Abstract
P4 is a domain-specific language for programming and specifying packet-processing systems. It is based on an elegant design with high-level abstractions like parsers and match-action pipelines that can be compiled to efficient implementations in software or hardware. Unfortunately, like many industrial languages, P4 has developed without a formal foundation. The P4 Language Specification is a 160-page document with a mixture of informal prose, graphical diagrams, and pseudocode, leaving many aspects of the language semantics up to individual compilation targets. The P4 reference implementation is a complex system, running to over 40KLoC of C++ code, with support for only a few targets. Clearly neither of these artifacts is suitable for formal reasoning about P4 in general.
This paper presents a new framework, called Petr4, that puts P4 on a solid foundation. Petr4 consists of a clean-slate definitional interpreter and a core calculus that models a fragment of P4. Petr4 is not tied to any particular target: the interpreter is parameterized over an interface that collects features delegated to targets in one place, while the core calculus overapproximates target-specific behaviors using non-determinism.
We have validated the interpreter against a suite of over 750 tests from the P4 reference implementation, exercising our target interface with tests for different targets. We validated the core calculus with a proof of type-preserving termination. While developing Petr4, we reported dozens of bugs in the language specification and the reference implementation, many of which have been fixed.
- Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. 2014. NetKAT: Semantic Foundations for Networks. In ACM POPL. 113-126. https://doi.org/10.1145/2535838.2535862 Google Scholar
Digital Library
- Ryan Becket, Aarti Gupta, Ratul Mahajan, and David Walker. 2017. A General Approach to Network Configuration Verification. In SIGCOMM. 155-168. https://doi.org/10.1145/3098822.3098834 Google Scholar
Digital Library
- Steve Bishop, Matthew Fairbairn, Hannes Mehnert, Michael Norrish, Tom Ridge, Peter Sewell, Michael Smith, and Keith Wansbrough. 2018. Engineering with Logic: Rigorous Test-Oracle Specification and Validation for TCP/IP and the Sockets API. JACM 66, 1 (Dec. 2018 ), 1 : 1-1 : 77. https://doi.org/10.1145/3243650 Google Scholar
Digital Library
- Nikolaj Bjorner and Karthick Jayaraman. 2015. Checking Cloud Contracts in Microsoft Azure. In ICDCIT. Springer-Verlag, 21-32. https://doi.org/10.1007/978-3-319-14977-6_2 Google Scholar
Digital Library
- Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, and David Walker. 2014. P4: Programming Protocol-Independent Packet Processors. SIGCOMM CCR 44, 3 ( July 2014 ), 87-95. https://doi.org/10.1145/2656877.2656890 Google Scholar
Digital Library
- Cisco Systems. 2018. Cisco DNA Analytics and Assurance. Available at https://www.cisco.com/c/en/us/solutions/enterprisenetworks/dna-analytics-assurance.html.Google Scholar
- Luis Damas. 1984. Type Assignment in Programming Languages. Ph.D. Dissertation. University of Edinburgh. Available at http://hdl.handle.net/ 1842 /13555.Google Scholar
- Catherine Dodge and Stephen Quigg. 2018. A Simpler Way to Assess the Network Exposure of EC2 Instances: AWS Releases New Network Reachability Assessments in Amazon Inspector. Archived at https://web.archive.org/web/https://aws.amazon.com/blogs/security/amazon-inspector-assess-network-exposureec2-instances-aws-network-reachability-assessments/.Google Scholar
- Ryan Doenges, Mina Tahmasbi Arashloo, Santiago Bautista, Alexander Chang, Newton Ni, Samwise Parkinson, Rudy Peterson, Alaia Solko-Breslin, Amanda Xu, and Nate Foster. 2020. Petr4: Formal Foundations for P4 Data Planes. arXiv: 2011. 05948 [cs.PL]Google Scholar
- A. Fogel, S. Fung, L. Pedrosa, M. Walraed-Sullivan, R. Govindan, R. Mahajan, and T. Millstein. 2015. A General Approach to Network Configuration Analysis. In NSDI. 469-483.Google Scholar
- Nate Foster. 2019. Type error due to inference/substitution? Github bug report. Archived at https://web.archive.org/web/https: //github.com/p4lang/p4c/issues/ 2036.Google Scholar
- Jacob Van Gefen, Luke Nelson, Isil Dillig, Xi Wang, and Emina Torlak. 2020. Synthesizing JIT Compilers for In-Kernel DSLs. In CAV. https://doi.org/10.1007/978-3-030-53291-8_29 Google Scholar
Cross Ref
- Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. 2016. Fast Control Plane Analysis Using an Abstract Representation. In SIGCOMM. 300-313. https://doi.org/10.1145/2934872.2934876 Google Scholar
Digital Library
- Michael Greenberg and Austin J. Blatt. 2020. Executable Formal Semantics for the POSIX Shell. In POPL. https://doi.org/10. 1145/3371111 Google Scholar
Digital Library
- Arjun Guha, Mark Reitblatt, and Nate Foster. 2013. Machine-Verified Network Controllers. In PLDI. 483-494.Google Scholar
- Arjun Guha, Claudiu Saftoiu, and Shriram Krishnamurthi. 2010. The Essence of JavaScript. In ECOOP. https://doi.org/10. 1007/978-3-642-14107-2_7 Google Scholar
Cross Ref
- Andreas Haas, Andreas Rossberg, Derek L. Schuf, Ben L. Titzer, Michael Holman, Dan Gohman, Luke Wagner, Alon Zakai, and JF Bastien. 2017. Bringing the Web up to Speed with WebAssembly. In PLDI. 185-200. https://doi.org/10.1145/ 3062341.3062363 Google Scholar
Digital Library
- Stefan Heule, Konstantin Weitz, Waqar Mohsin, Lorenzo Vicisano, and Amin Vahdat. 2019. Leveraging P4 to Automatically Validate Networking Switches. Presentation at ONF Connect. Slides available at https://www.opennetworking.org/wpcontent/uploads/2019/09/2.30pm-Stefan-Heule-P4-Presentation.pdf.Google Scholar
- Mukesh Hira and LJ Wobker. 2015. Improving Network Monitoring and Management with Programmable Data Planes. P4 Language Consortium Blog. Available at https://p4.org/p4/inband-network-telemetry/.Google Scholar
- Xin Jin, Xiaozhou Li, Haoyu Zhang, Nate Foster, Jeongkeun Lee, Robert Soulé, Changhoon Kim, and Ion Stoica. 2018. NetChain: Scale-Free Sub-RTT Coordination. In NSDI. 35-49. https://www.usenix.org/conference/nsdi18/presentation/jinGoogle Scholar
- Xin Jin, Xiaozhou Li, Haoyu Zhang, Robert Soulé, Jeongkeun Lee, Nate Foster, Changhoon Kim, and Ion Stoica. 2017. NetCache: Balancing Key-Value Stores with Fast In-Network Caching. In SOSP. 121-136. https://doi.org/10.1145/3132747. 3132764 Google Scholar
Digital Library
- Jacques-Henri Jourdan and François Pottier. 2017. A Simple, Possibly Correct LR Parser for C11. ACM Transactions on Programming Languages and Systems (TOPLAS) 39, 4 ( 2017 ), 1-36. https://doi.org/10.1145/3064848 Google Scholar
Digital Library
- Gilles Kahn. 1987. Natural Semantics. In Symposium on Theoretical Aspects of Computer Science (STACS). Springer-Verlag, 22-39. https://doi.org/10.1007/BFb0039592 Google Scholar
Cross Ref
- Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header Space Analysis: Static Checking for Networks. In NSDI. 113-126. https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/kazemianGoogle Scholar
- Ali Kheradmand and Grigore Rosu. 2018. P4K: A Formal Semantics of P4 and Applications. ( 2018 ). arXiv: 1804. 01468 [cs.NI]Google Scholar
- Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Commun. ACM 52, 7 ( 2009 ), 107-115.Google Scholar
- Hongqiang Harry Liu, Yibo Zhu, Jitu Padhye, Jiaxin Cao, Sri Tallapragada, Nuno P. Lopes, Andrey Rybalchenko, Guohan Lu, and Lihua Yuan. 2017. CrystalNet: Faithfully Emulating Large Production Networks. In SOSP. 599-613. https: //doi.org/10.1145/3132747.3132759 Google Scholar
Digital Library
- Jed Liu, William Hallahan, Cole Schlesinger, Milad Sharif, Jeongkeun Lee, Robert Soulé, Han Wang, Călin Caşcaval, Nick McKeown, and Nate Foster. 2018. p4v: Practical Verification for Programmable Data Planes. In ACM SIGCOMM. 490-503. https://doi.org/10.1145/3230543.3230582 Google Scholar
Digital Library
- Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. 2011. Debugging the Data Plane with Anteater. In SIGCOMM. 290-301. https://doi.org/10.1145/2018436.2018470 Google Scholar
Digital Library
- Nick McKeown, Dan Talayco, George Varghese, Nuno Lopes, Nikolaj Bjørner, and Andrey Rybalchenko. 2016. Automatically Verifying Reachability and Well-Formedness in P4 Networks. Technical Report MSR-TR-2016-65. https://www.microsoft. com/en-us/research/wp-content/uploads/2016/09/p4nod.pdfGoogle Scholar
- Robin Milner, Mads Tofte, and David Macqueen. 1997. The Definition of Standard ML. MIT Press, Cambridge, MA, USA.Google Scholar
Digital Library
- Andres Nötzli, Jehandad Khan, Andy Fingerhut, Clark Barrett, and Peter Athanas. 2018. p4pktgen: Automated Test Case Generation for P4 Programs. In ACM SOSR. 5 : 1-5 :7. https://doi.org/10.1145/3185467.3185497 Google Scholar
Digital Library
- Daejun Park, Andrei Ştefănescu, and Grigore Roşu. 2015. KJS: A Complete Formal Semantics of JavaScript. In PLDI. 346-356. https://doi.org/10.1145/2737924.2737991 Google Scholar
Digital Library
- Benjamin C. Pierce and David N. Turner. 2000. Local Type Inference. ACM Transactions on Programming Languages and Systems (TOPLAS) 22, 1 (Jan. 2000 ), 1-44. https://doi.org/10.1145/345099.345100 Google Scholar
Digital Library
- Gordon D Plotkin. 1981. A Structural Approach to Operational Semantics. ( 1981 ).Google Scholar
- Fabian Rufy, Tao Wang, and Anirudh Sivaraman. 2020. Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing. In OSDI. https://www.usenix.org/conference/osdi20/presentation/rufyGoogle Scholar
- Dana Scott and Christopher Strachey. 1971. Toward a Mathematical Semantics for Computer Languages. Vol. 1. Oxford University Computing Laboratory, Programming Research Group Oxford.Google Scholar
- Peter Sewell, Susmit Sarkar, Scott Owens, Francesco Zappa Nardelli, and Magnus O Myreen. 2010a. x86-TSO: a Rigorous and Usable Programmer's Model for x86 Multiprocessors. Commun. ACM 53, 7 ( 2010 ), 89-97. https://doi.org/10.1145/ 1785414.1785443 Google Scholar
Digital Library
- Peter Sewell, Francesco Zappa Nardelli, Scott Owens, Gilles Peskine, Thomas Ridge, Susmit Sarkar, and Rok Strniša. 2010b. Ott: Efective Tool Support for the Working Semanticist. J. Funct. Program. 20, 1 (Jan. 2010 ), 71-122. https: //doi.org/10.1017/S0956796809990293 Google Scholar
Digital Library
- Christian Skalka, John Ring, David Darias, Minseok Kwon, Sahil Gupta, Kyle Diller, Stefen Smolka, and Nate Foster. 2019. Proof Carrying Network Code. In ACM CCS. 1115-1129. https://doi.org/10.1145/3319535.3363214 Google Scholar
Digital Library
- Radu Stoenescu, Dragos Dumitrescu, Matei Popovici, Lorina Negreanu, and Costin Raiciu. 2018. Debugging P4 programs with Vera. In SIGCOMM. https://doi.org/10.1145/3230543.3230548 Google Scholar
Digital Library
- Aldo Svaldi. 2019. A Single Network Card Caused CenturyLink's Nationwide Outage. The Denver Post. Archived at https://web.archive.org/web/20190202225936/https://www.denverpost.com/ 2019 /01/11/centurylink-network-outagedenver/.Google Scholar
- The P4 Language Consortium. 2018. P4 Language Specification, Version 1.1.0. Available at https://p4.org/p4-spec/docs/P4-16-v1.1.0-spec.html.Google Scholar
- Xi Wang, Haogang Chen, Alvin Cheung, Zhihao Jia, Nickolai Zeldovich, and M. Frans Kaashoek. 2012. Undefined Behavior: What Happened to My Code?. In Proceedings of the Asia-Pacific Workshop on Systems. 1-7. https://doi.org/10.1145/ 2349896.2349905 Google Scholar
Digital Library
- Xi Wang, David Lazar, Nickolai Zeldovich, Adam Chlipala, and Zachary Tatlock. 2014. Jitk: A Trustworthy In-Kernel Interpreter Infrastructure. In OSDI. 33-47. https://www.usenix.org/conference/osdi14/technical-sessions/presentation/ wang_xiGoogle Scholar
Index Terms
Petr4: formal foundations for p4 data planes
Recommendations
The formal semantics of SDL-2000: status and perspectives
ITU-T system design languages (SDL)In November 1999, the current version of specification and description language (SDL), commonly referred to as SDL-2000, passed through ITU-T. In November 2000, the formal semantics of SDL- 2000 was officially approved to become part of the SDL language ...
Formal verification of SystemCFLspecifications using SPIN
MINO'06: Proceedings of the 5th WSEAS international conference on Microelectronics, nanoelectronics, optoelectronicsThe formal language SystemCFL is the formalization of SystemC. The language semantics of SystemCFL was formally defined in a standard structured operational semantics (SOS) style. For verification purposes, in this paper, we present an approach to use ...
On the Formal Semantics of MiniMaple and its Specification Language
FIT '12: Proceedings of the 2012 10th International Conference on Frontiers of Information TechnologyIn this paper, we give a definition of the formal (denotational) semantics of MiniMaple (a substantial subset of a widely used computer algebra system Maple with slight modifications) and its specification language. Defining the formal semantics of ...






Comments