It was definitely a toy, I transliterated from python bytecode (a stack based vm) into bpf. I also wrote the full code gen stack myself (bpf was simpler back then)
But using llvm and not marrying things to cpython implementation makes this approach way better
Writing C for eBPF is cumbersome and you'd like to avoid it. Okay, that's reasonable. But I don't think it would be a good idea to write a compiler that emits eBPF binary from (a tiny subset of) Python. Why not just write code in pseudo-Python (or whatever language you're comfortable with) and have it translated by an LLM, and paste it in the source code? That would be much better because there would be fewer layers and a significant reduction in runtime cost.
So, instead of having a defined and documented subset of Python that compiles to eBPF in a deterministic way... use an undefined pseudo language and let the LLM have fun with it without understanding if the result C is correct?
The behavior of CPython and a few other implementations of Python (such as PyPy) is well documented and well understood. The semantics of the tiny subset of Python that this Python-to-eBPF compiler understands is not. For example, inferring from the fact that it statically compiles Python-ish AST to LLVM IR, you can have a rough idea that dynamic elements of Python semantics are unlikely to be compiled, but you cannot know exactly which elements without carefully reading the documentation or source code of the compiler. You can guess globals() or locals() won't work, maybe .__dict__ won't as well, but how about type() or isinstance()? You don't know without digging into the documentation (which may be lacking), because the subset of Python this compiler understands is rather arbitrary.
And also, having an LLM translate Python-ish pseudo code into C does not imply that you cannot examine it before putting it into a program. You can manually review it and make modifications as you want. It just reduces time spent compared with writing C code by hand.
The "How it works under the hood" section raises more question than it answers. What is the difference between step 3 and step 4? As described, step 3 goes from LLVM IR to BPF (via llc), and step 4 - goes from LLVM IR to eBPF bytecode? That's nonsensical.
Does anybody know if something similar exists for Node.js? I'd love to be able to integrate BPF into some of my Node projects with the same kind of approach.
Not the original BPF, but its successor in the Linux kernel called eBPF [1]. eBPF's virtual machine has additional registers, and crucially, eBPF programs can make some syscalls, which BPF programs can't.
Looks cool, I like the use of decorators as a means to use essentially turn python into some sort of DSL.
One nitpick: Please include a paragraph/section/infobox explaining what eBPF is and what problems should be solved using it. I am a huge fan of making our tech world more accessible and as such we should think to some degree about people who don't know every acronym.
that's really cool. to gain traction i would start with reimplementing all the tools from https://github.com/iovisor/bcc/tree/master/libbpf-tools in PythonBPF.
I did something similar a long time ago https://github.com/facebookresearch/py2bpf
It was definitely a toy, I transliterated from python bytecode (a stack based vm) into bpf. I also wrote the full code gen stack myself (bpf was simpler back then)
But using llvm and not marrying things to cpython implementation makes this approach way better
Writing C for eBPF is cumbersome and you'd like to avoid it. Okay, that's reasonable. But I don't think it would be a good idea to write a compiler that emits eBPF binary from (a tiny subset of) Python. Why not just write code in pseudo-Python (or whatever language you're comfortable with) and have it translated by an LLM, and paste it in the source code? That would be much better because there would be fewer layers and a significant reduction in runtime cost.
I don't understand...
So, instead of having a defined and documented subset of Python that compiles to eBPF in a deterministic way... use an undefined pseudo language and let the LLM have fun with it without understanding if the result C is correct?
What would be the advantage?
The behavior of CPython and a few other implementations of Python (such as PyPy) is well documented and well understood. The semantics of the tiny subset of Python that this Python-to-eBPF compiler understands is not. For example, inferring from the fact that it statically compiles Python-ish AST to LLVM IR, you can have a rough idea that dynamic elements of Python semantics are unlikely to be compiled, but you cannot know exactly which elements without carefully reading the documentation or source code of the compiler. You can guess globals() or locals() won't work, maybe .__dict__ won't as well, but how about type() or isinstance()? You don't know without digging into the documentation (which may be lacking), because the subset of Python this compiler understands is rather arbitrary.
And also, having an LLM translate Python-ish pseudo code into C does not imply that you cannot examine it before putting it into a program. You can manually review it and make modifications as you want. It just reduces time spent compared with writing C code by hand.
LLMs will never be able to write eBPF code.
eBPF is a weird, formally validated secure subset of C. No "normal" C program will ever pass the eBPF validation checks.
For java, Johannes Bechberger has made a lot of articles about writing eBPF in java : https://mostlynerdless.de/blog/2023/12/31/hello-ebpf-develop... https://mostlynerdless.de/blog/category/computer-science/ebp...
So this is a "inline" Python to eBPF transpiler/compiler.
Which is cool!
But the description could be a bit clearer.
The "How it works under the hood" section raises more question than it answers. What is the difference between step 3 and step 4? As described, step 3 goes from LLVM IR to BPF (via llc), and step 4 - goes from LLVM IR to eBPF bytecode? That's nonsensical.
Does anybody know if something similar exists for Node.js? I'd love to be able to integrate BPF into some of my Node projects with the same kind of approach.
Please no...
Putting tldr; at the bottom defeats purpose of tldr.
Guessing this is BPF https://en.wikipedia.org/wiki/Berkeley_Packet_Filter But, reader shouldn't have to guess. That is the link that should be in your Introduction. Just after tldr;
Not the original BPF, but its successor in the Linux kernel called eBPF [1]. eBPF's virtual machine has additional registers, and crucially, eBPF programs can make some syscalls, which BPF programs can't.
[1]: https://lwn.net/Articles/740157/
bcc hasn't been relevant for years.
I have been a bit out of the loop. what is relevant these days for writing ebpf code? what about ebpf code in python?
Looks cool, I like the use of decorators as a means to use essentially turn python into some sort of DSL.
One nitpick: Please include a paragraph/section/infobox explaining what eBPF is and what problems should be solved using it. I am a huge fan of making our tech world more accessible and as such we should think to some degree about people who don't know every acronym.