skip to main content

Petr4: formal foundations for p4 data planes

Published:04 January 2021Publication History
Skip Abstract Section

Abstract

P4 is a domain-specific language for programming and specifying packet-processing systems. It is based on an elegant design with high-level abstractions like parsers and match-action pipelines that can be compiled to efficient implementations in software or hardware. Unfortunately, like many industrial languages, P4 has developed without a formal foundation. The P4 Language Specification is a 160-page document with a mixture of informal prose, graphical diagrams, and pseudocode, leaving many aspects of the language semantics up to individual compilation targets. The P4 reference implementation is a complex system, running to over 40KLoC of C++ code, with support for only a few targets. Clearly neither of these artifacts is suitable for formal reasoning about P4 in general.

This paper presents a new framework, called Petr4, that puts P4 on a solid foundation. Petr4 consists of a clean-slate definitional interpreter and a core calculus that models a fragment of P4. Petr4 is not tied to any particular target: the interpreter is parameterized over an interface that collects features delegated to targets in one place, while the core calculus overapproximates target-specific behaviors using non-determinism.

We have validated the interpreter against a suite of over 750 tests from the P4 reference implementation, exercising our target interface with tests for different targets. We validated the core calculus with a proof of type-preserving termination. While developing Petr4, we reported dozens of bugs in the language specification and the reference implementation, many of which have been fixed.

References

  1. Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. 2014. NetKAT: Semantic Foundations for Networks. In ACM POPL. 113-126. https://doi.org/10.1145/2535838.2535862 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Ryan Becket, Aarti Gupta, Ratul Mahajan, and David Walker. 2017. A General Approach to Network Configuration Verification. In SIGCOMM. 155-168. https://doi.org/10.1145/3098822.3098834 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Steve Bishop, Matthew Fairbairn, Hannes Mehnert, Michael Norrish, Tom Ridge, Peter Sewell, Michael Smith, and Keith Wansbrough. 2018. Engineering with Logic: Rigorous Test-Oracle Specification and Validation for TCP/IP and the Sockets API. JACM 66, 1 (Dec. 2018 ), 1 : 1-1 : 77. https://doi.org/10.1145/3243650 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Nikolaj Bjorner and Karthick Jayaraman. 2015. Checking Cloud Contracts in Microsoft Azure. In ICDCIT. Springer-Verlag, 21-32. https://doi.org/10.1007/978-3-319-14977-6_2 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, and David Walker. 2014. P4: Programming Protocol-Independent Packet Processors. SIGCOMM CCR 44, 3 ( July 2014 ), 87-95. https://doi.org/10.1145/2656877.2656890 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Cisco Systems. 2018. Cisco DNA Analytics and Assurance. Available at https://www.cisco.com/c/en/us/solutions/enterprisenetworks/dna-analytics-assurance.html.Google ScholarGoogle Scholar
  7. Luis Damas. 1984. Type Assignment in Programming Languages. Ph.D. Dissertation. University of Edinburgh. Available at http://hdl.handle.net/ 1842 /13555.Google ScholarGoogle Scholar
  8. Catherine Dodge and Stephen Quigg. 2018. A Simpler Way to Assess the Network Exposure of EC2 Instances: AWS Releases New Network Reachability Assessments in Amazon Inspector. Archived at https://web.archive.org/web/https://aws.amazon.com/blogs/security/amazon-inspector-assess-network-exposureec2-instances-aws-network-reachability-assessments/.Google ScholarGoogle Scholar
  9. Ryan Doenges, Mina Tahmasbi Arashloo, Santiago Bautista, Alexander Chang, Newton Ni, Samwise Parkinson, Rudy Peterson, Alaia Solko-Breslin, Amanda Xu, and Nate Foster. 2020. Petr4: Formal Foundations for P4 Data Planes. arXiv: 2011. 05948 [cs.PL]Google ScholarGoogle Scholar
  10. A. Fogel, S. Fung, L. Pedrosa, M. Walraed-Sullivan, R. Govindan, R. Mahajan, and T. Millstein. 2015. A General Approach to Network Configuration Analysis. In NSDI. 469-483.Google ScholarGoogle Scholar
  11. Nate Foster. 2019. Type error due to inference/substitution? Github bug report. Archived at https://web.archive.org/web/https: //github.com/p4lang/p4c/issues/ 2036.Google ScholarGoogle Scholar
  12. Jacob Van Gefen, Luke Nelson, Isil Dillig, Xi Wang, and Emina Torlak. 2020. Synthesizing JIT Compilers for In-Kernel DSLs. In CAV. https://doi.org/10.1007/978-3-030-53291-8_29 Google ScholarGoogle ScholarCross RefCross Ref
  13. Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. 2016. Fast Control Plane Analysis Using an Abstract Representation. In SIGCOMM. 300-313. https://doi.org/10.1145/2934872.2934876 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Michael Greenberg and Austin J. Blatt. 2020. Executable Formal Semantics for the POSIX Shell. In POPL. https://doi.org/10. 1145/3371111 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Arjun Guha, Mark Reitblatt, and Nate Foster. 2013. Machine-Verified Network Controllers. In PLDI. 483-494.Google ScholarGoogle Scholar
  16. Arjun Guha, Claudiu Saftoiu, and Shriram Krishnamurthi. 2010. The Essence of JavaScript. In ECOOP. https://doi.org/10. 1007/978-3-642-14107-2_7 Google ScholarGoogle ScholarCross RefCross Ref
  17. Andreas Haas, Andreas Rossberg, Derek L. Schuf, Ben L. Titzer, Michael Holman, Dan Gohman, Luke Wagner, Alon Zakai, and JF Bastien. 2017. Bringing the Web up to Speed with WebAssembly. In PLDI. 185-200. https://doi.org/10.1145/ 3062341.3062363 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Stefan Heule, Konstantin Weitz, Waqar Mohsin, Lorenzo Vicisano, and Amin Vahdat. 2019. Leveraging P4 to Automatically Validate Networking Switches. Presentation at ONF Connect. Slides available at https://www.opennetworking.org/wpcontent/uploads/2019/09/2.30pm-Stefan-Heule-P4-Presentation.pdf.Google ScholarGoogle Scholar
  19. Mukesh Hira and LJ Wobker. 2015. Improving Network Monitoring and Management with Programmable Data Planes. P4 Language Consortium Blog. Available at https://p4.org/p4/inband-network-telemetry/.Google ScholarGoogle Scholar
  20. Xin Jin, Xiaozhou Li, Haoyu Zhang, Nate Foster, Jeongkeun Lee, Robert Soulé, Changhoon Kim, and Ion Stoica. 2018. NetChain: Scale-Free Sub-RTT Coordination. In NSDI. 35-49. https://www.usenix.org/conference/nsdi18/presentation/jinGoogle ScholarGoogle Scholar
  21. Xin Jin, Xiaozhou Li, Haoyu Zhang, Robert Soulé, Jeongkeun Lee, Nate Foster, Changhoon Kim, and Ion Stoica. 2017. NetCache: Balancing Key-Value Stores with Fast In-Network Caching. In SOSP. 121-136. https://doi.org/10.1145/3132747. 3132764 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jacques-Henri Jourdan and François Pottier. 2017. A Simple, Possibly Correct LR Parser for C11. ACM Transactions on Programming Languages and Systems (TOPLAS) 39, 4 ( 2017 ), 1-36. https://doi.org/10.1145/3064848 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Gilles Kahn. 1987. Natural Semantics. In Symposium on Theoretical Aspects of Computer Science (STACS). Springer-Verlag, 22-39. https://doi.org/10.1007/BFb0039592 Google ScholarGoogle ScholarCross RefCross Ref
  24. Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header Space Analysis: Static Checking for Networks. In NSDI. 113-126. https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/kazemianGoogle ScholarGoogle Scholar
  25. Ali Kheradmand and Grigore Rosu. 2018. P4K: A Formal Semantics of P4 and Applications. ( 2018 ). arXiv: 1804. 01468 [cs.NI]Google ScholarGoogle Scholar
  26. Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Commun. ACM 52, 7 ( 2009 ), 107-115.Google ScholarGoogle Scholar
  27. Hongqiang Harry Liu, Yibo Zhu, Jitu Padhye, Jiaxin Cao, Sri Tallapragada, Nuno P. Lopes, Andrey Rybalchenko, Guohan Lu, and Lihua Yuan. 2017. CrystalNet: Faithfully Emulating Large Production Networks. In SOSP. 599-613. https: //doi.org/10.1145/3132747.3132759 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Jed Liu, William Hallahan, Cole Schlesinger, Milad Sharif, Jeongkeun Lee, Robert Soulé, Han Wang, Călin Caşcaval, Nick McKeown, and Nate Foster. 2018. p4v: Practical Verification for Programmable Data Planes. In ACM SIGCOMM. 490-503. https://doi.org/10.1145/3230543.3230582 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P. Brighten Godfrey, and Samuel Talmadge King. 2011. Debugging the Data Plane with Anteater. In SIGCOMM. 290-301. https://doi.org/10.1145/2018436.2018470 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Nick McKeown, Dan Talayco, George Varghese, Nuno Lopes, Nikolaj Bjørner, and Andrey Rybalchenko. 2016. Automatically Verifying Reachability and Well-Formedness in P4 Networks. Technical Report MSR-TR-2016-65. https://www.microsoft. com/en-us/research/wp-content/uploads/2016/09/p4nod.pdfGoogle ScholarGoogle Scholar
  31. Robin Milner, Mads Tofte, and David Macqueen. 1997. The Definition of Standard ML. MIT Press, Cambridge, MA, USA.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Andres Nötzli, Jehandad Khan, Andy Fingerhut, Clark Barrett, and Peter Athanas. 2018. p4pktgen: Automated Test Case Generation for P4 Programs. In ACM SOSR. 5 : 1-5 :7. https://doi.org/10.1145/3185467.3185497 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Daejun Park, Andrei Ştefănescu, and Grigore Roşu. 2015. KJS: A Complete Formal Semantics of JavaScript. In PLDI. 346-356. https://doi.org/10.1145/2737924.2737991 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Benjamin C. Pierce and David N. Turner. 2000. Local Type Inference. ACM Transactions on Programming Languages and Systems (TOPLAS) 22, 1 (Jan. 2000 ), 1-44. https://doi.org/10.1145/345099.345100 Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Gordon D Plotkin. 1981. A Structural Approach to Operational Semantics. ( 1981 ).Google ScholarGoogle Scholar
  36. Fabian Rufy, Tao Wang, and Anirudh Sivaraman. 2020. Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing. In OSDI. https://www.usenix.org/conference/osdi20/presentation/rufyGoogle ScholarGoogle Scholar
  37. Dana Scott and Christopher Strachey. 1971. Toward a Mathematical Semantics for Computer Languages. Vol. 1. Oxford University Computing Laboratory, Programming Research Group Oxford.Google ScholarGoogle Scholar
  38. Peter Sewell, Susmit Sarkar, Scott Owens, Francesco Zappa Nardelli, and Magnus O Myreen. 2010a. x86-TSO: a Rigorous and Usable Programmer's Model for x86 Multiprocessors. Commun. ACM 53, 7 ( 2010 ), 89-97. https://doi.org/10.1145/ 1785414.1785443 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Peter Sewell, Francesco Zappa Nardelli, Scott Owens, Gilles Peskine, Thomas Ridge, Susmit Sarkar, and Rok Strniša. 2010b. Ott: Efective Tool Support for the Working Semanticist. J. Funct. Program. 20, 1 (Jan. 2010 ), 71-122. https: //doi.org/10.1017/S0956796809990293 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Christian Skalka, John Ring, David Darias, Minseok Kwon, Sahil Gupta, Kyle Diller, Stefen Smolka, and Nate Foster. 2019. Proof Carrying Network Code. In ACM CCS. 1115-1129. https://doi.org/10.1145/3319535.3363214 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Radu Stoenescu, Dragos Dumitrescu, Matei Popovici, Lorina Negreanu, and Costin Raiciu. 2018. Debugging P4 programs with Vera. In SIGCOMM. https://doi.org/10.1145/3230543.3230548 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Aldo Svaldi. 2019. A Single Network Card Caused CenturyLink's Nationwide Outage. The Denver Post. Archived at https://web.archive.org/web/20190202225936/https://www.denverpost.com/ 2019 /01/11/centurylink-network-outagedenver/.Google ScholarGoogle Scholar
  43. The P4 Language Consortium. 2018. P4 Language Specification, Version 1.1.0. Available at https://p4.org/p4-spec/docs/P4-16-v1.1.0-spec.html.Google ScholarGoogle Scholar
  44. Xi Wang, Haogang Chen, Alvin Cheung, Zhihao Jia, Nickolai Zeldovich, and M. Frans Kaashoek. 2012. Undefined Behavior: What Happened to My Code?. In Proceedings of the Asia-Pacific Workshop on Systems. 1-7. https://doi.org/10.1145/ 2349896.2349905 Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Xi Wang, David Lazar, Nickolai Zeldovich, Adam Chlipala, and Zachary Tatlock. 2014. Jitk: A Trustworthy In-Kernel Interpreter Infrastructure. In OSDI. 33-47. https://www.usenix.org/conference/osdi14/technical-sessions/presentation/ wang_xiGoogle ScholarGoogle Scholar

Index Terms

  1. Petr4: formal foundations for p4 data planes

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!