Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
ExecutableFormalSemanticofP4andApplications
AliKheradmand,Grigore RosuUniversityofIllinoisatUrbanaChampaign
P4Workshop,May20171
14
Aneed:AutomatedVerification
+ ͢
Complexity(ofnetworksandhardware)
FlexibilityandAgility(ofSDNsandP4)
(increasedchanceof)SubtleBugs
!
2
Currentapproach
Languagespecification(InEnglish)
Tooldeveloper
Verification tool
Languagedesigners
CompilerdeveloperCompiler/Interpreter
…
?
?
?
3
FormalsemanticsmatterExamplefromClanguage:
P4 Language Specification Version 1.0.3 (November 2, 2016):
“P4 assumes parallel semantics for the application of allthe primitive actions executing as a result of a match in agiven table. The execution of actions across differenttables assumes sequential semantics where the sequenceis determined by the control flow, described in Section 12.”
int main(void){int x= 0;return (x= 1)+ (x= 2);
}
modify_field(hdr.fldA,1);modify_field(hdr.fldB,hdr.fldA);
modify_field(hdr.fldA,1);modify_field(hdr.fldA,2); ?
*
* Rosuetal.,http://www.kframework.org/index.php/K_Overview
GCC:4Clang:3Frama-C[Filliâtre etal]:4HAVOC[Lahiri etal]:4ISOC11:undefined
4
Ourvision
FormalLanguageDefinition(SyntaxandSemantics)
TestGeneratorInterpreter/Debugger DeductiveProgramVerifier
ModelChecker
SymbolicExecutionEngine
Compiler
EquivalenceChecker …
5
KFramework[Rosu etal,2010]
• Rewrite-basedprogramminglanguagesemanticsengineeringframework• SuccessfullyusedtogivecompletesemanticstoC,Java,JavaScript,…
• Semantics:• Configuration(state):nestedcells• Rewriterules(transitions):C[L1 =>R1,…,Ln =>Rn]
P4K:SemanticsofP414 (V1.0.3)inK
• Notallfeaturesarecurrentlysupported• EnoughrulestorunsimpleP4programs• e.g:basic_routing fromp4factory
• Challenge:ambiguitiesandundefinedbehavior• Parallelsemantics• Deparsing• Operandswithdifferentwidths• …
• More:https://github.com/kframework/p4-semantics/blob/master/issues.txt• MostaddressedinP416
7
Tools(allforfree!)
P4K
TestGeneratorInterpreter/Debugger DeductiveProgramVerifier
ModelChecker
SymbolicExecutionEngine
Compiler
EquivalenceChecker …
8
PotentialApp1:FindingbugsusingSymbolicExecution• Property:Doestheprogrameitherdropthepacketorsetthevalueofegress_spec?*
• Startwithasymbolicpacket• Searchforapatterninwhichneitherthepacketisdroppednortheegress_spec isset
9
? 𝑃 #$%&'(
*NateFoster,personalcommunication
PotentialApp1:FindingbugsusingSymbolicExecution(cont.)• Testedonbasic_routing• Found2typeofinputsthatleadtoviolation:• P.ethernet.etherType !=0x0800• P.ipv4.dstAdrnotinipv4_fibandipv4_fib_lpm
10
parserparse_ethernet {extract(ethernet);returnselect(latest.etherType){0x0800:parse_ipv4;default:ingress;
}}
controlingress{if(valid(ipv4)) {…
}}
apply(ipv4_fib) {on_miss {apply(ipv4_fib_lpm);
}}
PotentialApp2:Dataplaneverification
• Checknetwork-widereachabilitypropertiesindataplanesnapshot(forallpacketheaders)• E.g:DoesallpacketsfromAreachB?• HSA[Kazemian etal,NSDI’12],Veriflow[Khurshid etal,NSDI’13], Delta-net[NSDI’17],…
• Canbecheckedbyinsertingsymbolicpacketsandusingsymbolicexecution• Needsemanticsofnetwork• Easytoadd
11
Tools(allforfree!)
P4K
TestGeneratorInterpreter/Debugger DeductiveProgramVerifier
ModelChecker
SymbolicExecutionEngine
Compiler
EquivalenceChecker …
12
PotentialApp3:Semanticcoveragemeasurement• “Howmuch”ofthelanguagesemanticsiscoveredbythecompilertestssuits?• SimilartechniqueforJavaScript([Parketal,PLDI’15])revealed:• Inconsistencies inJavaScriptstandard• Bugs inWebbrowsers
13
Compiler testsuit Rulecoveragereport
P4KInterpreter
MorePotentialApps
• Automaticconformancetestgeneration• Modelchecking• Comprehensivenetworkverification
• bypluggingcontrollerprogramswritteninC/Java/…withoutmodifcation
• Equivalencecheck/translationvalidation• Betterlanguagespecification
• Formalizationitselfmightrevealproblemsinthespecification• UseKrulesinthelanguagespecification
• orformalizethepseudo-codelanguage
• [insertideashere]
14
Conclusion
• Formalsemanticsmatters• P4K:TowardscompleteexecutableformalsemanticsofP4inK• ToolsforP4developersanddesignersbasedonthesemantics• Suggestion:ConsidertheframeworkforfutureversionsofP4language
• Checkitout:https://github.com/kframework/p4-semantics/• Learnmore:http://www.kframework.org/• Lookingforideas/collaborators• Let’sgetintouch:[email protected]
15
p4workshop