How to Avoid Making a Billion-Dollar Mistake: Type-Safe Data Plane Programming with SafeP4

06/17/2019
by   Matthias Eichholtz, et al.
0

The P4 programming language offers high-level, declarative abstractions that bring the flexibility of software to the domain of networking. Unfortunately, the main abstraction used to represent packet data in P4, namely header types, lacks basic safety guarantees. Over the last few years, experience with an increasing number of programs has shown the risks of the unsafe approach, which often leads to subtle software bugs. This paper proposes SafeP4, a domain-specific language for programmable data planes in which all packet data is guaranteed to have a well-defined meaning and satisfy essential safety guarantees. We equip SafeP4 with a formal semantics and a static type system that statically guarantees header validity---a common source of safety bugs according to our analysis of real-world P4 programs. Statically ensuring header validity is challenging because the set of valid headers can be modified at runtime, making it a dynamic program property. Our type system achieves static safety by using a form of path-sensitive reasoning that tracks dynamic information from conditional statements, routing tables, and the control plane. Our evaluation shows that SafeP4's type system can effectively eliminate common failures in many real-world programs.

READ FULL TEXT
research
06/16/2021

Dynamic Recompilation of Software Network Services with Morpheus

State-of-the-art approaches to design, develop and optimize software pac...
research
09/07/2023

P4R-Type: a Verified API for P4 Control Plane Programs (Technical Report)

Software-Defined Networking (SDN) significantly simplifies programming, ...
research
04/04/2018

P4K: A Formal Semantics of P4 and Applications

Programmable packet processors and P4 as a programming language for such...
research
03/29/2021

SafeDrop: Detecting Memory Deallocation Bugs of Rust Programs via Static Data-Flow Analysis

Rust is an emerging programming language that aims to prevent memory-saf...
research
08/03/2023

Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing

For safety reasons, unprivileged users today have only limited ways to c...
research
07/26/2022

FP4: Line-rate Greybox Fuzz Testing for P4 Switches

Compared to fixed-function switches, the flexibility of programmable swi...
research
09/11/2023

Sound Atomicity Inference for Data-Centric Synchronization

Data-Centric Concurrency Control (DCCC) shifts the reasoning about concu...

Please sign up or login with your details

Forgot password? Click here to reset