TY - GEN
T1 - Synthesizing safe and efficient kernel extensions for packet processing
AU - Xu, Qiongwen
AU - Wong, Michael D.
AU - Wagle, Tanvi
AU - Narayana, Srinivas
AU - Sivaraman, Anirudh
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/8/9
Y1 - 2021/8/9
N2 - Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at specific hooks in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux uses an in-kernel static checker. The checker allows a program to execute only if it can prove that the program is crash-free, always accesses memory within safe bounds, and avoids leaking kernel data. BPF programming is not easy. One, even modest-sized BPF programs are deemed too large to analyze and rejected by the kernel checker. Two, the kernel checker may incorrectly determine that a BPF program exhibits unsafe behaviors. Three, even small performance optimizations to BPF code (e.g., 5% gains) must be meticulously hand-crafted by expert developers. Traditional optimizing compilers for BPF are often inadequate since the kernel checker's safety constraints are incompatible with rule-based optimizations. We present K2, a program-synthesis-based compiler that automatically optimizes BPF bytecode with formal correctness and safety guarantees. K2 produces code with 6 - 26% reduced size, 1.36% - 55.03% lower average packet-processing latency, and 0 - 4.75% higher throughput (packets per second per core) relative to the best clang-compiled program, across benchmarks drawn from Cilium, Facebook, and the Linux kernel. K2 incorporates several domain-specific techniques to make synthesis practical by accelerating equivalence-checking of BPF programs by 6 orders of magnitude.
AB - Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at specific hooks in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux uses an in-kernel static checker. The checker allows a program to execute only if it can prove that the program is crash-free, always accesses memory within safe bounds, and avoids leaking kernel data. BPF programming is not easy. One, even modest-sized BPF programs are deemed too large to analyze and rejected by the kernel checker. Two, the kernel checker may incorrectly determine that a BPF program exhibits unsafe behaviors. Three, even small performance optimizations to BPF code (e.g., 5% gains) must be meticulously hand-crafted by expert developers. Traditional optimizing compilers for BPF are often inadequate since the kernel checker's safety constraints are incompatible with rule-based optimizations. We present K2, a program-synthesis-based compiler that automatically optimizes BPF bytecode with formal correctness and safety guarantees. K2 produces code with 6 - 26% reduced size, 1.36% - 55.03% lower average packet-processing latency, and 0 - 4.75% higher throughput (packets per second per core) relative to the best clang-compiled program, across benchmarks drawn from Cilium, Facebook, and the Linux kernel. K2 incorporates several domain-specific techniques to make synthesis practical by accelerating equivalence-checking of BPF programs by 6 orders of magnitude.
KW - BPF
KW - endpoint packet processing
KW - stochastic optimization
KW - synthesis
UR - http://www.scopus.com/inward/record.url?scp=85113203595&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85113203595&partnerID=8YFLogxK
U2 - 10.1145/3452296.3472929
DO - 10.1145/3452296.3472929
M3 - Conference contribution
AN - SCOPUS:85113203595
T3 - SIGCOMM 2021 - Proceedings of the ACM SIGCOMM 2021 Conference
SP - 50
EP - 64
BT - SIGCOMM 2021 - Proceedings of the ACM SIGCOMM 2021 Conference
PB - Association for Computing Machinery, Inc
T2 - 2021 Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, SIGCOMM 2021
Y2 - 23 August 2021 through 27 August 2021
ER -