Synchronization Synthesis for Network Programs

  • Jedidiah McClurgEmail author
  • Hossein Hojjat
  • Pavol Černý
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10427)


In software-defined networking (SDN), a controller program updates the forwarding rules installed on network packet-processing devices in response to events. Such programs are often physically distributed, running on several nodes of the network, and this distributed setting makes programming and debugging especially difficult. Furthermore, bugs in these programs can lead to serious problems such as packet loss and security violations. In this paper, we propose a program synthesis approach that makes it easier to write distributed controller programs. The programmer can specify each sequential process, and add a declarative specification of paths that packets are allowed to take. The synthesizer then inserts enough synchronization among the distributed controller processes such that the declarative specification will be satisfied by all packets traversing the network. Our key technical contribution is a counterexample-guided synthesis algorithm that furnishes network controller processes with the synchronization constructs required to prevent any races causing specification violations. Our programming model is based on Petri nets, and generalizes several models from the networking literature. Importantly, our programs can be implemented in a way that prevents races between updates to individual switches and in-flight packets. To our knowledge, this is the first counterexample-guided technique that automatically adds synchronization constructs to Petri-net-based programs. We demonstrate that our prototype implementation can fix realistic concurrency bugs described previously in the literature, and that our tool can readily scale to network topologies with 1000+ nodes.



We would like to thank Nate Foster and P. Madhusudan for fruitful discussions. This research was supported in part by the NSF under award CCF 1421752, and by DARPA under agreement FA8750-14-2-0263.


  1. 1.
    Anderson, C.J., Foster, N., Guha, A., Jeannin, J.-B., Kozen, D., Schlesinger, C., Walker, D.: NetKAT: semantic foundations for networks. In: POPL (2014)Google Scholar
  2. 2.
    Arashloo, M.T., Koral, Y., Greenberg, M., Rexford, J., Walker, D.: SNAP: stateful network-wide abstractions for packet processing. In: SIGCOMM (2016)Google Scholar
  3. 3.
    Badouel, E., Bernardinello, L., Darondeau, P.: The synthesis problem for elementary net systems is NP-complete. Theor. Comput. Sci. 186(1–2), 107–134 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Basile, F., Chiacchio, P., Coppola, J.: Model repair of time petri nets with temporal anomalies. In: IFAC (2015)Google Scholar
  5. 5.
    Bergenthum, R., Desel, J., Lorenz, R., Mauser, S.: Synthesis of petri nets from finite partial languages. Fundam. Inform. 88(4), 437–468 (2008)MathSciNetzbMATHGoogle Scholar
  6. 6.
    Bianchi, G., Bonola, M., Capone, A., Cascone, C.: Open-State: programming platform-independent stateful openflow applications inside the switch. In: ACM SIGCOMM CCR (2014)Google Scholar
  7. 7.
    Bloem, R., Hofferek, G., Könighofer, B., Könighofer, R., Ausserlechner, S., Spork, R.: Synthesis of synchronization using uninterpreted functions. In: FMCAD. IEEE (2014)Google Scholar
  8. 8.
    Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., et al.: P4: programming protocol-independent packet processors. In: ACM SIG- COMM CCR (2014)Google Scholar
  9. 9.
    Canini, M., Kuznetsov, P., Levin, D., Schmid, S.: Software transactional networking: concurrent and consistent policy composition. In: HotSDN (2013)Google Scholar
  10. 10.
    Černý, P., Henzinger, T.A., Radhakrishna, A., Ryzhyk, L., Tarrach, T.: Efficient synthesis for concurrency by semantics-preserving transformations. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 951–967. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39799-8_68 CrossRefGoogle Scholar
  11. 11.
    Cortadella, J., Kishinevsky, M., Lavagno, L., Yakovlev, A.: Synthesizing petri nets from state-based models. In: ICCAD (1995)Google Scholar
  12. 12.
    Desel, J., Reisig, W.: The synthesis problem of petri nets. Acta Inf. 33(4), 297–315 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Dixit, A.A., Hao, F., Mukherjee, S., Lakshman, T.V., Kompella, R.: ElastiCon: an elastic distributed SDN controller. In: ANCS (2014)Google Scholar
  14. 14.
    Dumas, M., García-Bañuelos, L.: Process mining reloaded: event structures as a unified representation of process models and event logs. In: Devillers, R., Valmari, A. (eds.) PETRI NETS 2015. LNCS, vol. 9115, pp. 33–48. Springer, Cham (2015). doi: 10.1007/978-3-319-19488-2_2 CrossRefGoogle Scholar
  15. 15.
    Ehrenfeucht, A., Rozenberg, G.: Partial (Set) 2-structures. Part II: state spaces of concurrent systems. Acta Inf. 27(4), 343–368 (1990)CrossRefzbMATHGoogle Scholar
  16. 16.
    El-Hassany, A., Miserez, J., Bielik, P., Vanbever, L., Vechev, M.T.: SDNRacer: concurrency analysis for software-defined networks. In: PLDI (2016)Google Scholar
  17. 17.
    Gulwani, S., Jha, S., Tiwari, A., Venkatesan, R.: Synthesis of loop-free programs. In: PLDI (2011)Google Scholar
  18. 18.
    Hojjat, H., Ruemmer, P., McClurg, J., Cerny, P., Foster, N.: Optimizing horn solvers for network repair. In: FMCAD (2016)Google Scholar
  19. 19.
    Hopkins, R.P.: Distributable nets. In: Rozenberg, G. (ed.) ICATPN 1990. LNCS, vol. 524, pp. 161–187. Springer, Heidelberg (1991). doi: 10.1007/BFb0019974 CrossRefGoogle Scholar
  20. 20.
    Kim, H., Reich, J., Gupta, A., Shahbaz, M., Feamster, N., Clark, R.: Kinetic: verifiable dynamic network control. In: NSDI (2015)Google Scholar
  21. 21.
    Koponen, T., Amidon, K., Balland, P., Casado, M., Chanda, A., Fulton, B., Ganichev, I., Gross, J., Gude, N., Ingram, P., et al.: Network virtualization in multi-tenant datacenters. In: NSDI (2014)Google Scholar
  22. 22.
    Kuperstein, M., Vechev, M.T., Yahav, E.: Automatic inference of memory fences. In: FMCAD (2010)Google Scholar
  23. 23.
    Ludwig, A., Rost, M., Foucard, D., Schmid, S.: Good network updates for bad packets: waypoint enforcement beyond destination-based routing policies. In: HotNets (2014)Google Scholar
  24. 24.
    Martínez-Araiza, U., López-Mellado, E.: CTL model repair for bounded and deadlock free petri nets. In: IFAC (2015)Google Scholar
  25. 25.
    McClurg, J., Hojjat, H., Foster, N., Cerny, P.: Event-driven network programming. In: PLDI (2016)Google Scholar
  26. 26.
    Meshman, Y., Rinetzky, N., Yahav, E.: Pattern-based synthesis of synchronization for the C++ memory model. In: FMCAD (2015)Google Scholar
  27. 27.
    Nelson, T., Ferguson, A.D., Scheer, M.J., Krishnamurthi, S.: Tierless programming and reasoning for software-defined networks. In: NSDI (2014)Google Scholar
  28. 28.
    Padon, O., Immerman, N., Karbyshev, A., Lahav, O., Sagiv, M., Shoham, S.: Decentralizing SDN policies. In: POPL (2015)Google Scholar
  29. 29.
    Peresíni, P., Kuzniar, M., Vasic, N., Canini, M., Kostic, D.: OF.CPP: consistent packet processing for openflow. In: HotSDN (2013)Google Scholar
  30. 30.
    Ponce-de-León, H., Rodríguez, C., Carmona, J., Heljanko, K., Haar, S.: Unfolding-based process discovery. In: Finkbeiner, B., Pu, G., Zhang, L. (eds.) ATVA 2015. LNCS, vol. 9364, pp. 31–47. Springer, Cham (2015). doi: 10.1007/978-3-319-24953-7_4 CrossRefGoogle Scholar
  31. 31.
    Saha, S., Prabhu, S., Madhusudan, P.: NetGen: synthesizing data-plane configurations for network policies. In: SOSR (2015)Google Scholar
  32. 32.
    Scott, C., Wundsam, A., Raghavan, B., Panda, A., Or, A., Lai, J., Huang, E., Liu, Z., El-Hassany, A., Whitlock, S., Acharya, H.B., Zarifis, K., Shenker, S.: Troubleshooting blackbox SDN control software with minimal causal sequences. In: SIGCOMM (2014)Google Scholar
  33. 33.
    Solar-Lezama, A., Jones, C.G., Bodík, R.: Sketching concurrent data structures. In: PLDI (2008)Google Scholar
  34. 34.
    Vechev, M., Yahav, E., Yorsh, G.: Abstraction-guided synthesis of synchronization. In: POPL (2010)Google Scholar
  35. 35.
    Winskel, G.: Event structures. In: Brauer, W., Reisig, W., Rozenberg, G. (eds.) ACPN 1986. LNCS, vol. 255, pp. 325–392. Springer, Heidelberg (1987). doi: 10.1007/3-540-17906-2_31 CrossRefGoogle Scholar
  36. 36.
    Yuan, Y., Lin, D., Alur, R., Loo, B.T.: Scenario-based programming for SDN Policies. In: CoNEXT (2015)Google Scholar
  37. 37.
    Zhou, W., Jin, D., Croft, J., Caesar, M., Godfrey, P.B.: Enforcing generalized consistency properties in software-defined networks. In: NSDI (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Jedidiah McClurg
    • 1
    Email author
  • Hossein Hojjat
    • 2
  • Pavol Černý
    • 1
  1. 1.University of Colorado BoulderBoulderUSA
  2. 2.Rochester Institute of TechnologyRochesterUSA

Personalised recommendations