It was definitely a toy, I transliterated from python bytecode (a stack based vm) into bpf. I also wrote the full code gen stack myself (bpf was simpler back then)
But using llvm and not marrying things to cpython implementation makes this approach way better
varunrmallya 9 hours ago [-]
Thank you! Ours is a toy for now as well, but I think the idea is pretty good, so we'll continue to work on it. (This was actually a hackathon project, so the code is pretty messy and not something I am proud of)
I missed these last year. Finding them now is truly very useful in my work.
indigo945 15 hours ago [-]
The "How it works under the hood" section raises more question than it answers. What is the difference between step 3 and step 4? As described, step 3 goes from LLVM IR to BPF (via llc), and step 4 - goes from LLVM IR to eBPF bytecode? That's nonsensical.
varunrmallya 9 hours ago [-]
I'm the co-author.The code is in a very very bad state right now, but the architecture is pretty ok to explain. In step 3, we translate from the Python frontend to the LLVM IR. In step 4 we compile it down to an object file using the LLVM backend `llc`. This object file gets loaded into the kernel and it is what actually contains the eBPF bytecode.
indigo945 9 hours ago [-]
You may want to edit the blog post, then, because that's not what it says.
So this is a "inline" Python to eBPF transpiler/compiler.
Which is cool!
But the description could be a bit clearer.
pimterry 14 hours ago [-]
Does anybody know if something similar exists for Node.js? I'd love to be able to integrate BPF into some of my Node projects with the same kind of approach.
lloydatkinson 13 hours ago [-]
Please no...
9 hours ago [-]
ranger_danger 3 hours ago [-]
Dear god... why
drivenextfunc 13 hours ago [-]
Writing C for eBPF is cumbersome and you'd like to avoid it. Okay, that's reasonable. But I don't think it would be a good idea to write a compiler that emits eBPF binary from (a tiny subset of) Python. Why not just write code in pseudo-Python (or whatever language you're comfortable with) and have it translated by an LLM, and paste it in the source code? That would be much better because there would be fewer layers and a significant reduction in runtime cost.
tecleandor 13 hours ago [-]
I don't understand...
So, instead of having a defined and documented subset of Python that compiles to eBPF in a deterministic way... use an undefined pseudo language and let the LLM have fun with it without understanding if the result C is correct?
What would be the advantage?
drivenextfunc 13 hours ago [-]
The behavior of CPython and a few other implementations of Python (such as PyPy) is well documented and well understood. The semantics of the tiny subset of Python that this Python-to-eBPF compiler understands is not. For example, inferring from the fact that it statically compiles Python-ish AST to LLVM IR, you can have a rough idea that dynamic elements of Python semantics are unlikely to be compiled, but you cannot know exactly which elements without carefully reading the documentation or source code of the compiler. You can guess globals() or locals() won't work, maybe .__dict__ won't as well, but how about type() or isinstance()? You don't know without digging into the documentation (which may be lacking), because the subset of Python this compiler understands is rather arbitrary.
And also, having an LLM translate Python-ish pseudo code into C does not imply that you cannot examine it before putting it into a program. You can manually review it and make modifications as you want. It just reduces time spent compared with writing C code by hand.
tecleandor 10 hours ago [-]
But then we have to write the pseudocode anyway (that cannot be corrected by my IDE, so I don't know if I have pseudomistakes [sorry for the pun]), the LLM 'transpile' (that's not understood at all), and you have to review the C code anyway, so you have to know eBPF code really well.
Would that represent a time advantage?
Twirrim 7 hours ago [-]
Are you seriously asking why someone might want to do something guaranteed to behave exactly as they defined it, when they could have an LLM hallucinate code that touches the core of their system, instead?
Why would anyone go with the inaccurate option?
otabdeveloper4 10 hours ago [-]
LLMs will never be able to write eBPF code.
eBPF is a weird, formally validated secure subset of C. No "normal" C program will ever pass the eBPF validation checks.
nickysielicki 10 hours ago [-]
LLMs can easily already write eBPF code. Try it.
otabdeveloper4 6 hours ago [-]
> tell me how you never actually developed an eBPF program without telling me you never actually developed an eBPF program
vrighter 10 hours ago [-]
"translated by an llm"
smh my head
robertlagrant 7 hours ago [-]
Step 1: import numpy
njharman 15 hours ago [-]
Putting tldr; at the bottom defeats purpose of tldr.
Not the original BPF, but its successor in the Linux kernel called eBPF [1]. eBPF's virtual machine has additional registers, and crucially, eBPF programs can make some syscalls, which BPF programs can't.
I have been a bit out of the loop. what is relevant these days for writing ebpf code? what about ebpf code in python?
grantseltzer 9 hours ago [-]
Writing it in C, compiling with clang, and loading with either C(libbpf), Go (cilium/ebpf), or Rust (Aya).
You can also write bpf in rust with Aya but i'm not sure how feature complete it is.
For very simple use cases you can just bpftrace.
nickysielicki 10 hours ago [-]
bpftrace is nicer to work with and can replace bcc in most cases for debugging.
atoav 16 hours ago [-]
Looks cool, I like the use of decorators as a means to use essentially turn python into some sort of DSL.
One nitpick: Please include a paragraph/section/infobox explaining what eBPF is and what problems should be solved using it. I am a huge fan of making our tech world more accessible and as such we should think to some degree about people who don't know every acronym.
varunrmallya 9 hours ago [-]
To be honest, this was really a hackathon project. The code quality is very very bad right now. We will be continuing to work on this to make it much better and we'll be adding documentation as we go as well. Thanks for taking a look :)
Rendered at 23:37:53 GMT+0000 (Coordinated Universal Time) with Vercel.
It was definitely a toy, I transliterated from python bytecode (a stack based vm) into bpf. I also wrote the full code gen stack myself (bpf was simpler back then)
But using llvm and not marrying things to cpython implementation makes this approach way better
Which is cool!
But the description could be a bit clearer.
So, instead of having a defined and documented subset of Python that compiles to eBPF in a deterministic way... use an undefined pseudo language and let the LLM have fun with it without understanding if the result C is correct?
What would be the advantage?
And also, having an LLM translate Python-ish pseudo code into C does not imply that you cannot examine it before putting it into a program. You can manually review it and make modifications as you want. It just reduces time spent compared with writing C code by hand.
Would that represent a time advantage?
Why would anyone go with the inaccurate option?
eBPF is a weird, formally validated secure subset of C. No "normal" C program will ever pass the eBPF validation checks.
smh my head
Guessing this is BPF https://en.wikipedia.org/wiki/Berkeley_Packet_Filter But, reader shouldn't have to guess. That is the link that should be in your Introduction. Just after tldr;
[1]: https://lwn.net/Articles/740157/
You can also write bpf in rust with Aya but i'm not sure how feature complete it is.
For very simple use cases you can just bpftrace.
One nitpick: Please include a paragraph/section/infobox explaining what eBPF is and what problems should be solved using it. I am a huge fan of making our tech world more accessible and as such we should think to some degree about people who don't know every acronym.