skip to main content
10.1145/3452296.3472929acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article

Synthesizing safe and efficient kernel extensions for packet processing

Published: 09 August 2021 Publication History

Abstract

Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at specific hooks in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux uses an in-kernel static checker. The checker allows a program to execute only if it can prove that the program is crash-free, always accesses memory within safe bounds, and avoids leaking kernel data.
BPF programming is not easy. One, even modest-sized BPF programs are deemed too large to analyze and rejected by the kernel checker. Two, the kernel checker may incorrectly determine that a BPF program exhibits unsafe behaviors. Three, even small performance optimizations to BPF code (e.g., 5% gains) must be meticulously hand-crafted by expert developers. Traditional optimizing compilers for BPF are often inadequate since the kernel checker's safety constraints are incompatible with rule-based optimizations.
We present K2, a program-synthesis-based compiler that automatically optimizes BPF bytecode with formal correctness and safety guarantees. K2 produces code with 6--26% reduced size, 1.36%--55.03% lower average packet-processing latency, and 0--4.75% higher throughput (packets per second per core) relative to the best clang-compiled program, across benchmarks drawn from Cilium, Facebook, and the Linux kernel. K2 incorporates several domain-specific techniques to make synthesis practical by accelerating equivalence-checking of BPF programs by 6 orders of magnitude.

Supplementary Material

foster-public-review (484-public-review.pdf)
Synthesizing Safe and Efficient Kernel Extensions for Packet Processing: Public Review
k2-appendices (k2-appendices.pdf)
Supporting material that have not been peer-reviewed
MP4 File (video-presentation.mp4)
Conference Presentation Video

References

[1]
1999. RFC 2544: Benchmarking Methodology for Network Interconnect Devices. [Online. Retrieved Jan 27, 2021.] https://tools.ietf.org/html/rfc2544.
[2]
2014. BPF kernel interpreter. [Online. Retrieved Jan 21, 2021.] https://github.com/torvalds/linux/blob/master/kernel/bpf/core.c\#L1356.
[3]
2016. Some notes on verifier complexity. [Online. Retrieved Jul 12, 2021.] https://github.com/cilium/cilium/commit/ff7c6767180a9923fb1c0646945f29709da6fb6e.
[4]
2017a. BPF instruction set. [Online, Retrieved Jan 20, 2021.] https://github.com/iovisor/bpf-docs/blob/master/eBPF.md.
[5]
2017b. Linux BPF verifier selftests. [Online. Retrieved Jan 21, 2021.] https://github.com/torvalds/linux/tree/master/tools/testing/selftests/bpf/verifier.
[6]
2017c. The Linux kernel BPF static checker. [Online. Retrieved Jan 20, 2021.] https://github.com/torvalds/linux/blob/master/kernel/bpf/verifier.c.
[7]
2017. TRex traffic generator. [Online. Retrieved Jan 27, 2021.] https://trex-tgn.cisco.com/trex/doc/trex_manual.html.
[8]
2017. Verifier restriction on stack accesses being aligned. [Online. Retrieved Jan 23, 2021.] https://github.com/torvalds/linux/blob/v4.18/kernel/bpf/verifier.c\#L1515.
[9]
2017. Verifier restriction on stores into PTRTOCTX pointers. [Online. Retrieved Jan 23, 2021.] https://github.com/torvalds/linux/blob/v4.18/kernel/bpf/verifier.c\#L4888.
[10]
2018. Document navigating BPF verifier complexity. [Online. Retrieved Jul 12, 2021.] https://github.com/cilium/cilium/issues/5130.
[11]
2018. Facebook XDP load balancer benchmark. [Online, Retrieved Jun 15, 2021.] https://github.com/facebookincubator/katran/blob/master/katran/lib/bpf/balancer_kern.c.
[12]
2018. Facebook XDP packet counter benchmark. [Online, Retrieved Jun 15, 2021.] https://github.com/facebookincubator/katran/blob/6f86aa82c5b3422313e0a63d195b35e7e2f7539a/katran/lib/bpf/xdp_pktcntr.c\#L52-L53.
[13]
2019. BPF: Increase complexity limit and maximum program size. [Online. Retrieved Jul 12, 2021.] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c04c0d2b968ac45d6ef020316808ef6c82325a82.
[14]
2019. [DebugInfo] Support to emit debugInfo for extern variables. [Online. Retrieved Jan 20, 2021.] https://github.com/llvm/llvm-project-staging/commit/d77ae1552fc21a9f3877f3ed7e13d631f517c825.
[15]
2019. Mellanox BlueField SmartNIC for Ethernet. [Online. Retrieved Jan 20, 2021.] https://www.mellanox.com/sites/default/files/related-docs/prod_adapter_cards/PB_BlueField_Smart_NIC.pdf.
[16]
2020a. BPF: add a SimplifyCFG IR pass during generic Scalar/IPO optimization. [Online. Retrieved Jan 20, 2021.] https://github.com/llvm/llvm-project-staging/commit/87cba434027bf6ad370629f5b924ebd4543ddabc.
[17]
2020b. [BPF] disable ReduceLoadWidth during SelectionDag phase. [Online. Retrieved Jan 20, 2021.] https://github.com/llvm/llvm-project-staging/commit/d96c1bbaa03574daf759e5e9a6c75047c5e3af64.
[18]
2020c. [BPF] fix a bug in BPFMISimplifyPatchable pass with -O0. [Online. Retrieved Jan 20, 2021.] https://github.com/llvm/llvm-project-staging/commit/795bbb366266e83d2bea8dc04c19919b52ab3a2a.
[19]
2020d. [BPF] simplify zero extension with MOV3264. [Online. Retrieved Jan 20, 2021.] https://github.com/llvm/llvm-project-staging/commit/13f6c81c5d9a7a34a684363bcaad8eb7c65356fd.
[20]
2020. BPF Type Format (BTF). [Online. Retrieved Jan 20, 2021.] https://www.kernel.org/doc/html/latest/bpf/btf.html.
[21]
2020. Calico's eBPF dataplane. [Online, Retrieved Jan 20, 2021.] https://docs.projectcalico.org/about/about-ebpf.
[22]
2020. Fungible F-1 Data Processing Unit. [Online. Retrieved Jan 20, 2021.] https://www.fungible.com/wp-content/uploads/2020/08/PB0028.01.02020820-Fungible-F1-Data-Processing-Unit.pdf.
[23]
2020. Kube-proxy replacement at the XDP layer. [Online. Retrieved Jan 20, 2021.] https://cilium.io/blog/2020/06/22/cilium-18\#kubeproxy-removal.
[24]
2020. Marvell Octeon TX-2 product brief. [Online. Retrieved Jan 20, 2021.] https://www.marvell.com/content/dam/marvell/en/public-collateral/embedded-processors/marvell-infrastructure-processors-octeon-tx2-cn913x-product-brief-2020-02.pdf.
[25]
2020. Nvidia Mellanox BlueField 2. [Online, Retrived Jan 20, 2021.] https://www.mellanox.com/files/doc-2020/pb-bluefield-2-dpu.pdf.
[26]
2021a. BPF archive on lore.kernel.org. [Online. Retrieved Jun 09, 2021.] https://lore.kernel.org/bpf/.
[27]
2021b. BPF design Q & A. [Online. Retrieved Jan 20, 2021.] https://www.kernel.org/doc/html/v5.6/bpf/bpf_design_QA.html.
[28]
2021. BPF size issue in bpflxc's IPv6 egress path. [Online. Retrieved Jan 20, 2021.] https://cilium.slack.com/archives/CDKG8NNHK/p1605601543139700.
[29]
2021a. Cilium complexity issues. [Online. Retrieved Jul 1, 2021.] https://github.com/cilium/cilium/issues?q=is%3Aissue+is%3Aopen+label%3Akind%2Fcomplexity-issue.
[30]
2021b. Complexity issue on 5.10+ with kubeProxyReplacement=disabled. [Online. Retrieved Jul 12, 2021.] https://github.com/cilium/cilium/issues/14726.
[31]
2021c. Complexity issue on 5.4+ using kubeProxyReplacement=disabled + IPSec. [Online. Retrieved Jul 12, 2021.] https://github.com/cilium/cilium/issues/14784.
[32]
2021d. Complexity Issue with cilium v1.9.5 when enable-endpoint-routes=true. [Online. Retrieved Jul 12, 2021.] https://github.com/cilium/cilium/issues/16144.
[33]
2021e. Complexity issue with socket-level LB disabled on Linux 5.10 and Cilium 1.8.7. [Online. Retrieved Jul 12, 2021.] https://github.com/cilium/cilium/issues/15249.
[34]
2021c. Did you know? BPF program size limit. [Online. Retrieved Jul 12, 2021.] https://ebpf.io/blog/ebpf-updates-2021-02\#did-you-know-program-size-limit.
[35]
2021d. System-call check for BPF non-privileged program types. [Online. Retrieved Jul 12, 2021.] https://elixir.bootlin.com/linux/v5.13/source/kernel/bpf/syscall.c\#L2115.
[36]
2021f. v1.9: CI: K8sVerifier Runs the kernel verifier against Cilium's BPF datapath on 5.4 . [Online. Retrieved Jul 12, 2021.] https://github.com/cilium/cilium/issues/16050.
[37]
David Ahern. 2020. The CPU cost of networking on a host. [Online. Retrieved Jan 25, 2021.] https://people.kernel.org/dsahern/the-cpu-cost-of-networking-on-a-host.
[38]
Rajeev Alur, Rishabh Singh, Dana Fisman, and Armando Solar-Lezama. 2018. Search-based program synthesis. Commun. ACM 61, 12 (2018), 84--93.
[39]
Andrew W Appel. 2004. Modern compiler implementation in C. Cambridge university press.
[40]
Sorav Bansal and Alex Aiken. 2006. Automatic generation of peephole superoptimizers. In ASPLOS.
[41]
Sorav Bansal and Alex Aiken. 2008. Binary translation using peephole superoptimizers. In Proceedings of the 8th USENIX conference on Operating systems design and implementation. USENIX Association, 177--192.
[42]
Sylvain Baubeau. 2020. File integrity monitoring using eBPF. [Online. Retrieved Jan 23, 2021.] https://www.devseccon.com/file-integrity-monitoring-using-ebpf-secadvent-day-19/.
[43]
Ryan Beckett, Ratul Mahajan, Todd Millstein, Jitendra Padhye, and David Walker. 2016. Don't Mind the Gap: Bridging Network-Wide Objectives and Device-Level Configurations. In Proceedings of the 2016 ACM SIGCOMM Conference (Florianopolis, Brazil) (SIGCOMM '16). Association for Computing Machinery, New York, NY, USA, 328--341.
[44]
Ryan Beckett, Ratul Mahajan, Todd Millstein, Jitendra Padhye, and David Walker. 2017. Network Configuration Synthesis with Abstract Topologies. SIGPLAN Not. 52, 6 (June 2017), 437--451. 0362-1340
[45]
Adam Belay, George Prekas, Ana Klimovic, Samuel Grossman, Christos Kozyrakis, and Edouard Bugnion. 2014. IX: A Protected Dataplane Operating System for High Throughput and Low Latency. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14).
[46]
Armin Biere, Alessandro Cimatti, Edmund Clarke, and Yunshan Zhu. 1999. Symbolic model checking without BDDs. In International conference on tools and algorithms for the construction and analysis of systems. Springer, 193--207.
[47]
Bjorn Topel et al. 2018. AFXDP. [Online, Retrieved Jan 20, 2021.] https://www.kernel.org/doc/html/latest/networking/af_xdp.html.
[48]
Nikolaj Bjørner, Arie Gurfinkel, Ken McMillan, and Andrey Rybalchenko. 2015. Horn Clause Solvers for Program Verification. Springer International Publishing, Cham, 24--51.
[49]
Daniel Borkmann and Martynas Pumputis. 2020. K8s Service Load Balancing with BPF & XDP. [Online. Retrieved Jan 23, 2021.] https://linuxplumbersconf.org/event/7/contributions/674/attachments/568/1002/plumbers_2020_cilium_load_balancer.pdf.
[50]
James Bornholt and Emina Torlak. 2018. Finding code that explodes under symbolic evaluation. Proceedings of the ACM on Programming Languages 2, OOPSLA (2018), 1--26.
[51]
Aaron R Bradley and Zohar Manna. 2007. The calculus of computation: decision procedures with applications to verification. Springer Science & Business Media.
[52]
Marco Spaziani Brunella, Giacomo Belocchi, Marco Bonola, Salvatore Pontarelli, Giuseppe Siracusano, Giuseppe Bianchi, Aniello Cammarano, Alessandro Palumbo, Luca Petrucci, and Roberto Bifulco. 2020. hXDP: Efficient Software Packet Processing on FPGA NICs. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20). USENIX Association, 973--990. https://www.usenix.org/conference/osdi20/presentation/brunella
[53]
Chonggang Li, Craig Gallek, Eddie Hao, Kevin Athey, Maciej Żenczykowski, Vlad Dumitrescu, Willem de Bruijn, Xiaotian Pei. 2018. Scaling in the Linux Networking Stack. [Online, Retrieved Jan 20, 2021.] https://www.kernel.org/doc/html/v5.8/networking/scaling.html.
[54]
Chonggang Li, Craig Gallek, Eddie Hao,Kevin Athey, Maciej Żenczykowski,Vlad Dumitrescu, Willem de Bruijn,Xiaotian Pei. 2018. Scaling Linux Traffic Shaping with BPF. [Online. Retrieved Jan 25, 2021.] http://vger.kernel.org/lpc_bpf2018_talks/lpc-bpf-2018-shaping.pdf.
[55]
Berkeley Churchill, Rahul Sharma, JF Bastien, and Alex Aiken. 2017. Sound loop superoptimization for google native client. ACM SIGPLAN Notices 52, 4 (2017), 313--326.
[56]
Cilium. 2017. Kubernetes Without kube-proxy. [Online, Retrieved Jan 20, 2021.] https://docs.cilium.io/en/v1.9/gettingstarted/kubeproxy-free/.
[57]
Lori A. Clarke. 1976. A system to generate test data and symbolically execute programs. IEEE Transactions on software engineering 3 (1976), 215--222.
[58]
Jonathan Corbet. 2002. TCP segmentation offloading (TSO). [Online, Retrieved Jan 20, 2021.] https://lwn.net/Articles/9129/.
[59]
Jonathan Corbet. 2014. BPF: the universal in-kernel virtual machine. [Online, Retrieved Jan 20, 2021.] https://lwn.net/Articles/599755/.
[60]
Jonathan Corbet. 2019a. Compiling to BPF with gcc. [Online. Retrieved Jan 23, 2021.] https://lwn.net/Articles/800606/.
[61]
Jonathan Corbet. 2019b. Concurrency management in BPF. [Online, Retrieved Jun 19, 2021.] https://lwn.net/Articles/779120/.
[62]
Jonathan Corbet. 2021. Calling kernel functions from BPF. [Online, Retrieved Jun 19, 2021.] https://lwn.net/Articles/856005/.
[63]
Ron Cytron, Jeanne Ferrante, Barry K Rosen, Mark N Wegman, and F Kenneth Zadeck. 1991. Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems (TOPLAS) 13, 4 (1991), 451--490.
[64]
Michael Dalton, David Schultz, Jacob Adriaens, Ahsan Arefin, Anshuman Gupta, Brian Fahs, Dima Rubinstein, Enrique Cauich Zermeno, Erik Rubow, James Alexander Docauer, et al. 2018. Andromeda: Performance, isolation, and velocity at scale in cloud network virtualization. In 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18). 373--387.
[65]
Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337--340.
[66]
Dmitry Duplyakin, Robert Ricci, Aleksander Maricq, Gary Wong, Jonathon Duerig, Eric Eide, Leigh Stoller, Mike Hibler, David Johnson, Kirk Webb, Aditya Akella, Kuangching Wang, Glenn Ricart, Larry Landweber, Chip Elliott, Michael Zink, Emmanuel Cecchet, Snigdhaswin Kar, and Prabodh Mishra. 2019. The Design and Operation of CloudLab. In Proceedings of the USENIX Annual Technical Conference (ATC). 1--14. https://www.flux.utah.edu/paper/duplyakin-atc19
[67]
Jake Edge. 2020. BPF in GCC. [Online. Retrieved Jan 23, 2021.] https://lwn.net/Articles/831402/.
[68]
Ahmed El-Hassany, Petar Tsankov, Laurent Vanbever, and Martin Vechev. 2017. Network-Wide Configuration Synthesis. In Computer Aided Verification, Rupak Majumdar and Viktor Kunčak (Eds.). Springer International Publishing, Cham, 261--281.
[69]
Ahmed El-Hassany, Petar Tsankov, Laurent Vanbever, and Martin Vechev. 2018. NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion. In 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18). USENIX Association, Renton, WA, 579--594. https://www.usenix.org/conference/nsdi18/presentation/el-hassany
[70]
Eric Leblond. 2016. Suricata bypass feature. [Online, Retrieved Jan 20, 2021.] https://www.stamus-networks.com/blog/2016/09/28/suricata-bypass-feature.
[71]
Arthur Fabre. 2018. L4Drop: XDP DDoS Mitigations. [Online, Retrieved Jan 20, 2021.] https://blog.cloudflare.com/l4drop-xdp-ebpf-based-ddos-mitigations/.
[72]
Alireza Farshin. 2019. Realizing Low-Latency Internet Services via Low-Level Optimization of NFV Service Chains. Ph.D. Dissertation. KTH, Stockholm.
[73]
Ethan Fetaya. 2016. Stochastic Optimization with MCMC. [Online, Retrieved Jan 17, 2021.] http://www.wisdom.weizmann.ac.il/ ethanf/MCMC/stochastic%20optimization.pdf.
[74]
Daniel Firestone, Andrew Putnam, Sambhrama Mundkur, Derek Chiou, Alireza Dabagh, Mike Andrewartha, Hari Angepat, Vivek Bhanu, Adrian Caulfield, Eric Chung, Harish Kumar Chandrappa, Somesh Chaturmohta, Matt Humphrey, Jack Lavier, Norman Lam, Fengfen Liu, Kalin Ovtcharov, Jitu Padhye, Gautham Popuri, Shachar Raindel, Tejas Sapre, Mark Shaw, Gabriel Silva, Madhan Sivakumar, Nisheeth Srivastava, Anshuman Verma, Qasim Zuhair, Deepak Bansal, Doug Burger, Kushagra Vaid, David A. Maltz, and Albert Greenberg. 2018. Azure Accelerated Networking: SmartNICs in the Public Cloud. In USENIX Symposium on Networked Systems Design and Implementation (NSDI 18).
[75]
Xiangyu Gao, Taegyun Kim, Michael D Wong, Divya Raghunathan, Aatish Kishan Varma, Pravein Govindan Kannan, Anirudh Sivaraman, Srinivas Narayana, and Aarti Gupta. 2020. Switch code generation using program synthesis. In Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication. 44--61.
[76]
Gavin Stark and Sakin Sezer. 2020. A 22nm High-Performance Flow Processor for 200Gb/s Software Defined Networking. [Online, Retrieved July 1, 2021.] https://old.hotchips.org/wp-content/uploads/hc_archives/hc25/HC25.60-Networking-epub/HC25.27.620-22nm-Flow-Proc-Stark-Netronome.pdf.
[77]
Elazar Gershuni, Nadav Amit, Arie Gurfinkel, Nina Narodytska, Jorge A Navas, Noam Rinetzky, Leonid Ryzhyk, and Mooly Sagiv. 2019. Simple and precise static analysis of untrusted linux kernel extensions. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation. 1069--1084.
[78]
WR Gilks, S Richardson, and DJ Spiegelhalter. 1996. Markov Chain Monte Carlo in Practice. Chapman & Hall, London.
[79]
Brendan Gregg. 2019a. BPF: a new type of software. [Online, Retrieved Jan 19, 2020.] http://www.brendangregg.com/blog/2019-12-02/bpf-a-new-type-of-software.html.
[80]
Brendan Gregg. 2019b. BPF Performance Analysis at Netflix. [Online, Retrieved Jan 19, 2020.] https://www.slideshare.net/brendangregg/reinvent-2019-bpf-performance-analysis-at-netflix.
[81]
gro 2009. Generic Receive Offload (GRO). [Online, Retrieved Nov 15, 2018.] https://lwn.net/Articles/358910/.
[82]
Sumit Gulwani, Susmit Jha, Ashish Tiwari, and Ramarathnam Venkatesan. 2011. Synthesis of loop-free programs. ACM SIGPLAN Notices 46, 6 (2011), 62--73.
[83]
Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern, and David Miller. 2018. The EXpress Data Path: Fast Programmable Packet Processing in the Operating System Kernel. In Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies (Heraklion, Greece) (CoNEXT '18). Association for Computing Machinery, New York, NY, USA, 54--66.
[84]
Kangjing Huang, Xiaokang Qiu, Peiyuan Shen, and Yanjun Wang. 2020. Reconciling Enumerative and Deductive Program Synthesis. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation (London, UK) (PLDI 2020). Association for Computing Machinery, New York, NY, USA, 1159--1174.
[85]
Kangjing Huang, Xiaokang Qiu, and Yanjun Wang. 2017. DRYADSYNTH: A Concolic SyGuS Solver. (2017).
[86]
Ingo Molnar and Max Krasnyansky. 2021. SMP IRQ affinity. [Online. Retrieved Jan 27, 2021.] https://www.kernel.org/doc/html/latest/core-api/irq/irq-affinity.html.
[87]
Intel. 2010. Data Plane Development Kit (DPDK). [Online, Retrieved Nov 15, 2018.] https://www.dpdk.org/.
[88]
Jay Schulist, Daniel Borkmann, Alexei Starovoitov. [n.d.]. Linux Socket Filtering aka Berkeley Packet Filter (BPF). [Online, Retrieved Oct 29, 2020.] https://www.kernel.org/doc/Documentation/networking/filter.txt.
[89]
Susmit Jha, Sumit Gulwani, Sanjit A Seshia, and Ashish Tiwari. 2010. Oracle-guided component-based program synthesis. In 2010 ACM/IEEE 32nd International Conference on Software Engineering, Vol. 1. IEEE, 215--224.
[90]
Johar, Gobind and Marupadi, Varun. 2020. New GKE Dataplane V2 increases security and visibility for containers. [Online, Retrieved Jan 20, 2021.] https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine.
[91]
Jonathan Corbet. 2018. Accelerating networking with AFXDP. [Online. Retrieved Jan 20, 2021.] https://lwn.net/Articles/750845/.
[92]
Jonathan Corbet. 2020. Kernel operations structures in BPF. [Online, Retrieved Jan 20, 2021.] https://lwn.net/Articles/811631/.
[93]
Zachary H. Jones. 2021. Performance Analysis of XDP Programs. USENIX Association.
[94]
Rajeev Joshi, Greg Nelson, and Keith Randall. 2002. Denali: a goal-directed superoptimizer. ACM SIGPLAN Notices 37, 5 (2002), 304--314.
[95]
Michael Kerrisk. 2021a. BPF classifier and actions in tc. [Online, Retrieved Jan 20, 2021.] https://www.man7.org/linux/man-pages/man8/tc-bpf.8.html.
[96]
Michael Kerrisk. 2021b. BPF-helpers: a list of eBPF helper functions. [Online, Retrieved Oct 29, 2020.] https://www.man7.org/linux/man-pages/man7/bpf-helpers.7.html.
[97]
Junaid Khalid, Eric Rozner, Wesley Felter, Cong Xu, Karthick Rajamani, Alexandre Ferreira, and Aditya Akella. 2018. Iron: Isolating Network-based {CPU} in Container Environments. In 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 18). 313--328.
[98]
James C King. 1976. Symbolic execution and program testing. Commun. ACM 19, 7 (1976), 385--394.
[99]
Daniel Kroening and Ofer Strichman. 2008. Decision procedures: an algorithmic point of view. Springer.
[100]
John R Levine. 1999. Linkers & loaders. Morgan-Kaufmann.
[101]
Richard Liaw, Romil Bhardwaj, Lisa Dunlap, Yitian Zou, Joseph E Gonzalez, Ion Stoica, and Alexey Tumanov. 2019. Hypersched: Dynamic resource reallocation for model development on a deadline. In Proceedings of the ACM Symposium on Cloud Computing. 61--73.
[102]
Jay P. Lim and Santosh Nagarakatte. 2019. Automatic Equivalence Checking for Assembly Implementations of Cryptography Libraries. In Proceedings of the 17th International Symposium on Code Generation and Optimization. IEEE, 37--49.
[103]
Nuno P Lopes, David Menendez, Santosh Nagarakatte, and John Regehr. 2015. Provably correct peephole optimizations with alive. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation. 22--32.
[104]
Greg Marsden. 2019. BPF: A Tour of Program Types. [Online, Retrieved Oct 29, 2020.] https://blogs.oracle.com/linux/notes-on-bpf-1.
[105]
Michael Marty, Marc de Kruijf, Jacob Adriaens, Christopher Alfeld, Sean Bauer, Carlo Contavalli, Michael Dalton, Nandita Dukkipati, William C Evans, Steve Gribble, et al. 2019. Snap: a microkernel approach to host networking. In Proceedings of the 27th ACM Symposium on Operating Systems Principles. 399--413.
[106]
Henry Massalin. 1987. Superoptimizer: a look at the smallest program. ACM SIGARCH Computer Architecture News 15, 5 (1987), 122--126.
[107]
Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In USENIX winter, Vol. 46.
[108]
W. M. McKeeman. 1965. Peephole Optimization. Commun. ACM 8, 7 (July 1965), 443--444. 0001-0782
[109]
David Menendez and Santosh Nagarakatte. 2017. Alive-infer: Data-driven precondition inference for peephole optimizations in llvm. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. 49--63.
[110]
Sebastiano Miano, Alireza Sanaee, Fulvio Risso, Gábor Rétvári, and Gianni Antichi. 2021. Dynamic Recompilation of Software Network Services with Morpheus. [arxiv]2106.08833 [cs.NI]
[111]
Anders Møller and Michael I. Schwartzbach. 2018. Static Program Analysis. Department of Computer Science, Aarhus University, http://cs.au.dk/̃amoeller/spa/.
[112]
Greg Morrisett, Gang Tan, Joseph Tassarotti, Jean-Baptiste Tristan, and Edward Gan. 2012. RockSalt: better, faster, stronger SFI for the x86. In Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation. 395--404.
[113]
Manasij Mukherjee, Pranav Kant, Zhengyang Liu, and John Regehr. 2020. Dataflow-based Pruning for Speeding up Superoptimization. In ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications.
[114]
Andrii Nakryiko. 2020. BPF Portability and CO-RE. [Online. Retrieved Jan 20, 2021.] https://facebookmicrosites.github.io/bpf/blog/2020/02/19/bpf-portability-and-co-re.html.
[115]
Luke Nelson, James Bornholt, Ronghui Gu, Andrew Baumann, Emina Torlak, and Xi Wang. 2019. Scaling symbolic evaluation for automated verification of systems code with Serval. In Proceedings of the 27th ACM Symposium on Operating Systems Principles. 225--242.
[116]
Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang. 2020. Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel. In Usenix Operating Systems Design and Implementation (OSDI).
[117]
Simon Peter, Jialin Li, Irene Zhang, Dan R. K. Ports, Doug Woos, Arvind Krishnamurthy, Thomas Anderson, and Timothy Roscoe. 2014. Arrakis: The Operating System is the Control Plane. In USENIX Symposium on Operating Systems Design and Implementation (OSDI 14).
[118]
Phitchaya Mangpo Phothilimthana, Aditya Thakur, Rastislav Bodik, and Dinakar Dhurjati. 2016. Scaling up superoptimization. In Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems. 297--310.
[119]
Benjamin C Pierce, Chris Casinghino, Marco Gaboardi, Michael Greenberg, Cătălin Hriţcu, Vilhelm Sjöberg, and Brent Yorgey. 2010. Software foundations. [Online, Retrieved Oct 29, 2020.] http://www.cis.upenn.edu/bcpierce/sf/current/index.html.
[120]
Sorawee Porncharoenwase, James Bornholt, and Emina Torlak. 2020. Fixing Code that Explodes Under Symbolic Evaluation. In International Conference on Verification, Model Checking, and Abstract Interpretation. Springer, 44--67.
[121]
Qiongwen Xu, Michael D. Wong, Tanvi Wagle, Srinivas Narayana, Anirudh Sivaraman. 2021. The K2 compiler. [Online, Retrieved Jun 30, 2021.] https://k2.cs.rutgers.edu.
[122]
Quentin Monnet. 2020. Optimizing BPF: Smaller Programs for Greater Performance. [Online. Retrieved Jan 20, 2021.] https://www.netronome.com/blog/optimizing-bpf-smaller-programs-greater-performance/.
[123]
Luigi Rizzo. 2012. netmap: A Novel Framework for Fast Packet I/O. In 2012 USENIX Annual Technical Conference (USENIX ATC 12).
[124]
Hugo Sadok, Zhipeng Zhao, Valerie Choung, Nirav Atre, Daniel S Berger, James C Hoe, Aurojit Panda, and Justine Sherry. 2021. We need kernel interposition over the network dataplane. In Proceedings of the Workshop on Hot Topics in Operating Systems. 152--158.
[125]
Shambwaditya Saha, Santhosh Prabhu, and P Madhusudan. 2015. NetGen: Synthesizing data-plane configurations for network policies. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research. 1--6.
[126]
Jamal Hadi Salim, Robert Olsson, and Alexey Kuznetsov. 2001. Beyond Softnet. In Annual Linux Showcase & Conference, Vol. 5. 18--18.
[127]
Raimondas Sasnauskas, Yang Chen, Peter Collingbourne, Jeroen Ketema, Jubi Taneja, and John Regehr. 2017. Souper: A Synthesizing Superoptimizer. CoRR abs/1711.04422 (2017). [arxiv]1711.04422 http://arxiv.org/abs/1711.04422
[128]
Eric Schkufza, Rahul Sharma, and Alex Aiken. 2013. Stochastic superoptimization. ACM SIGARCH Computer Architecture News 41, 1 (2013), 305--316.
[129]
Rahul Sharma, Eric Schkufza, Berkeley Churchill, and Alex Aiken. 2013. Data-driven equivalence checking. In Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications. 391--406.
[130]
Rahul Sharma, Eric Schkufza, Berkeley Churchill, and Alex Aiken. 2015. Conditionally correct superoptimization. ACM SIGPLAN Notices 50, 10 (2015), 147--162.
[131]
Nikita V. Shirokov. 2018. XDP: 1.5 years in production. Evolution and lessons learned. http://vger.kernel.org/lpc_net2018_talks/LPC_XDP_Shirokov_v2.pdf. In Linux Plumbers Conference.
[132]
Armando Solar-Lezama, Rodric Rabbah, Rastislav Bodík, and Kemal Ebcioğlu. 2005. Programming by sketching for bit-streaming programs. In Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation. 281--294.
[133]
Armando Solar-Lezama, Liviu Tancau, Rastislav Bodik, Sanjit Seshia, and Vijay Saraswat. 2006. Combinatorial sketching for finite programs. In Proceedings of the 12th international conference on Architectural support for programming languages and operating systems. 404--415.
[134]
Kausik Subramanian, Loris D'Antoni, and Aditya Akella. 2017. Genesis: Synthesizing forwarding tables in multi-tenant networks. In Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages. 572--585.
[135]
Kausik Subramanian, Loris D'Antoni, and Aditya Akella. 2018. Synthesis of Fault-Tolerant Distributed Router Configurations. Proc. ACM Meas. Anal. Comput. Syst. 2, 1, Article 22 (April 2018), 26 pages.
[136]
Ross Tate, Michael Stepp, Zachary Tatlock, and Sorin Lerner. 2009. Equality saturation: a new approach to optimization. In Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages. 264--276.
[137]
Emina Torlak and Rastislav Bodik. 2013. Growing solver-aided languages with Rosette. In Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software. 135--152.
[138]
Jacob Van Geffen, Luke Nelson, Isil Dillig, Xi Wang, and Emina Torlak. 2020. Synthesizing JIT Compilers for In-Kernel DSLs. In International Conference on Computer Aided Verification. Springer, 564--586.
[139]
Xi Wang, David Lazar, Nickolai Zeldovich, Adam Chlipala, and Zachary Tatlock. 2014. Jitk: A trustworthy in-kernel interpreter infrastructure. In 11th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI} 14). 33--47.
[140]
Yichen Yang, Phitchaya Mangpo Phothilimtha, Yisu Remy Wang, Max Willsey, Sudip Roy, and Jacques Pienaar. 2021. Equality Saturation for Tensor Graph Superoptimization. [arxiv]2101.01332 [cs.AI]

Cited By

View all
  • (2024)iKern: Advanced Intrusion Detection and Prevention at the Kernel Level Using eBPFTechnologies10.3390/technologies1208012212:8(122)Online publication date: 30-Jul-2024
  • (2024)PRSafe: A Domain Specific Language Created with LLVMJournal of Information Processing10.2197/ipsjjip.32.20732(207-222)Online publication date: 2024
  • (2024)Incremental Specialization of Network ProgramsProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696870(264-272)Online publication date: 18-Nov-2024
  • Show More Cited By

Index Terms

  1. Synthesizing safe and efficient kernel extensions for packet processing

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SIGCOMM '21: Proceedings of the 2021 ACM SIGCOMM 2021 Conference
    August 2021
    868 pages
    ISBN:9781450383837
    DOI:10.1145/3452296
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 09 August 2021

    Permissions

    Request permissions for this article.

    Check for updates

    Badges

    Author Tags

    1. BPF
    2. endpoint packet processing
    3. stochastic optimization
    4. synthesis

    Qualifiers

    • Research-article

    Funding Sources

    • NSF

    Conference

    SIGCOMM '21
    Sponsor:
    SIGCOMM '21: ACM SIGCOMM 2021 Conference
    August 23 - 27, 2021
    Virtual Event, USA

    Acceptance Rates

    Overall Acceptance Rate 462 of 3,389 submissions, 14%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)138
    • Downloads (Last 6 weeks)13
    Reflects downloads up to 13 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)iKern: Advanced Intrusion Detection and Prevention at the Kernel Level Using eBPFTechnologies10.3390/technologies1208012212:8(122)Online publication date: 30-Jul-2024
    • (2024)PRSafe: A Domain Specific Language Created with LLVMJournal of Information Processing10.2197/ipsjjip.32.20732(207-222)Online publication date: 2024
    • (2024)Incremental Specialization of Network ProgramsProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696870(264-272)Online publication date: 18-Nov-2024
    • (2024)Merlin: Multi-tier Optimization of eBPF Code for Performance and CompactnessProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651387(639-653)Online publication date: 27-Apr-2024
    • (2024)Defeating Data Plane Attacks With Program ObfuscationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.327793921:3(1317-1330)Online publication date: May-2024
    • (2024)eBPF: Pioneering Kernel Programmability and System Observability - Past, Present, and Future Insights2024 3rd International Conference on Artificial Intelligence and Computer Information Technology (AICIT)10.1109/AICIT62434.2024.10730620(1-10)Online publication date: 20-Sep-2024
    • (2024)Fixing Latent Unsound Abstract Operators in the eBPF Verifier of the Linux KernelStatic Analysis10.1007/978-3-031-74776-2_15(386-406)Online publication date: 20-Oct-2024
    • (2023)LiteFlow: Toward High-Performance Adaptive Neural Networks for Kernel DatapathIEEE/ACM Transactions on Networking10.1109/TNET.2023.329315232:1(627-642)Online publication date: 17-Jul-2023
    • (2022)Extended Berkeley Packet Filter: An Application PerspectiveIEEE Access10.1109/ACCESS.2022.322626910(126370-126393)Online publication date: 2022

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media