[2]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[3]  Brighten Godfrey,et al.  Predicting Network Futures with Plankton , 2017, APNet.

[4]  Nishant Rodrigues,et al.  KEVM: A Complete Semantics of the Ethereum Virtual Machine , 2017 .

[5]  Mukul R. Prasad,et al.  Delta-net: Real-time Network Verification Using Atoms , 2017, NSDI.

[6]  G. Varghese,et al.  Efficient Network Reachability Analysis Using a Succinct Control Plane Representation , 2016, OSDI.

[7]  Grigore Rosu,et al.  Semantics-based program verifiers for all languages , 2016, OOPSLA.

[8]  George Varghese,et al.  Automatically verifying reachability and well-formedness in P4 Networks , 2016 .

[9]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[10]  Grigore Rosu,et al.  RV-Match: Practical Semantics-Based Program Analysis , 2016, CAV.

[11]  Hongkun Yang,et al.  Real-Time Verification of Network Properties Using Atomic Predicates , 2016, IEEE/ACM Transactions on Networking.

[12]  David Walker,et al.  SNAP: Stateful Network-Wide Abstractions for Packet Processing , 2015, SIGCOMM.

[13]  Fernando Pedone,et al.  Paxos Made Switch-y , 2015, CCRV.

[14]  Daejun Park,et al.  KJS: a complete formal semantics of JavaScript , 2015, PLDI.

[15]  Chucky Ellison,et al.  Defining the undefinedness of C , 2015, PLDI.

[16]  George Varghese,et al.  Checking Beliefs in Dynamic Networks , 2015, NSDI.

[17]  T. Millstein,et al.  A General Approach to Network Configuration Analysis , 2015, NSDI.

[18]  Grigore Rosu,et al.  K-Java , 2015, POPL.

[19]  Vyas Sekar,et al.  Testing stateful and dynamic data planes with FlowTest , 2014, HotSDN.

[20]  Pavlin Radoslavov,et al.  ONOS: towards an open, distributed SDN OS , 2014, HotSDN.

[21]  Michael Schapira,et al.  VeriCon: towards verifying controller programs in software-defined networks , 2014, PLDI.

[22]  Nate Foster,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[23]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[24]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[25]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[26]  Chucky Ellison,et al.  An executable formal semantics of C with applications , 2011, POPL '12.

[27]  Grigore Rosu,et al.  An overview of the K semantic framework , 2010, J. Log. Algebraic Methods Program..

[28]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[29]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[30]  Nick Feamster,et al.  Detecting BGP configuration faults with static analysis , 2005 .

[31]  Yakov Rekhter,et al.  Mpls: Technology and Applications , 2000 .

[32]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[33]  Anirudh Sivaraman,et al.  In-band Network Telemetry via Programmable Dataplanes , 2015 .

[34]  Daniel Davis Wood ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[35]  George Varghese,et al.  Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .

[36]  Brighten Godfrey,et al.  Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 15 Veriflow: Verifying Network-wide Invariants in Real Time , 2022 .