Guessing this is BPF https://en.wikipedia.org/wiki/Berkeley_Packet_Filter But, reader shouldn't have to guess. That is the link that should be in your Introduction. Just after tldr;
It was definitely a toy, I transliterated from python bytecode (a stack based vm) into bpf. I also wrote the full code gen stack myself (bpf was simpler back then)
But using llvm and not marrying things to cpython implementation makes this approach way better
Which is cool!
But the description could be a bit clearer.
So, instead of having a defined and documented subset of Python that compiles to eBPF in a deterministic way... use an undefined pseudo language and let the LLM have fun with it without understanding if the result C is correct?
What would be the advantage?
And also, having an LLM translate Python-ish pseudo code into C does not imply that you cannot examine it before putting it into a program. You can manually review it and make modifications as you want. It just reduces time spent compared with writing C code by hand.
Would that represent a time advantage?
eBPF is a weird, formally validated secure subset of C. No "normal" C program will ever pass the eBPF validation checks.
Ask an LLM to write a simple ebpf program which kills any program with a specific name/path. Even crappy local models can handle this with ease.
If you’re talking about more complicated map-based programs, you’re probably right that it will struggle a bit, but it will still figure it out. The eBPF api is not very different than any other C api at the end of the day. It will do fine without the standard library, if you ask it to.
The issue here is the static formal validation the kernel does before loading your eBPF program.
(Even humans don't really know how it works. You need to use specific byte width types and access memory in specific patterns or the validation will fail.)
1. If you meant XDP, you should have said XDP, not eBPF.
2. The kernel does that validation on all ebpf code that it loads, regardless of whether XDP is involved.
3. Humans know how it works.
smh my head
Why would anyone go with the inaccurate option?
You can also write bpf in rust with Aya but i'm not sure how feature complete it is.
For very simple use cases you can just bpftrace.
atoav•4mo ago
One nitpick: Please include a paragraph/section/infobox explaining what eBPF is and what problems should be solved using it. I am a huge fan of making our tech world more accessible and as such we should think to some degree about people who don't know every acronym.
varunrmallya•4mo ago