Synthesizing Safe and Efficient Kernel Extensions for Packet Processing
Qiongwen Xu, Michael D. Wong, Tanvi Wagle, Srinivas Narayana, Anirudh, Sivaraman
TL;DR
This paper introduces K2, a program-synthesis-based compiler that automatically optimizes BPF bytecode for packet processing, ensuring safety and correctness while improving size, latency, and throughput.
Contribution
K2 is the first compiler to automatically optimize BPF bytecode with formal safety guarantees, outperforming traditional compilers in size and performance.
Findings
K2 reduces BPF program size by 6-26%.
K2 lowers packet-processing latency by 1.36%-55.03%.
K2 increases throughput by up to 4.75%.
Abstract
Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at specific hooks in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux uses an in-kernel static checker. The checker allows a program to execute only if it can prove that the program is crash-free, always accesses memory within safe bounds, and avoids leaking kernel data. BPF programming is not easy. One, even modest-sized BPF programs are deemed too large to analyze and rejected by the kernel checker. Two, the kernel checker may incorrectly determine that a BPF program exhibits unsafe behaviors. Three, even small performance optimizations to BPF code (e.g., 5% gains) must be…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Packet Processing and Optimization · Parallel Computing and Optimization Techniques · Software Testing and Debugging Techniques