Qiongwen Xu scite author profile

Qiongwen Xu

2Publications

1Citation Statement Received

160Citation Statements Given

How they've been cited

How they cite others

117

160

Affiliations

Rutgers Sexual and Reproductive Health and Rights

Publications

Order By: Most citations

Synthesizing safe and efficient kernel extensions for packet processing

Wong

Wagle

et al. 2021

View full text Add to dashboard Cite

Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages (like C or Rust) and execute them at specific hooks in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux uses an in-kernel static checker. The checker allows a program to execute only if it can prove that the program is crash-free, always accesses memory within safe bounds, and avoids leaking kernel data.BPF programming is not easy. One, even modest-sized BPF programs are deemed too large to analyze and rejected by the kernel checker. Two, the kernel checker may incorrectly determine that a BPF program exhibits unsafe behaviors. Three, even small performance optimizations to BPF code (e.g., 5% gains) must be meticulously hand-crafted by expert developers. Traditional optimizing compilers for BPF are often inadequate since the kernel checker's safety constraints are incompatible with rule-based optimizations.We present K2, a program-synthesis-based compiler that automatically optimizes BPF bytecode with formal correctness and safety guarantees. K2 produces code with 6-26% reduced size, 1.36%-55.03% lower average packet-processing latency, and 0-4.75% higher throughput (packets per second per core) relative to the best clang-compiled program, across benchmarks drawn from Cilium, Facebook, and the Linux kernel. K2 incorporates several domainspecific techniques to make synthesis practical by accelerating equivalence-checking of BPF programs by 6 orders of magnitude. CCS CONCEPTS• Networks → Programmable networks.

show abstract

Synthesizing Safe and Efficient Kernel Extensions for Packet Processing

Wong

Wagle

et al. 2021

Preprint

View full text Add to dashboard Cite

Extended Berkeley Packet Filter (BPF) has emerged as a powerful method to extend packet-processing functionality in the Linux operating system. BPF allows users to write code in high-level languages like C or Rust and attach them to specific points in the kernel, such as the network device driver. To ensure safe execution of a user-developed BPF program in kernel context, Linux employs an in-kernel static checker, that only accepts the program if it can be shown to be crash-free and isolated from the rest of kernel memory.However, BPF programming is not easy. One, even modestsize BPF programs can be rejected by the kernel checker as they are construed to be too large to analyze. Two, the inkernel static checker may incorrectly determine that an eBPF program exhibits unsafe behaviors. Three, even small performance optimizations to BPF code (e.g., 5% gains) must be meticulously hand-crafted by expert developers. Optimizing compilers for BPF are severely hampered because the kernel checker's safety considerations are incompatible with rule-based optimizations used in traditional compilers.We present K2, a program-synthesis-based compiler that automatically optimizes BPF bytecode with formal correctness and safety guarantees. K2 leverages stochastic search, a formalization of BPF in first-order logic, and several domainspecific techniques to accelerate equivalence checking of BPF programs. K2 produces code with 6-26% reduced size, reduces average latency by 13-85 𝜇s in our setup, and improves the number of packets per second processed per core by 5% relative to clang -O3, across programs drawn from production systems at Cilium and the Linux kernel. BPF programs produced by K2 can pass the kernel checker.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Qiongwen Xu

Synthesizing safe and efficient kernel extensions for packet processing

Synthesizing Safe and Efficient Kernel Extensions for Packet Processing

Contact Info

Product

Resources

About