Dependently-Typed Data Plane Programming

TL;DR

This paper introduces $ ext{Pi}4$, a dependently-typed extension of P4 that uses decidable refinements to enable more expressive static verification of network data plane programs, enhancing safety guarantees.

Contribution

It develops $ ext{Pi}4$, a dependently-typed P4 language with a sound type system and SMT-based implementation, bridging the gap between simple type systems and full verification tools.

Findings

$ ext{Pi}4$ can verify complex data plane properties.

The type system is proven sound.

Case studies demonstrate practical applicability.

Abstract

Programming languages like P4 enable specifying the behavior of network data planes in software. However, with increasingly powerful and complex applications running in the network, the risk of faults also increases. Hence, there is growing recognition of the need for methods and tools to statically verify the correctness of P4 code, especially as the language lacks basic safety guarantees. Type systems are a lightweight and compositional way to establish program properties, but there is a significant gap between the kinds of properties that can be proved using simple type systems (e.g., SafeP4) and those that can be obtained using full-blown verification tools (e.g., p4v). In this paper, we close this gap by developing $\Pi$4, a dependently-typed version of P4 based on decidable refinements. We motivate the design of $\Pi$4, prove the soundness of its type system, develop an SMT-based implementation, and present case studies that illustrate its applicability to a variety of data plane programs.