Papers
Topics
Authors
Recent
Search
2000 character limit reached

KATch: A Fast Symbolic Verifier for NetKAT

Published 7 Apr 2024 in cs.PL | (2404.04760v3)

Abstract: We develop new data structures and algorithms for checking verification queries in NetKAT, a domain-specific language for specifying the behavior of network data planes. Our results extend the techniques obtained in prior work on symbolic automata and provide a framework for building efficient and scalable verification tools. We present KATch, an implementation of these ideas in Scala, featuring an extended set of NetKAT operators that are useful for expressing network-wide specifications, and a verification engine that constructs a bisimulation or generates a counter-example showing that none exists. We evaluate the performance of our implementation on real-world and synthetic benchmarks, verifying properties such as reachability and slice isolation, typically returning a result in well under a second, which is orders of magnitude faster than previous approaches. Our advancements underscore NetKAT's potential as a practical, declarative language for network specification and verification.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (44)
  1. NetKAT: Semantic Foundations for Networks. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. https://doi.org/10.1145/2535838.2535862
  2. Valentin Antimirov. 1996. Partial derivatives of regular expressions and finite automaton constructions. Theoretical Computer Science (1996). https://doi.org/10.1016/0304-3975(95)00182-4
  3. Boogie: A Modular Reusable Verifier for Object-Oriented Programs. In Formal Methods for Components and Objects, 4th International Symposium, FMCO 2005, Amsterdam, The Netherlands, November 1-4, 2005, Revised Lectures. https://doi.org/10.1007/11804192_17
  4. A General Approach to Network Configuration Verification. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication. https://doi.org/10.1145/3098822.3098834
  5. Control plane compression. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM 2018, Budapest, Hungary, August 20-25, 2018. https://doi.org/10.1145/3230543.3230583
  6. Abstract interpretation of distributed network control planes. POPL (2020). https://doi.org/10.1145/3371110
  7. Don’t Mind the Gap: Bridging Network-Wide Objectives and Device-Level Configurations. In Proceedings of the 2016 ACM SIGCOMM Conference. https://doi.org/10.1145/2934872.2934909
  8. Filippo Bonchi and Damien Pous. 2013. Checking NFA Equivalence with Bisimulations up to Congruence. In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. https://doi.org/10.1145/2429069.2429124
  9. P4: Programming Protocol-Independent Packet Processors. SIGCOMM Comput. Commun. Rev. (2014). https://doi.org/10.1145/2656877.2656890
  10. Lessons from the evolution of the Batfish configuration analysis tool. In Proceedings of the ACM SIGCOMM 2023 Conference, ACM SIGCOMM 2023, New York, NY, USA, 10-14 September 2023. https://doi.org/10.1145/3603269.3604866
  11. Randal E. Bryant. 1986. Graph-Based Algorithms for Boolean Function Manipulation. IEEE Trans. Computers (1986). https://doi.org/10.1109/TC.1986.1676819
  12. Randal E. Bryant. 1992. Symbolic Boolean Manipulation with Ordered Binary-Decision Diagrams. ACM Comput. Surv. (1992). https://doi.org/10.1145/136035.136043
  13. Janusz A Brzozowski. 1962. Canonical regular expressions and minimal state graphs for definite events. In Proc. Symposium of Mathematical Theory of Automata.
  14. Symbolic Model Checking: 10^20 States and Beyond. In LICS. https://doi.org/10.1109/LICS.1990.113767
  15. Loris D’Antoni and Margus Veanes. 2014. Minimization of Symbolic Automata. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. https://doi.org/10.1145/2535838.2535849
  16. Loris D’Antoni and Margus Veanes. 2017. Forward Bisimulations for Nondeterministic Symbolic Finite Automata. In Proceedings, Part I, of the 23rd International Conference on Tools and Algorithms for the Construction and Analysis of Systems - Volume 10205. https://doi.org/10.1007/978-3-662-54577-5_30
  17. Leapfrog: Certified Equivalence for Protocol Parsers. In Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation. https://doi.org/10.1145/3519939.3523715
  18. A General Approach to Network Configuration Analysis. In 12th USENIX Symposium on Networked Systems Design and Implementation, NSDI 15, Oakland, CA, USA, May 4-6, 2015. https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/fogel
  19. Frenetic: a network programming language. In ICFP. https://doi.org/10.1145/2034773.2034812
  20. Probabilistic NetKAT. In ESOP.
  21. A Coalgebraic Decision Procedure for NetKAT. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. https://doi.org/10.1145/2676726.2677011
  22. Kleene algebra modulo theories: a framework for concrete KATs. In PLDI. https://doi.org/10.1145/3519939.3523722
  23. Fast and Precise Sanitizer Analysis with BEK. In USENIX Conference on Security.
  24. John E. Hopcroft and Richard M. Karp. 1971. A Linear Algorithm for Testing Equivalence of Finite Automata.
  25. Header Space Analysis: Static Checking for Networks. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation.
  26. Veriflow: Verifying Network-Wide Invariants in Real Time. SIGCOMM Comput. Commun. Rev. (2012). https://doi.org/10.1145/2377677.2377766
  27. The Internet Topology Zoo. Selected Areas in Communications, IEEE Journal on (2011). https://doi.org/10.1109/JSAC.2011.111002
  28. Dexter Kozen. 1996. Kleene algebra with tests and commutativity conditions. In Tools and Algorithms for the Construction and Analysis of Systems.
  29. C. Y. Lee. 1959. Representation of switching circuits by binary-decision programs. The Bell System Technical Journal (1959). https://doi.org/10.1002/j.1538-7305.1959.tb01585.x
  30. K. Rustan M. Leino and Valentin Wüstholz. 2014. The Dafny Integrated Development Environment. In Proceedings 1st Workshop on Formal Integrated Development Environment, F-IDE 2014, Grenoble, France, April 6, 2014. https://doi.org/10.4204/EPTCS.149.2
  31. Debugging the Data Plane with Anteater. SIGCOMM Comput. Commun. Rev. (2011). https://doi.org/10.1145/2043164.2018470
  32. Edward F. Moore. 1956. Gedanken-Experiments on Sequential Machines.
  33. Damien Pous. 2015. Symbolic Algorithms for Language Equivalence and Kleene Algebra with Tests. SIGPLAN Not. (2015). https://doi.org/10.1145/2775051.2677007
  34. A Fast Compiler for NetKAT. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming. https://doi.org/10.1145/2784731.2784761
  35. Guarded Kleene Algebra with Tests: Verification of Uninterpreted Programs in Nearly Linear Time. POPL (2019). https://doi.org/10.1145/3371129
  36. Scalable Verification of Probabilistic Networks. In PLDI.
  37. Cantor Meets Scott: Semantic Foundations for Probabilistic Networks. In POPL.
  38. Lightyear: Using Modularity to Scale BGP Control Plane Verification. In Proceedings of the ACM SIGCOMM 2023 Conference, ACM SIGCOMM 2023, New York, NY, USA, 10-14 September 2023. https://doi.org/10.1145/3603269.3604842
  39. Modular Control Plane Verification via Temporal Invariants. PLDI (2023). https://doi.org/10.1145/3591222
  40. Emina Torlak and Rastislav Bodík. 2013. Growing solver-aided languages with rosette. In ACM Symposium on New Ideas in Programming and Reflections on Software, Onward! 2013, part of SPLASH ’13, Indianapolis, IN, USA, October 26-31, 2013. https://doi.org/10.1145/2509578.2509586
  41. Moshe Y. Vardi and Pierre Wolper. 1986. An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report). In LICS.
  42. On static reachability analysis of IP networks. In INFOCOMM.
  43. Hongkun Yang and Simon S. Lam. 2016. Real-Time Verification of Network Properties Using Atomic Predicates. IEEE/ACM Trans. Netw. (2016). https://doi.org/10.1109/TNET.2015.2398197
  44. APKeep: Realtime Verification for Real Networks. In NSDI. https://www.usenix.org/conference/nsdi20/presentation/zhang-peng
Citations (1)

Summary

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Continue Learning

We haven't generated follow-up questions for this paper yet.

Collections

Sign up for free to add this paper to one or more collections.