CN116594603A - P4 language-oriented compiling time flow table verification system and method - Google Patents
P4 language-oriented compiling time flow table verification system and method Download PDFInfo
- Publication number
- CN116594603A CN116594603A CN202310878461.8A CN202310878461A CN116594603A CN 116594603 A CN116594603 A CN 116594603A CN 202310878461 A CN202310878461 A CN 202310878461A CN 116594603 A CN116594603 A CN 116594603A
- Authority
- CN
- China
- Prior art keywords
- verification
- flow table
- extractor
- rule
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 title claims abstract description 137
- 238000000034 method Methods 0.000 title claims abstract description 55
- 230000009471 action Effects 0.000 claims abstract description 70
- 230000008569 process Effects 0.000 claims description 31
- 238000000605 extraction Methods 0.000 claims description 20
- 230000006870 function Effects 0.000 claims description 13
- 238000010200 validation analysis Methods 0.000 claims description 11
- 239000000284 extract Substances 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- 238000013461 design Methods 0.000 claims description 4
- 230000000875 corresponding effect Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000009191 jumping Effects 0.000 description 5
- 238000005457 optimization Methods 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 239000000306 component Substances 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- VLYWMPOKSSWJAL-UHFFFAOYSA-N sulfamethoxypyridazine Chemical compound N1=NC(OC)=CC=C1NS(=O)(=O)C1=CC=C(N)C=C1 VLYWMPOKSSWJAL-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
- G06F8/37—Compiler construction; Parser generation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The application provides a P4 language-oriented compiling time flow table verification system and a verification method, wherein the system comprises the following steps: a flow table extractor, a rule extractor, a logic table verifier, an action verifier and a matching field verifier; the stream table extractor is used for traversing the stream table on the programmable data plane device and converting the stream table into a P4run time protocol format file; the rule extractor is used for extracting the logic table, the action and the verification rule of the matching field in the logic table from the P4 source program which is being compiled; the logic table verifier is used for verifying the logic table in the flow table file according to the verification rule extracted by the rule extractor; the action verifier is used for verifying actions in the flow table file according to the verification rules extracted by the rule extractor; the matching field verifier is used for verifying the matching fields in the flow table file according to the verification rules extracted by the rule extractor. The application can verify the flow table on the platform according to the compiled P4 source program, and improves the reliability and stability of the whole network.
Description
Technical Field
The application relates to the field of computer networks, in particular to a P4 language-oriented compiling time flow table verification system and a P4 language-oriented compiling time flow table verification method.
Background
Existing P4 compiler structures are typically composed of a front-end, a middle-end, and a back-end for processing the P4 source program and generating object code for a particular hardware architecture. In this process, the front end is responsible for lexical analysis, syntax analysis, and semantic analysis of the P4 source program, generating intermediate code containing syntax trees. The intermediate and back-ends in combination use intermediate code to process to generate object code suitable for a particular hardware platform.
However, prior to compiling the P4 program, the programmable data plane device typically caches or receives some of the flow table information issued by the control plane. If these flow table information do not match the P4 program, then the following problems occur when the P4 compiler generated object code is run on the programmable data plane device:
(1) Waste of resources: cache resources on the device will be wasted because flow table information is stored that does not match the P4 program and may not be used.
(2) Unreasonable routing planning: if the flow table is not matched with the P4 program, the device may perform route planning according to incorrect flow table information, so that network traffic cannot be forwarded as expected, and network blocking and even paralysis may be caused.
Disclosure of Invention
Aiming at the defects of the prior art, the application provides a P4 language-oriented compiling time flow table verification system and a P4 language-oriented compiling time flow table verification method, so as to achieve the aim of improving the reliability and the stability of a network. This system incorporates a corresponding validation mechanism between the middle and back-ends of the P4 compiler to ensure that the generated object code matches the flow table information on the device. Specifically, the system performs the following operations in the compilation process:
(1) Extracting flow table information: information related to the flow table, such as the table ID, matching fields, actions, etc., is extracted from the P4 program.
(2) Comparing with a device flow table: and comparing the extracted flow table information with the flow table on the equipment, and checking whether a matched flow table exists.
(3) Detecting conflicts and mismatches: and detecting conflict and mismatch according to the comparison result. If information is found that conflicts or mismatches with the flow table on the device, the system may issue a warning or error prompt.
(4) Error handling and repair: if a conflict or mismatch is found, corresponding error handling and repair measures are taken. For example, the user is prompted to update a flow table on the device or adjust the P4 program to resolve the conflict.
By introducing the compiling time flow table verification system of the application, the condition that the flow table is not matched with the P4 program can be detected and processed in time in the compiling stage, thereby reducing the resource waste, avoiding unreasonable route planning and improving the reliability and the performance of the network.
The aim of the application is achieved by the following technical scheme:
a P4 language-oriented compiling time flow table verification system comprises a flow table extractor, a rule extractor, a logic table verifier, an action verifier and a matching field verifier;
the flow table extractor is used for traversing the flow table on the programmable data plane equipment and converting the flow table into a P4run time protocol format file;
the rule extractor is used for extracting a logic table, an action and verification rules of matching fields in the logic table from the P4 source program being compiled;
the logic table verifier is used for verifying the logic table in the flow table file according to the verification rule extracted by the rule extractor;
the action validator is used for validating actions in the flow table file according to the validation rules extracted by the rule extractor;
the matching field verifier is used for verifying matching fields in the flow table file according to the verification rules extracted by the rule extractor.
Further, the flow table extractor is configured to extract, through the P4run time interface and related system components, the flow table in the cache on the programmable data plane device and the flow table being received, store the flow table as a flow table file to be verified, and stop receiving the flow table issued by the control plane until the compiling process ends.
Furthermore, the rule extractor is further configured to extract the logic table and information of related actions and matching fields in the table from the P4 source program being compiled, and store the logic table and the information of related actions and matching fields in the table into the memory through different programming language design data structures for fast reading into the subsequent processing module.
Further, the logic table verifier is configured to verify the logic table information in the flow table file generated by the flow table extractor according to verification rules provided by a data structure generated in the memory by several different programming languages extracted by the rule extractor.
Further, the action validator is configured to validate action information in the flow table file generated by the flow table extractor according to validation rules provided by data structures generated in the memory by several different programming languages extracted by the rule extractor.
Further, the matching field verifier is configured to verify matching field information in the flow table file generated by the flow table extractor according to verification rules provided by a data structure generated in the memory by several different programming languages extracted by the rule extractor.
Further, the system is used as a verification end and is inserted between the middle end and the back end of the compiler tool, and the middle end optimized and converted middle representation information is subjected to flow table verification.
Further, when traversing the intermediate representation information in the JSON format, the rule extractor performs depth-first traversal in a recursive or iterative mode, accesses and operates different parts of the intermediate representation information by analyzing keys and values of the JSON object, extracts information of tables, actions and matching fields as verification rules, and stores the information in a corresponding data structure.
Further, by constructing the function, the parameter options attached to the compiling command and the references of the intermediate representation information objects processed by the middle end are received, and the member function is provided for verifying the information of the logic table.
A compiling time flow table verification method facing to P4 language is realized based on the compiling time flow table verification system facing to P4 language;
the method comprises the following steps:
traversing a flow table on the programmable data plane device through the flow table extractor, and converting the flow table into a P4run time protocol format file; if the extraction is empty or the conversion fails, prompting related error information, and exiting the verification process; if the extraction is successful, starting a rule extraction flow;
extracting a logic table, an action and verification rules of matching fields in the logic table from the P4 source program through the rule extractor; if the extraction is empty or fails, prompting related error information, and exiting the verification process; if the extraction is successful, starting a logic table verification flow;
verifying the logic table in the flow table file according to the verification rule provided by the rule extractor by the logic table verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, starting an action verification flow;
verifying the actions in the flow table file according to the verification rules provided by the rule extractor by the action verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, a matching field verification flow is started;
verifying the matching field in the flow table file according to the verification rule provided by the rule extractor by the matching field verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, the subsequent compiling flow is entered.
Compared with the prior art, the application has the following beneficial effects:
the P4 language-oriented compiling time flow table verification system designs a plurality of verifiers, verifies the flow table on the programmable data plane device in sequence according to the compiled P4 source program, judges a plurality of verification results, improves the resource utilization rate of the platform, and further improves the reliability and stability of the whole network.
Drawings
When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
Fig. 1 is a schematic diagram of a P4 language-oriented compile-time flow table verification system according to an embodiment of the present application.
Fig. 2 is a schematic diagram of a P4-language-oriented compile-time flow table verification system inserted into a P4 compiler architecture according to an embodiment of the present application.
Fig. 3 is a schematic diagram of a logic table verification process performed by the logic table verifier according to an embodiment of the present application.
Fig. 4 is a flow chart illustrating the operation verification performed by the operation verifier according to an embodiment of the present application.
Fig. 5 is a flowchart illustrating a matching field verifier according to an embodiment of the present application.
Fig. 6 is a flowchart of a P4 language-oriented verification method for a compile-time flow table according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
Next, a description will be given of a compiling time flow table verification process disclosed in the embodiment of the present application, as shown in fig. 1, a compiling time flow table verification system for a P4 language includes: a flow table extractor 11, a rule extractor 12, a logic table validator 13, an action validator 14, and a match field validator 15.
The flow table extractor 11 is configured to convert from traversing flow tables on the data plane device into a P4run time protocol format file;
the rule extractor 12 is configured to extract a logic table, an action, and a verification rule of a matching field in the logic table from the P4 source program;
the logic table verifier 13 is configured to verify a logic table in the flow table file according to the verification rule provided by the rule extractor;
the action validator 14 is configured to validate actions in the flow table file according to validation rules provided by the rule extractor;
the matching field verifier 15 is configured to verify matching fields in the flow table file according to the verification rule provided by the rule extractor.
Preferably, the P4 compiler tool P4C based on an open source is used as the compiling software of the compiling time flow table verification system facing to the P4 language. P4C divides the compiling process into three phases of front end, middle end and back end:
the front end (front) is responsible for parsing and analyzing the P4 source code, building a syntax tree, performing type checking and semantic verification, and converting the P4 source code into intermediate representation (Intermediate Representation, IR) information for subsequent processing;
the middle end (midd) is responsible for performing optimization and conversion of IR information, performing various optimization techniques such as constant folding, redundant code elimination, and dead code deletion to improve the performance and efficiency of the P4 program;
the backend (back-end) is responsible for converting the optimized IR information into code or configuration files for the target platform, generating code specific to the target platform, such as microcode or configuration files for the switch of the data plane processor (Data Plane Processors). The compile-time flow table verification system (i.e. verification end) of the present application is added between the middle end and the back end in P4C, as shown in fig. 2.
Specifically, the following code is placed between the compile-time middle end (mid end) and the back end (back end):
VerifyEnd verifyEnd(options, midEnd);
try {
auto ret=verifyEnd.verifyTable(toplevel);
if(!ret) return 1;
} catch (const std::exception &bug) {
std::cerr <<bug.what() << std::endl;
return 1;
}
if (::errorCount() > 0)
return 1;
the implementation process of each part of the P4 language-oriented compile-time flow table verification system is described in detail below.
1. Flow table extractor
In this embodiment, the flow table extractor 11 is configured to traverse the flow table on the data plane device, convert the flow table into a P4run time protocol format file, and if the extraction is null or the conversion fails, prompt related error information, and exit the verification process; if the extraction is successful, starting a rule extraction flow;
preferably, the P4run time protocol format is selected as the save format of each flow table, specifically as follows:
{
"type": "INSERT",
"entity": {
"tableEntry": {
"tableId": 22222222,
"match": [ {
"fieldId": 1,
"ternary": { "value": "MzMAAAAA", "mask": "//8AAAAA" }
} ],
"action": {
"action": {
"actionId": 16841371,
"params": [ { "paramId": 1, "value": "AP8=" } ]
}
},
"priority": 11
}
}
}
according to the flow table format, different programming languages are used to design data structures for storing the data of the flow table in the memory.
2. Rule extractor
In this embodiment, the rule extractor 12 is configured to extract a logic table, an action, and a verification rule of a matching field in the logic table from the P4 source program; if the extraction is empty or fails, prompting related error information, and exiting the verification process; if the extraction is successful, a logic table verification process is started.
Preferably, p4info.txt is chosen as the file format of the validation rule extracted from the P4 program. The P4info. Txt acts on information describing tables (tables) and other objects defined in the P4 program, which is one of the files automatically generated by the P4 compiler when compiling the P4 program. In P4 programming, a table is the core component that defines the packet processing logic, defines how packets match specific fields, and takes corresponding actions. The p4info. Txt file provides detailed information about these tables and other objects related thereto as follows:
(1) Table (tables) information: it lists the names, attributes and properties of all tables defined in the P4 program. This includes keys (actions), operations (actions), default actions (default actions), etc. of the table.
(2) Action (actions) information: it describes the names, parameters and semantics of all actions defined in the P4 program. Actions define operations that are performed under certain matching conditions, such as modifying packet headers, calculating and updating field values, and the like.
(3) Field (fields) information: it lists the name, type and location information of all fields used in the P4 program. A field is a specific part of a data packet that is used for matching and manipulation.
(4) Control plane API (Control Plane API) information: it provides information about the control plane API that interacts with the P4 program. This includes API functions, parameters, return values, etc. that interact with tables, actions, and fields.
From the P4info. Txt file, the details of all tables and related objects defined in the P4 program can be known. This is very helpful for developing, debugging and managing the P4 program, as it provides a clear overview and reference for proper interaction between the control plane and the data plane.
Preferably, according to the above p4info format, data structures are designed using different programming languages, and information in the p4info format is stored in the memory as a verification rule.
Preferably, when traversing the IR information in JSON format, the rule extractor of the compile-time flow table verification system (verify-end) uses a recursive or iterative manner to perform depth-first traversal, accesses and operates different parts of the IR information by parsing keys and values of JSON objects, extracts information of tables, actions, fields, and the like as verification rules, and stores the information in corresponding data structures in the memory.
Preferably, the compile-time flow table verification system receives parameter options attached to the compile command and references to the IR information objects processed by the middleend by constructing the function and provides information for verifying the logical table by the member function.
3. Logic table verifier
In the embodiment of the present application, the logic table validator 13 is configured to validate the logic table in the flow table file according to the validation rule provided by the rule extractor; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, starting an action verification flow; the specific scheme is that the rule extractor extracts logic table information from the P4 source program and stores the logic table information in the memory as a data structure of a logic table list, and the flow table extractor extracts the flow table information through the P4run interface and stores the flow table information in the memory as a data structure of a flow table list; then, traversing the flow table list, accessing each flow table, extracting the logical table id, calling a pool find_table (int 32 table_id) method in the logical table list, if yes, continuing, otherwise, reporting errors, and exiting the compiling flow, as shown in fig. 3.
Preferentially, two global variable table_lists are declared for storing a list of iterative P4 tables; list of P4 table entries obtained by the entry_list through the P4 runtimeeapi.
Traversing each entry in the entry_list, performing the following:
(1) Obtaining the ID of the table from the current entry and assigning the ID to a variable table_id;
(2) Invoking a find_table (table_id) function and returning an execution result;
if the return value is True, jumping out of the loop;
if the return value is False, then the next iteration is continued.
Traversing each table in the table_list, performing the following operations:
checking whether the ID of the current table is equal to the incoming table_id;
if so, returning True, which indicates that a matching table is found;
if not, continuing the next iteration;
if no matching table is found after the traversal is completed, return False, indicating no matching table is found.
4. Action validator
In an embodiment of the present application, the action validator 14 validates actions in the flow table file according to validation rules provided by the rule extractor 12; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, a matching field verification flow is started; the specific scheme is that the rule extractor extracts action information from the P4 source program and stores the action information as a data structure of an action list in the memory, and the flow table extractor extracts flow table information through the P4run interface and stores the flow table information as a data structure of a flow table list in the memory; then, traversing the flow table list to access each flow table, extracting an action id, calling a boul find_action (int 32 action_id) method in the action list, if yes, continuing, otherwise, reporting errors, and exiting the compiling flow; traversing the flow table list, accessing each flow table, extracting a param id, calling a botfine_param (int 32 param_id) method in the action list, and continuing if the botfine_param exists; otherwise, reporting errors, and exiting the compiling process; traversing the flow table list, accessing each flow table, extracting a param value, calling a pool compare_param_value (int 32 param_value) method in the action list, if yes, continuing, otherwise, reporting errors and exiting the compiling flow; as shown in fig. 4.
The action validator uses three global variables, action_list, to store a list of iterative P4 actions; the param_list is used for storing a list of iterative P4 parameters; list of P4 table entries obtained by the entry_list through the P4 runtimeeapi.
Traversing each entry in the entry_list, performing the following:
acquiring the ID of the action from the current item, and assigning the ID to a variable action_id;
calling a find_action (action_id) function, and returning an execution result;
if the return value is True, jumping out of the loop;
if the return value is False, continuing the next iteration;
each entry in the entry_list is traversed again, the following is performed:
acquiring the ID of the parameter from the current item, and assigning the ID to the variable param_id;
calling find_parameter (parameter_id) function, and returning the execution result;
if the return value is True, jumping out of the loop;
if the return value is False, then the next iteration is continued.
Each entry in the entry_list is traversed again, the following is performed:
acquiring the value of the parameter from the current item, and assigning the value to the variable param_value;
calling a compare_parameter_value (param_value) function, and returning an execution result;
if the return value is True, jumping out of the loop;
if the return value is False, then the next iteration is continued.
Traversing each action in the action_list, performing the following operations:
checking whether the ID of the current action is equal to the incoming action_id;
if the two types are equal, returning True, which indicates that the matched action is found;
if not, continuing the next iteration;
if no matching action is found after the traversal is finished, returning to False to indicate that no matching action is found;
traversing each parameter in the param_list, performing the following operations:
checking whether the ID of the current parameter is equal to the incoming param_id;
if the parameters are equal, returning True, which means that the matched parameters are found;
if not, the next iteration is continued.
If no matching parameters are found after the traversal is completed, return False, indicating that no matching parameters are found.
Traversing each parameter in the param_list, performing the following operations:
checking whether the value of the current parameter is equal to the incoming param_value;
if the values are equal, returning True to indicate that the parameter values are matched;
if not, the next iteration is continued.
If no matching parameter value is found after the traversal is finished, return False, indicating that the parameter values do not match.
5. Matching field verifier
In the embodiment of the present application, the matching field verifier 15 verifies the matching field in the flow table file according to the verification rule extracted by the rule extractor; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, a matching field verification flow is started; the specific scheme is that the rule extractor extracts matching field information from the P4 source program and stores the matching field information as a data structure of a matching field list in the memory, and the flow table extractor extracts flow table information through the P4run interface and stores the flow table information as a data structure of a flow table list in the memory; then, traversing the flow table list to access each flow table, extracting a matching field id and a type, calling a box find_match (int 32 filtered_id, int32 match_type) method in the matching field list, if yes, continuing, otherwise, reporting errors and exiting the compiling flow; as shown in fig. 5. Using two global variables, match_list is used to store a list of iterative P4 match fields; list of P4 table entries obtained by the entry_list through the P4 runtimeeapi.
Traversing each entry in the entry_list, performing the following:
acquiring the ID of a field from the current item and assigning the ID to a variable field_id;
obtaining a matching type from the current item, and assigning the matching type to a variable match_type;
call find_match (field_id, match_type) function, and return execution result;
if the return value is True, jumping out of the loop;
if the return value is False, then the next iteration is continued.
Traversing each matching field in the match_list, performing the following:
checking whether the ID of the current matching field is equal to the incoming field_id and the matching type is equal to the incoming match_type;
if so, returning True to indicate that the matched field is found;
if the two iterations do not match, continuing the next iteration;
if no matching field is found after the traversal is completed, return False, indicating no matching field is found.
The match_field_verify function is used to verify whether the matching field in the P4 table entry in the entry_list has a corresponding matching field in the match_list; match_field_verify looks up the matching field by calling the find_match function; if a matching field is found, true is returned, indicating that the verification passed. If no matching field is found, return False, indicating verification failure.
As shown in fig. 6, the embodiment of the present application further provides a P4-language-oriented compile-time flow table verification method, where the method is implemented based on the P4-language-oriented compile-time flow table verification system; the method comprises the following steps:
traversing a flow table on the programmable data plane device through the flow table extractor, and converting the flow table into a P4run time protocol format file; if the extraction is empty or the conversion fails, prompting related error information, and exiting the verification process; if the extraction is successful, starting a rule extraction flow;
extracting a logic table, an action and verification rules of matching fields in the logic table from the P4 source program through the rule extractor; if the extraction is empty or fails, prompting related error information, and exiting the verification process; if the extraction is successful, starting a logic table verification flow;
verifying the logic table in the flow table file according to the verification rule provided by the rule extractor by the logic table verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, starting an action verification flow;
verifying the actions in the flow table file according to the verification rules provided by the rule extractor by the action verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, a matching field verification flow is started;
verifying the matching field in the flow table file according to the verification rule provided by the rule extractor by the matching field verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, the subsequent compiling flow is entered.
The above describes in detail a method and a system for verifying a P4-oriented compile-time flow table, and specific examples are applied in the present application to illustrate the principles and embodiments of the present application, where the above description of the examples is only for helping to understand the method and core ideas of the present application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
It should be noted that, in each embodiment, the differences from the other embodiments are emphasized, and the same similar parts between the embodiments are referred to each other. For the apparatus class embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference is made to the description of the method embodiments for relevant points.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
Claims (10)
1. The P4 language-oriented compiling time flow table verification system is characterized by comprising a flow table extractor, a rule extractor, a logic table verifier, an action verifier and a matching field verifier;
the flow table extractor is used for traversing the flow table on the programmable data plane equipment and converting the flow table into a P4run time protocol format file;
the rule extractor is used for extracting a logic table, an action and verification rules of matching fields in the logic table from the P4 source program being compiled;
the logic table verifier is used for verifying the logic table in the flow table file according to the verification rule extracted by the rule extractor;
the action validator is used for validating actions in the flow table file according to the validation rules extracted by the rule extractor;
the matching field verifier is used for verifying matching fields in the flow table file according to the verification rules extracted by the rule extractor.
2. The P4 language oriented compile time flow table verification system of claim 1 wherein said flow table extractor is configured to extract flow tables in the cache on the programmable data plane device and receiving flow tables through the P4run interface and related system components, save the flow tables as flow table files to be verified, and stop receiving flow tables issued by the control plane until the compilation process ends.
3. The P4 language oriented compile time flow table verification system of claim 1 wherein said rule extractor is further configured to extract logic tables and information of related actions and matching fields in the tables from the P4 source program being compiled, and to design data structures through different programming languages, to store in memory for fast reading into subsequent processing modules.
4. The P4 language oriented compile time flow table verification system of claim 1, wherein said logic table verifier is configured to verify logic table information in a flow table file generated by said flow table extractor according to verification rules provided by data structures generated in memory by several different programming languages extracted by said rule extractor.
5. The P4 language oriented compile time flow table verification system of claim 1, wherein said action validator is configured to validate action information in a flow table file generated by said flow table extractor according to validation rules provided by data structures generated in memory by several different programming languages extracted by said rule extractor.
6. The P4 language oriented compile time flow table verification system of claim 1, wherein said match field verifier is configured to verify match field information in a flow table file generated by said flow table extractor according to verification rules provided by data structures generated in memory by several different programming languages extracted by said rule extractor.
7. The P4 language oriented compile time flow table verification system of claim 1, wherein the system is inserted between the middle and back ends of the compiler tool as a verification end to perform flow table verification on the middle optimized and converted intermediate representation information.
8. The P4 language oriented compile time flow table validation system according to claim 7, wherein the rule extractor uses recursive or iterative means to perform depth first traversal when traversing the intermediate representation information in JSON format, accesses and manipulates different parts of the intermediate representation information by parsing keys and values of JSON objects, extracts information of tables, actions, matching fields as validation rules, and saves in the corresponding data structure.
9. The P4 language oriented compile time flow table verification system of claim 1, wherein the constructors are configured to receive parameter options attached to the compile command and references to intermediate representation information objects processed by the intermediate representation information objects and to provide member functions for verifying the logical table information.
10. The P4 language-oriented compiling time flow table verification method is characterized by being realized based on the P4 language-oriented compiling time flow table verification system in any one of claims 1-6;
the method comprises the following steps:
traversing a flow table on the programmable data plane device through the flow table extractor, and converting the flow table into a P4run time protocol format file; if the extraction is empty or the conversion fails, prompting related error information, and exiting the verification process; if the extraction is successful, starting a rule extraction flow;
extracting a logic table, an action and verification rules of matching fields in the logic table from the P4 source program through the rule extractor; if the extraction is empty or fails, prompting related error information, and exiting the verification process; if the extraction is successful, starting a logic table verification flow;
verifying the logic table in the flow table file according to the verification rule provided by the rule extractor by the logic table verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, starting an action verification flow;
verifying the actions in the flow table file according to the verification rules provided by the rule extractor by the action verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, a matching field verification flow is started;
verifying the matching field in the flow table file according to the verification rule provided by the rule extractor by the matching field verifier; if the verification fails, prompting related error information, and exiting the verification process; if the verification is successful, the subsequent compiling flow is entered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310878461.8A CN116594603B (en) | 2023-07-18 | 2023-07-18 | P4 language-oriented compiling time flow table verification system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310878461.8A CN116594603B (en) | 2023-07-18 | 2023-07-18 | P4 language-oriented compiling time flow table verification system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116594603A true CN116594603A (en) | 2023-08-15 |
| CN116594603B CN116594603B (en) | 2023-10-10 |
Family
ID=87608460
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310878461.8A Active CN116594603B (en) | 2023-07-18 | 2023-07-18 | P4 language-oriented compiling time flow table verification system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116594603B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116860323A (en) * | 2023-09-05 | 2023-10-10 | 之江实验室 | P4-based compiling and FPGA configuration method |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006079494A (en) * | 2004-09-13 | 2006-03-23 | Renesas Technology Corp | Compiler |
| US20070083853A1 (en) * | 2005-09-27 | 2007-04-12 | Bea Systems, Inc. | System and method for declarative validation rule editor |
| US20120137277A1 (en) * | 2010-11-29 | 2012-05-31 | Microsoft Corporation | Verification of a dataflow representation of a program through static type-checking |
| US20140351801A1 (en) * | 2013-05-27 | 2014-11-27 | Electronics And Telecommunications Research Institute | Formal verification apparatus and method for software-defined networking |
| US20140372986A1 (en) * | 2013-06-14 | 2014-12-18 | Microsoft Corporation | Timed API Rules for Runtime Verification |
| US20190108045A1 (en) * | 2017-10-11 | 2019-04-11 | Barefoot Networks, Inc. | Data plane program verification |
| US20190140983A1 (en) * | 2017-11-09 | 2019-05-09 | Nicira, Inc. | Extensible virtual switch datapath |
| CN110958157A (en) * | 2019-11-18 | 2020-04-03 | 清华大学 | Network testing method, system, storage medium and electronic equipment |
| CN111224934A (en) * | 2019-10-31 | 2020-06-02 | 浙江工商大学 | Service path verification method for mimicry configuration in mimicry defense |
| CN116015796A (en) * | 2022-12-14 | 2023-04-25 | 北京百度网讯科技有限公司 | Flow table updating method and device, firewall equipment and storage medium |
-
2023
- 2023-07-18 CN CN202310878461.8A patent/CN116594603B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006079494A (en) * | 2004-09-13 | 2006-03-23 | Renesas Technology Corp | Compiler |
| US20070083853A1 (en) * | 2005-09-27 | 2007-04-12 | Bea Systems, Inc. | System and method for declarative validation rule editor |
| US20120137277A1 (en) * | 2010-11-29 | 2012-05-31 | Microsoft Corporation | Verification of a dataflow representation of a program through static type-checking |
| US20140351801A1 (en) * | 2013-05-27 | 2014-11-27 | Electronics And Telecommunications Research Institute | Formal verification apparatus and method for software-defined networking |
| US20140372986A1 (en) * | 2013-06-14 | 2014-12-18 | Microsoft Corporation | Timed API Rules for Runtime Verification |
| US20190108045A1 (en) * | 2017-10-11 | 2019-04-11 | Barefoot Networks, Inc. | Data plane program verification |
| US20190140983A1 (en) * | 2017-11-09 | 2019-05-09 | Nicira, Inc. | Extensible virtual switch datapath |
| CN111224934A (en) * | 2019-10-31 | 2020-06-02 | 浙江工商大学 | Service path verification method for mimicry configuration in mimicry defense |
| CN110958157A (en) * | 2019-11-18 | 2020-04-03 | 清华大学 | Network testing method, system, storage medium and electronic equipment |
| CN116015796A (en) * | 2022-12-14 | 2023-04-25 | 北京百度网讯科技有限公司 | Flow table updating method and device, firewall equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| SURIYA KODESWARAN等: ""Tracking P4 Program Execution in the Data Plane"", 《SOSR \'20: PROCEEDINGS OF THE SYMPOSIUM ON SDN RESEARCH》 * |
| 凌致远等: ""基于匹配动作表模型的可编程数据平面流表归并"", 《计算机与现代化》, vol. 2022, no. 07 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116860323A (en) * | 2023-09-05 | 2023-10-10 | 之江实验室 | P4-based compiling and FPGA configuration method |
| CN116860323B (en) * | 2023-09-05 | 2023-12-22 | 之江实验室 | P4-based compiling and FPGA configuration method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116594603B (en) | 2023-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6287549B2 (en) | Method and apparatus for porting source code | |
| Nguyen et al. | Automated verification of shape and size properties via separation logic | |
| CN116594603B (en) | P4 language-oriented compiling time flow table verification system and method | |
| US9122540B2 (en) | Transformation of computer programs and eliminating errors | |
| CN111104335B (en) | C language defect detection method and device based on multi-level analysis | |
| CN106469049B (en) | File scanning method and device | |
| CN117009231B (en) | Automatic generation method and device for high-reliability unit test based on conversational large language model | |
| CN111813675A (en) | SSA structure analysis method and device, electronic equipment and storage medium | |
| CN113901083A (en) | Heterogeneous data source operation resource analysis positioning method and equipment based on multiple analyzers | |
| CN111381828A (en) | Method and device for generating syntax tree of code file and electronic equipment | |
| CN111309301A (en) | Program language conversion method, device and conversion equipment | |
| CN114153447B (en) | Automatic AI training code generation method | |
| US8341607B2 (en) | Condensing pattern matcher generation for intermediate language patterns | |
| Küster et al. | Towards explicit behavioral consistency concepts in the UML | |
| Chin et al. | Automated verification of shape, size and bag properties | |
| CN111381826A (en) | Method and device for generating syntax tree of code file and electronic equipment | |
| CN115408700A (en) | Open source component detection method based on binary program modularization | |
| CN114489653A (en) | Compiler-based data processing method, compiler-based data processing device and readable storage medium | |
| Karol | Well-formed and scalable invasive software composition | |
| CN113312880B (en) | Text form conversion method and device and electronic equipment | |
| Palanisamy et al. | Modelica based parser generator with good error handling | |
| CN111381827A (en) | Method and device for generating syntax tree of code file and electronic equipment | |
| Grigorev et al. | String-embedded language support in integrated development environment | |
| Kuleshov et al. | Diktat: Lightweight static analysis for kotlin | |
| CN115913655B (en) | Shell command injection detection method based on flow analysis and semantic analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |