Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

KATch: A Fast Symbolic Verifier for NetKAT

Mark Moeller, Jules Jacobs, Olivier Savary Belanger, David Darais, Cole Schlesinger, Steffen Smolka, Nate Foster, Alexandra Silva

TL;DR

This work develops new data structures and algorithms for checking verification queries in NetKAT, a domain-specific language for specifying the behavior of network data planes, and presents KATch, an implementation of these ideas in Scala, featuring an extended set of NetKAT operators that are useful for expressing network-wide specifications.

Abstract

We develop new data structures and algorithms for checking verification queries in NetKAT, a domain-specific language for specifying the behavior of network data planes. Our results extend the techniques obtained in prior work on symbolic automata and provide a framework for building efficient and scalable verification tools. We present KATch, an implementation of these ideas in Scala, featuring an extended set of NetKAT operators that are useful for expressing network-wide specifications, and a verification engine that constructs a bisimulation or generates a counter-example showing that none exists. We evaluate the performance of our implementation on real-world and synthetic benchmarks, verifying properties such as reachability and slice isolation, typically returning a result in well under a second, which is orders of magnitude faster than previous approaches. Our advancements underscore NetKAT's potential as a practical, declarative language for network specification and verification.

KATch: A Fast Symbolic Verifier for NetKAT

TL;DR

This work develops new data structures and algorithms for checking verification queries in NetKAT, a domain-specific language for specifying the behavior of network data planes, and presents KATch, an implementation of these ideas in Scala, featuring an extended set of NetKAT operators that are useful for expressing network-wide specifications.

Abstract

We develop new data structures and algorithms for checking verification queries in NetKAT, a domain-specific language for specifying the behavior of network data planes. Our results extend the techniques obtained in prior work on symbolic automata and provide a framework for building efficient and scalable verification tools. We present KATch, an implementation of these ideas in Scala, featuring an extended set of NetKAT operators that are useful for expressing network-wide specifications, and a verification engine that constructs a bisimulation or generates a counter-example showing that none exists. We evaluate the performance of our implementation on real-world and synthetic benchmarks, verifying properties such as reachability and slice isolation, typically returning a result in well under a second, which is orders of magnitude faster than previous approaches. Our advancements underscore NetKAT's potential as a practical, declarative language for network specification and verification.
Paper Structure (56 sections, 17 theorems, 64 equations, 12 figures)

This paper contains 56 sections, 17 theorems, 64 equations, 12 figures.

Table of Contents

  1. Introduction
  2. Challenge 1: Expressive but Compact Symbolic Representations
  3. Challenge 2: Extended Logical Operators
  4. Challenge 3: Support for Counter-Examples
  5. Contribution 1: Efficient symbolic representations (\ref{['sec:symbolic']}).
  6. Contribution 2: Symbolic Brzozowski derivatives (\ref{['sec:symaut']}).
  7. Contribution 3: Symbolic bisimilarity checking (\ref{['sec:fwdbwd']}).
  8. Contribution 4: KATch implementation (\ref{['sec:impl']}) and evaluation (\ref{['sec:eval']}).
  9. NetKAT Expressions and Automata
  10. Conditional dup, equivalence, and subsumption
  11. NetKAT Automata
  12. Carry-on packets
  13. Bisimulation of NetKAT Automata
  14. Symbolic NetKAT Representations
  15. Symbolic Packets
  16. ...and 41 more sections

Key Result

lemma 1

For an SP $p$ such that $\mathsf{RO}_{f}^{\mathsf{SP}}\xspace(p)$, then for any concrete packet $\alpha$, we have $\alpha\in\llbracket p \rrbracket$ implies $\forall v\in V\colon \alpha[f\mathrel{\!\shortleftarrow\!} v]\in\llbracket p \rrbracket$ and $\alpha\notin\llbracket p \rrbracket$ implies $\f

Figures (12)

  • Figure 1: NetKAT syntax and semantics.
  • Figure 2: Bisimulation algorithm à la Hopcroft & Karp Hopcroft1971
  • Figure 3: Examples of $\mathsf{SP}$s, where $p \triangleq (a\mathrel{\!=\!}3 \cdot b\mathrel{\!=\!}4 \mathrel{+} b \mathrel{\!\neq\!} 5 \cdot c\mathrel{\!=\!}5)$ and $q \triangleq (b=3 \cdot c\mathrel{\!=\!}4 \mathrel{+} a\mathrel{\!=\!}5 \cdot c \mathrel{\!\neq\!} 5)$.
  • Figure 4: Definition of the $\mathsf{SP}$ operations. The inductive case is identical for all operations (indicated by $\mathrel{\mathop{\hat{\pm}}}$), and applies when both $\mathsf{SP}$s test the same field. Expansion inserts a trivial $\mathsf{SP}$ node to reduce the remaining cases to the inductive case. The notation $b(v;d)$ means the child $b(v)$ if $v \in \textsf{dom}(b)$, or the default case $d$ otherwise.
  • Figure 5: Examples of SPPs, where $p \triangleq (a \mathrel{\!=\!} 5 + b \mathrel{\!=\!} 2) \cdot (b \mathrel{\!\shortleftarrow\!} 1 + c \mathrel{\!=\!} 5)$, and $q \triangleq (b \mathrel{\!=\!} 1 \mathrel{+} c \mathrel{\!\shortleftarrow\!} 4 \mathrel{+} a \mathrel{\!\shortleftarrow\!} 1 \cdot b \mathrel{\!\shortleftarrow\!} 1)$.
  • ...and 7 more figures

Theorems & Definitions (19)

  • definition 1: Reduced and Ordered
  • lemma 1
  • lemma 2
  • corollary 1
  • lemma 3
  • theorem 1: RO form is unique
  • theorem 2
  • definition 2: Reduced and Ordered
  • lemma 4
  • corollary 2
  • ...and 9 more