P4K: A Formal Semantics of P4 and Applications

Programmable packet processors and P4 as a programming language for such devices have gained significant interest, because their flexibility enables rapid development of a diverse set of applications that work at line rate. However, this flexibility, combined with the complexity of devices and networks, increases the chance of introducing subtle bugs that are hard to discover manually. Worse, this is a domain where bugs can have catastrophic consequences, yet formal analysis tools for P4 programs / networks are missing. We argue that formal analysis tools must be based on a formal semantics of the target language, rather than on its informal specification. To this end, we provide an executable formal semantics of the P4 language in the K framework. Based on this semantics, K provides an interpreter and various analysis tools including a symbolic model checker and a deductive program verifier for P4. This paper overviews our formal K semantics of P4, as well as several P4 language design issues that we found during our formalization process. We also discuss some applications resulting from the tools provided by K for P4 programmers and network administrators as well as language designers and compiler developers, such as detection of unportable code, state space exploration of P4 programs and of networks, bug finding using symbolic execution, data plane verification, program verification, and translation validation.

[1]  Fernando Pedone,et al.  Paxos Made Switch-y , 2015, CCRV.

[2]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[3]  Ramesh Govindan,et al.  A General Approach to Network Configuration Analysis , 2015, NSDI.

[4]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[5]  Grigore Rosu,et al.  Semantics-based program verifiers for all languages , 2016, OOPSLA.

[6]  George Varghese,et al.  Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .

[7]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[8]  Ryan Beckett,et al.  Temporal NetKAT , 2016, PLDI.

[9]  Chucky Ellison,et al.  Defining the undefinedness of C , 2015, PLDI.

[10]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[11]  Grigore Rosu,et al.  RV-Match: Practical Semantics-Based Program Analysis , 2016, CAV.

[12]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[13]  Jitendra Padhye,et al.  CrystalNet: Faithfully Emulating Large Production Networks , 2017, SOSP.

[14]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[15]  Nate Foster,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[16]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[17]  Mukul R. Prasad,et al.  Delta-net: Real-time Network Verification Using Atoms , 2017, NSDI.

[18]  Chucky Ellison,et al.  An executable formal semantics of C with applications , 2011, POPL '12.

[19]  Daejun Park,et al.  KJS: a complete formal semantics of JavaScript , 2015, PLDI.

[20]  Michael Schapira,et al.  VeriCon: towards verifying controller programs in software-defined networks , 2014, PLDI.

[21]  Vyas Sekar,et al.  Testing stateful and dynamic data planes with FlowTest , 2014, HotSDN.

[22]  Pavlin Radoslavov,et al.  ONOS: towards an open, distributed SDN OS , 2014, HotSDN.

[23]  David Walker,et al.  SNAP: Stateful Network-Wide Abstractions for Packet Processing , 2015, SIGCOMM.

[24]  Grigore Rosu,et al.  An overview of the K semantic framework , 2010, J. Log. Algebraic Methods Program..

[25]  Hongkun Yang,et al.  Real-Time Verification of Network Properties Using Atomic Predicates , 2016, IEEE/ACM Trans. Netw..

[26]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[27]  George Varghese,et al.  Efficient Network Reachability Analysis Using a Succinct Control Plane Representation , 2016, OSDI.

[28]  Nishant Rodrigues,et al.  KEVM: A Complete Semantics of the Ethereum Virtual Machine , 2017 .

[29]  Nick Feamster,et al.  Detecting BGP configuration faults with static analysis , 2005 .

[30]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[31]  Anirudh Sivaraman,et al.  In-band Network Telemetry via Programmable Dataplanes , 2015 .

[32]  Yakov Rekhter,et al.  Mpls: Technology and Applications , 2000 .

[33]  George Varghese,et al.  Automatically verifying reachability and well-formedness in P4 Networks , 2016 .

[34]  Grigore Rosu,et al.  K-Java , 2015, POPL.

[35]  George Varghese,et al.  Checking Beliefs in Dynamic Networks , 2015, NSDI.

[36]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[37]  Brighten Godfrey,et al.  Predicting Network Futures with Plankton , 2017, APNet.