[NetKAT] Support debugging/printing messages in CounterExamples for NetKAT.

netkat/BUILD.bazel

@@ -276,14 +276,34 @@ cc_library(
     hdrs = ["paged_stable_vector.h"],
 )
 
+cc_library(
+    name = "counter_example",
+    srcs = ["counter_example.cc"],
+    hdrs = ["counter_example.h"],
+    deps = [
+        ":evaluator",
+        ":packet_set",
+        ":packet_transformer",
+        "@com_google_absl//absl/algorithm:container",
+        "@com_google_absl//absl/container:flat_hash_set",
+        "@com_google_absl//absl/log:check",
+        "@com_google_absl//absl/status",
+        "@com_google_absl//absl/status:statusor",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
 cc_library(
     name = "analysis_engine",
     srcs = ["analysis_engine.cc"],
     hdrs = ["analysis_engine.h"],
     deps = [
+        ":counter_example",
         ":frontend",
         ":packet_set",
         ":packet_transformer",
+        "@com_google_absl//absl/log:check",
+        "@com_google_absl//absl/status:statusor",
     ],
 )
 
@@ -301,6 +321,26 @@ cc_test(
     ],
 )
 
+# go/golden-test-with-coverage
+cc_test(
+    name = "analysis_engine_counter_example_test_runner",
+    srcs = ["analysis_engine_counter_example_test_runner.cc"],
+    linkstatic = True,
+    deps = [
+        ":analysis_engine",
+        ":counter_example",
+        ":frontend",
+        "@com_google_gutil//gutil:proto",
+    ],
+)
+
+cmd_diff_test(
+    name = "analysis_engine_counter_example_diff_test",
+    actual_cmd = "$(execpath :analysis_engine_counter_example_test_runner)",
+    expected = ":analysis_engine_counter_example_test.expected",
+    tools = [":analysis_engine_counter_example_test_runner"],
+)
+
 cc_library(
     name = "packet_transformer",
     srcs = ["packet_transformer.cc"],

netkat/analysis_engine.cc

@@ -14,6 +14,9 @@
 
 #include "netkat/analysis_engine.h"
 
+#include "absl/log/check.h"
+#include "absl/status/statusor.h"
+#include "netkat/counter_example.h"
 #include "netkat/frontend.h"
 #include "netkat/packet_set.h"
 #include "netkat/packet_transformer.h"
@@ -26,9 +29,21 @@ bool AnalysisEngine::CheckEquivalent(const Predicate& left,
          packet_transformer_manager_.Compile(Filter(right).ToProto());
 }
 
-bool AnalysisEngine::CheckEquivalent(const Policy& left, const Policy& right) {
-  return packet_transformer_manager_.Compile(left.ToProto()) ==
-         packet_transformer_manager_.Compile(right.ToProto());
+SuccessOrCounterExample AnalysisEngine::CheckEquivalent(const Policy& left,
+                                                        const Policy& right) {
+  PacketTransformerHandle left_packet_transformer =
+      packet_transformer_manager_.Compile(left.ToProto());
+  PacketTransformerHandle right_packet_transformer =
+      packet_transformer_manager_.Compile(right.ToProto());
+  if (left_packet_transformer == right_packet_transformer) {
+    return SuccessOrCounterExample();
+  }
+  absl::StatusOr<CounterExample> counter_example =
+      CounterExample::CreateEquivalenceCounterExample(
+          &packet_transformer_manager_, left_packet_transformer,
+          right_packet_transformer);
+  CHECK_OK(counter_example.status());  // Crash OK
+  return SuccessOrCounterExample(*counter_example);
 }
 
 bool AnalysisEngine::ProgramForwardsAnyPacket(const Policy& program,

netkat/analysis_engine.h

@@ -21,6 +21,7 @@
 #ifndef GOOGLE_NETKAT_NETKAT_ANALYSIS_ENGINE_H_
 #define GOOGLE_NETKAT_NETKAT_ANALYSIS_ENGINE_H_
 
+#include "netkat/counter_example.h"
 #include "netkat/frontend.h"
 #include "netkat/packet_transformer.h"
 
@@ -49,7 +50,24 @@ class AnalysisEngine {
   // Checks whether two policies are "equivalent", meaning they have the same
   // packets transformations, meaning Evaluate(left, packet) == Evaluate(right,
   // packet) for all packets.
-  bool CheckEquivalent(const Policy& left, const Policy& right);
+  //
+  // Returns a counter example for the given `left` and `right` policies if the
+  // policies are not equivalent, or `Success` if the policies are
+  // equivalent. The counter example is defined as:
+  // counter example := Pull(left - right, FullSet) or
+  // counter example := Pull(right - left, FullSet).
+  //
+  // Example:
+  //   SuccessOrCounterExample result = CheckEquivalent(l,r);
+  //   if(!result.IsSuccess()) {
+  //     CounterExample counter_example = result->GetCounterExampleOrDie();
+  //     auto input_from_left_diff_right =
+  //            counter_example.GetInputFromLeftDiffRightPolicies();
+  //     ...
+  //   }
+  //
+  SuccessOrCounterExample CheckEquivalent(const Policy& left,
+                                          const Policy& right);
 
   // Returns whether any given packet, represented by the set of packets in
   // `packets`, is forwarded by `program`. A packet is considered "forwaded" if