add xdp struct to args

Signed-off-by: varun-r-mallya <varunrmallya@gmail.com>

.github/workflows/format.yml

@@ -12,8 +12,8 @@ jobs:
     name: Format
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
+    - uses: actions/checkout@v5
+    - uses: actions/setup-python@v6
       with:
         python-version: "3.x"
     - uses: pre-commit/action@v3.0.1

.pre-commit-config.yaml

@@ -21,7 +21,7 @@ ci:
 repos:
 # Standard hooks
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.6.0
+  rev: v6.0.0
   hooks:
   - id: check-added-large-files
   - id: check-case-conflict
@@ -36,7 +36,7 @@ repos:
   - id: trailing-whitespace
 
 - repo: https://github.com/astral-sh/ruff-pre-commit
-  rev: "v0.4.2"
+  rev: "v0.13.2"
   hooks:
     - id: ruff
       args: ["--fix", "--show-fixes"]
@@ -45,7 +45,7 @@ repos:
 
 # Checking static types
 - repo: https://github.com/pre-commit/mirrors-mypy
-  rev: "v1.10.0"
+  rev: "v1.18.2"
   hooks:
     - id: mypy
       exclude: ^(tests)|^(examples)

TODO.md

@@ -1,7 +1,6 @@
 ## Short term
 
 - Implement enough functionality to port the BCC tutorial examples in PythonBPF
-- Static Typing
 - Add all maps
 - XDP support in pylibbpf
 - ringbuf support

examples/clone-matplotlib.ipynb

@@ -12,7 +12,7 @@
     "from pythonbpf import bpf, map, section, bpfglobal, BPF\n",
     "from pythonbpf.helper import pid\n",
     "from pythonbpf.maps import HashMap\n",
-    "from pylibbpf import *\n",
+    "from pylibbpf import BpfMap\n",
     "from ctypes import c_void_p, c_int64, c_uint64, c_int32\n",
     "import matplotlib.pyplot as plt"
    ]

examples/kprobes.py

@@ -0,0 +1,27 @@
+from pythonbpf import bpf, section, bpfglobal, BPF
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("kretprobe/do_unlinkat")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return c_int64(0)
+
+@bpf
+@section("kprobe/do_unlinkat")
+def hello_world2(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return c_int64(0)
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+b = BPF()
+b.load_and_attach()
+while True:
+    print("running")
+# Now cat /sys/kernel/debug/tracing/trace_pipe to see results of unlink kprobe.

examples/xdp_pass.py

@@ -1,7 +1,7 @@
-from pythonbpf import bpf, map, section, bpfglobal, compile
+from pythonbpf import bpf, map, section, bpfglobal, compile, compile_to_ir
 from pythonbpf.helper import XDP_PASS
 from pythonbpf.maps import HashMap
-
+from vmlinux import struct_xdp_md
 from ctypes import c_void_p, c_int64
 
 # Instructions to how to run this program
@@ -20,7 +20,7 @@ def count() -> HashMap:
 
 @bpf
 @section("xdp")
-def hello_world(ctx: c_void_p) -> c_int64:
+def hello_world(ctx: struct_xdp_md) -> c_int64:
     key = 0
     one = 1
     prev = count().lookup(key)
@@ -40,5 +40,5 @@ def hello_world(ctx: c_void_p) -> c_int64:
 def LICENSE() -> str:
     return "GPL"
 
-
+compile_to_ir("xdp_pass.py", "xdp_pass.ll")
 compile()

pythonbpf/binary_ops.py

@@ -9,6 +9,7 @@ logger: Logger = logging.getLogger(__name__)
 def recursive_dereferencer(var, builder):
     """dereference until primitive type comes out"""
     # TODO: Not worrying about stack overflow for now
+    logger.info(f"Dereferencing {var}, type is {var.type}")
     if isinstance(var.type, ir.PointerType):
         a = builder.load(var)
         return recursive_dereferencer(a, builder)
@@ -18,7 +19,7 @@ def recursive_dereferencer(var, builder):
         raise TypeError(f"Unsupported type for dereferencing: {var.type}")
 
 
-def get_operand_value(operand, module, builder, local_sym_tab):
+def get_operand_value(operand, builder, local_sym_tab):
     """Extract the value from an operand, handling variables and constants."""
     if isinstance(operand, ast.Name):
         if operand.id in local_sym_tab:
@@ -29,14 +30,14 @@ def get_operand_value(operand, module, builder, local_sym_tab):
             return ir.Constant(ir.IntType(64), operand.value)
         raise TypeError(f"Unsupported constant type: {type(operand.value)}")
     elif isinstance(operand, ast.BinOp):
-        return handle_binary_op_impl(operand, module, builder, local_sym_tab)
+        return handle_binary_op_impl(operand, builder, local_sym_tab)
     raise TypeError(f"Unsupported operand type: {type(operand)}")
 
 
-def handle_binary_op_impl(rval, module, builder, local_sym_tab):
+def handle_binary_op_impl(rval, builder, local_sym_tab):
     op = rval.op
-    left = get_operand_value(rval.left, module, builder, local_sym_tab)
-    right = get_operand_value(rval.right, module, builder, local_sym_tab)
+    left = get_operand_value(rval.left, builder, local_sym_tab)
+    right = get_operand_value(rval.right, builder, local_sym_tab)
     logger.info(f"left is {left}, right is {right}, op is {op}")
 
     # Map AST operation nodes to LLVM IR builder methods
@@ -61,6 +62,11 @@ def handle_binary_op_impl(rval, module, builder, local_sym_tab):
         raise SyntaxError("Unsupported binary operation")
 
 
-def handle_binary_op(rval, module, builder, var_name, local_sym_tab):
-    result = handle_binary_op_impl(rval, module, builder, local_sym_tab)
-    builder.store(result, local_sym_tab[var_name].var)
+def handle_binary_op(rval, builder, var_name, local_sym_tab):
+    result = handle_binary_op_impl(rval, builder, local_sym_tab)
+    if var_name and var_name in local_sym_tab:
+        logger.info(
+            f"Storing result {result} into variable {local_sym_tab[var_name].var}"
+        )
+        builder.store(result, local_sym_tab[var_name].var)
+    return result, result.type

pythonbpf/codegen.py

@@ -1,7 +1,7 @@
 import ast
 from llvmlite import ir
 from .license_pass import license_processing
-from .functions_pass import func_proc
+from .functions import func_proc
 from .maps import maps_proc
 from .structs import structs_proc
 from .globals_pass import globals_processing
@@ -48,7 +48,7 @@ def processor(source_code, filename, module):
     globals_processing(tree, module)
 
 
-def compile_to_ir(filename: str, output: str, loglevel=logging.WARNING):
+def compile_to_ir(filename: str, output: str, loglevel=logging.INFO):
     logging.basicConfig(
         level=loglevel, format="%(asctime)s [%(levelname)s] %(name)s: %(message)s"
     )
@@ -121,7 +121,7 @@ def compile_to_ir(filename: str, output: str, loglevel=logging.WARNING):
     return output
 
 
-def compile(loglevel=logging.WARNING) -> bool:
+def compile(loglevel=logging.INFO) -> bool:
     # Look one level up the stack to the caller of this function
     caller_frame = inspect.stack()[1]
     caller_file = Path(caller_frame.filename).resolve()
@@ -154,7 +154,7 @@ def compile(loglevel=logging.WARNING) -> bool:
     return success
 
 
-def BPF(loglevel=logging.WARNING) -> BpfProgram:
+def BPF(loglevel=logging.INFO) -> BpfProgram:
     caller_frame = inspect.stack()[1]
     src = inspect.getsource(caller_frame.frame)
     with tempfile.NamedTemporaryFile(

pythonbpf/expr_pass.py

@@ -4,6 +4,8 @@ from logging import Logger
 import logging
 from typing import Dict
 
+from .type_deducer import ctypes_to_ir, is_ctypes
+
 logger: Logger = logging.getLogger(__name__)
 
 
@@ -88,6 +90,48 @@ def _handle_deref_call(expr: ast.Call, local_sym_tab: Dict, builder: ir.IRBuilde
     return val, local_sym_tab[arg.id].ir_type
 
 
+def _handle_ctypes_call(
+    func,
+    module,
+    builder,
+    expr,
+    local_sym_tab,
+    map_sym_tab,
+    structs_sym_tab=None,
+):
+    """Handle ctypes type constructor calls."""
+    if len(expr.args) != 1:
+        logger.info("ctypes constructor takes exactly one argument")
+        return None
+
+    arg = expr.args[0]
+    val = eval_expr(
+        func,
+        module,
+        builder,
+        arg,
+        local_sym_tab,
+        map_sym_tab,
+        structs_sym_tab,
+    )
+    if val is None:
+        logger.info("Failed to evaluate argument to ctypes constructor")
+        return None
+    call_type = expr.func.id
+    expected_type = ctypes_to_ir(call_type)
+
+    if val[1] != expected_type:
+        # NOTE: We are only considering casting to and from int types for now
+        if isinstance(val[1], ir.IntType) and isinstance(expected_type, ir.IntType):
+            if val[1].width < expected_type.width:
+                val = (builder.sext(val[0], expected_type), expected_type)
+            else:
+                val = (builder.trunc(val[0], expected_type), expected_type)
+        else:
+            raise ValueError(f"Type mismatch: expected {expected_type}, got {val[1]}")
+    return val
+
+
 def eval_expr(
     func,
     module,
@@ -106,6 +150,17 @@ def eval_expr(
         if isinstance(expr.func, ast.Name) and expr.func.id == "deref":
             return _handle_deref_call(expr, local_sym_tab, builder)
 
+        if isinstance(expr.func, ast.Name) and is_ctypes(expr.func.id):
+            return _handle_ctypes_call(
+                func,
+                module,
+                builder,
+                expr,
+                local_sym_tab,
+                map_sym_tab,
+                structs_sym_tab,
+            )
+
         # delayed import to avoid circular dependency
         from pythonbpf.helper import HelperHandlerRegistry, handle_helper_call
 
@@ -153,6 +208,10 @@ def eval_expr(
                         )
     elif isinstance(expr, ast.Attribute):
         return _handle_attribute_expr(expr, local_sym_tab, structs_sym_tab, builder)
+    elif isinstance(expr, ast.BinOp):
+        from pythonbpf.binary_ops import handle_binary_op
+
+        return handle_binary_op(expr, builder, None, local_sym_tab)
     logger.info("Unsupported expression evaluation")
     return None
 

pythonbpf/functions/__init__.py

@@ -0,0 +1,3 @@
+from .functions_pass import func_proc
+
+__all__ = ["func_proc"]

pythonbpf/functions/func_registry_handlers.py

@@ -0,0 +1,22 @@
+from typing import Dict
+
+
+class StatementHandlerRegistry:
+    """Registry for statement handlers."""
+
+    _handlers: Dict = {}
+
+    @classmethod
+    def register(cls, stmt_type):
+        """Register a handler for a specific statement type."""
+
+        def decorator(handler):
+            cls._handlers[stmt_type] = handler
+            return handler
+
+        return decorator
+
+    @classmethod
+    def __getitem__(cls, stmt_type):
+        """Get the handler for a specific statement type."""
+        return cls._handlers.get(stmt_type, None)

pythonbpf/functions/functions_pass.py

@@ -4,10 +4,13 @@ import logging
 from typing import Any
 from dataclasses import dataclass
 
-from .helper import HelperHandlerRegistry, handle_helper_call
-from .type_deducer import ctypes_to_ir
-from .binary_ops import handle_binary_op
-from .expr_pass import eval_expr, handle_expr
+from pythonbpf.helper import HelperHandlerRegistry, handle_helper_call
+from pythonbpf.type_deducer import ctypes_to_ir
+from pythonbpf.binary_ops import handle_binary_op
+from pythonbpf.expr_pass import eval_expr, handle_expr
+
+from .return_utils import _handle_none_return, _handle_xdp_return, _is_xdp_name
+
 
 logger = logging.getLogger(__name__)
 
@@ -146,8 +149,7 @@ def handle_assign(
                     local_sym_tab[var_name].var,
                 )
                 logger.info(
-                    f"Assigned {call_type} constant "
-                    f"{rval.args[0].value} to {var_name}"
+                    f"Assigned {call_type} constant {rval.args[0].value} to {var_name}"
                 )
             elif HelperHandlerRegistry.has_handler(call_type):
                 # var = builder.alloca(ir.IntType(64), name=var_name)
@@ -233,7 +235,7 @@ def handle_assign(
         else:
             logger.info("Unsupported assignment call function type")
     elif isinstance(rval, ast.BinOp):
-        handle_binary_op(rval, module, builder, var_name, local_sym_tab)
+        handle_binary_op(rval, builder, var_name, local_sym_tab)
     else:
         logger.info("Unsupported assignment value type")
 
@@ -351,6 +353,27 @@ def handle_if(
     builder.position_at_end(merge_block)
 
 
+def handle_return(builder, stmt, local_sym_tab, ret_type):
+    logger.info(f"Handling return statement: {ast.dump(stmt)}")
+    if stmt.value is None:
+        return _handle_none_return(builder)
+    elif isinstance(stmt.value, ast.Name) and _is_xdp_name(stmt.value.id):
+        return _handle_xdp_return(stmt, builder, ret_type)
+    else:
+        val = eval_expr(
+            func=None,
+            module=None,
+            builder=builder,
+            expr=stmt.value,
+            local_sym_tab=local_sym_tab,
+            map_sym_tab={},
+            structs_sym_tab={},
+        )
+        logger.info(f"Evaluated return expression to {val}")
+        builder.ret(val[0])
+        return True
+
+
 def process_stmt(
     func,
     module,
@@ -384,36 +407,12 @@ def process_stmt(
             func, module, builder, stmt, map_sym_tab, local_sym_tab, structs_sym_tab
         )
     elif isinstance(stmt, ast.Return):
-        if stmt.value is None:
-            builder.ret(ir.Constant(ir.IntType(32), 0))
-            did_return = True
-        elif (
-            isinstance(stmt.value, ast.Call)
-            and isinstance(stmt.value.func, ast.Name)
-            and len(stmt.value.args) == 1
-            and isinstance(stmt.value.args[0], ast.Constant)
-            and isinstance(stmt.value.args[0].value, int)
-        ):
-            call_type = stmt.value.func.id
-            if ctypes_to_ir(call_type) != ret_type:
-                raise ValueError(
-                    "Return type mismatch: expected"
-                    f"{ctypes_to_ir(call_type)}, got {call_type}"
-                )
-            else:
-                builder.ret(ir.Constant(ret_type, stmt.value.args[0].value))
-                did_return = True
-        elif isinstance(stmt.value, ast.Name):
-            if stmt.value.id == "XDP_PASS":
-                builder.ret(ir.Constant(ret_type, 2))
-                did_return = True
-            elif stmt.value.id == "XDP_DROP":
-                builder.ret(ir.Constant(ret_type, 1))
-                did_return = True
-            else:
-                raise ValueError("Failed to evaluate return expression")
-        else:
-            raise ValueError("Unsupported return value")
+        did_return = handle_return(
+            builder,
+            stmt,
+            local_sym_tab,
+            ret_type,
+        )
     return did_return
 
 
@@ -455,6 +454,9 @@ def allocate_mem(
                 continue
             var_name = target.id
             rval = stmt.value
+            if var_name in local_sym_tab:
+                logger.info(f"Variable {var_name} already allocated")
+                continue
             if isinstance(rval, ast.Call):
                 if isinstance(rval.func, ast.Name):
                     call_type = rval.func.id
@@ -483,8 +485,7 @@ def allocate_mem(
                         var = builder.alloca(ir_type, name=var_name)
                         has_metadata = True
                         logger.info(
-                            f"Pre-allocated variable {var_name} "
-                            f"for struct {call_type}"
+                            f"Pre-allocated variable {var_name} for struct {call_type}"
                         )
                 elif isinstance(rval.func, ast.Attribute):
                     ir_type = ir.PointerType(ir.IntType(64))
@@ -568,7 +569,7 @@ def process_func_body(
         )
 
     if not did_return:
-        builder.ret(ir.Constant(ir.IntType(32), 0))
+        builder.ret(ir.Constant(ir.IntType(64), 0))
 
 
 def process_bpf_chunk(func_node, module, return_type, map_sym_tab, structs_sym_tab):

pythonbpf/functions/return_utils.py

@@ -0,0 +1,45 @@
+import logging
+import ast
+
+from llvmlite import ir
+
+logger: logging.Logger = logging.getLogger(__name__)
+
+XDP_ACTIONS = {
+    "XDP_ABORTED": 0,
+    "XDP_DROP": 1,
+    "XDP_PASS": 2,
+    "XDP_TX": 3,
+    "XDP_REDIRECT": 4,
+}
+
+
+def _handle_none_return(builder) -> bool:
+    """Handle return or return None -> returns 0."""
+    builder.ret(ir.Constant(ir.IntType(64), 0))
+    logger.debug("Generated default return: 0")
+    return True
+
+
+def _is_xdp_name(name: str) -> bool:
+    """Check if a name is an XDP action"""
+    return name in XDP_ACTIONS
+
+
+def _handle_xdp_return(stmt: ast.Return, builder, ret_type) -> bool:
+    """Handle XDP returns"""
+    if not isinstance(stmt.value, ast.Name):
+        return False
+
+    action_name = stmt.value.id
+
+    if action_name not in XDP_ACTIONS:
+        raise ValueError(
+            f"Unknown XDP action: {action_name}. Available: {XDP_ACTIONS.keys()}"
+        )
+        return False
+
+    value = XDP_ACTIONS[action_name]
+    builder.ret(ir.Constant(ret_type, value))
+    logger.debug(f"Generated XDP action return: {action_name} = {value}")
+    return True

pythonbpf/helper/bpf_helper_handler.py

@@ -62,7 +62,7 @@ def bpf_map_lookup_elem_emitter(
     """
     if not call.args or len(call.args) != 1:
         raise ValueError(
-            "Map lookup expects exactly one argument (key), got " f"{len(call.args)}"
+            f"Map lookup expects exactly one argument (key), got {len(call.args)}"
         )
     key_ptr = get_or_create_ptr_from_arg(call.args[0], builder, local_sym_tab)
     map_void_ptr = builder.bitcast(map_ptr, ir.PointerType())
@@ -145,8 +145,7 @@ def bpf_map_update_elem_emitter(
     """
     if not call.args or len(call.args) < 2 or len(call.args) > 3:
         raise ValueError(
-            "Map update expects 2 or 3 args (key, value, flags), "
-            f"got {len(call.args)}"
+            f"Map update expects 2 or 3 args (key, value, flags), got {len(call.args)}"
         )
 
     key_arg = call.args[0]
@@ -196,7 +195,7 @@ def bpf_map_delete_elem_emitter(
     """
     if not call.args or len(call.args) != 1:
         raise ValueError(
-            "Map delete expects exactly one argument (key), got " f"{len(call.args)}"
+            f"Map delete expects exactly one argument (key), got {len(call.args)}"
         )
     key_ptr = get_or_create_ptr_from_arg(call.args[0], builder, local_sym_tab)
     map_void_ptr = builder.bitcast(map_ptr, ir.PointerType())
@@ -255,7 +254,7 @@ def bpf_perf_event_output_handler(
 ):
     if len(call.args) != 1:
         raise ValueError(
-            "Perf event output expects exactly one argument, " f"got {len(call.args)}"
+            f"Perf event output expects exactly one argument, got {len(call.args)}"
         )
     data_arg = call.args[0]
     ctx_ptr = func.args[0]  # First argument to the function is ctx

pythonbpf/helper/helper_utils.py

@@ -270,7 +270,7 @@ def _prepare_expr_args(expr, func, module, builder, local_sym_tab, struct_sym_ta
                 val = builder.sext(val, ir.IntType(64))
         else:
             logger.warning(
-                "Only int and ptr supported in bpf_printk args. " "Others default to 0."
+                "Only int and ptr supported in bpf_printk args. Others default to 0."
             )
             val = ir.Constant(ir.IntType(64), 0)
         return val

pythonbpf/maps/maps_pass.py

@@ -278,9 +278,7 @@ def process_bpf_map(func_node, module):
         if handler:
             return handler(map_name, rval, module)
         else:
-            logger.warning(
-                f"Unknown map type " f"{rval.func.id}, defaulting to HashMap"
-            )
+            logger.warning(f"Unknown map type {rval.func.id}, defaulting to HashMap")
             return process_hash_map(map_name, rval, module)
     else:
         raise ValueError("Function under @map must return a map")

pythonbpf/type_deducer.py

@@ -1,24 +1,28 @@
 from llvmlite import ir
 
 # TODO: THIS IS NOT SUPPOSED TO MATCH STRINGS :skull:
+mapping = {
+    "c_int8": ir.IntType(8),
+    "c_uint8": ir.IntType(8),
+    "c_int16": ir.IntType(16),
+    "c_uint16": ir.IntType(16),
+    "c_int32": ir.IntType(32),
+    "c_uint32": ir.IntType(32),
+    "c_int64": ir.IntType(64),
+    "c_uint64": ir.IntType(64),
+    "c_float": ir.FloatType(),
+    "c_double": ir.DoubleType(),
+    "c_void_p": ir.IntType(64),
+    # Not so sure about this one
+    "str": ir.PointerType(ir.IntType(8)),
+}
 
 
 def ctypes_to_ir(ctype: str):
-    mapping = {
-        "c_int8": ir.IntType(8),
-        "c_uint8": ir.IntType(8),
-        "c_int16": ir.IntType(16),
-        "c_uint16": ir.IntType(16),
-        "c_int32": ir.IntType(32),
-        "c_uint32": ir.IntType(32),
-        "c_int64": ir.IntType(64),
-        "c_uint64": ir.IntType(64),
-        "c_float": ir.FloatType(),
-        "c_double": ir.DoubleType(),
-        "c_void_p": ir.IntType(64),
-        # Not so sure about this one
-        "str": ir.PointerType(ir.IntType(8)),
-    }
     if ctype in mapping:
         return mapping[ctype]
     raise NotImplementedError(f"No mapping for {ctype}")
+
+
+def is_ctypes(ctype: str) -> bool:
+    return ctype in mapping

tests/c-form/ex2.bpf.c

@@ -1,11 +1,11 @@
-#include <linux/bpf.h>
+#include "vmlinux.h"
 #include <bpf/bpf_helpers.h>
-#define u64 unsigned long long
-#define u32 unsigned int
+#include <bpf/bpf_endian.h>
 
 SEC("xdp")
 int hello(struct xdp_md *ctx) {
-    bpf_printk("Hello, World!\n");
+    // ctx.
+    bpf_printk("Hello, World! %ud \n", ctx->data);
     return XDP_PASS;
 }
 

tests/c-form/kprobe.bpf.c

@@ -0,0 +1,19 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+char LICENSE[] SEC("license") = "Dual BSD/GPL";
+
+SEC("kprobe/do_unlinkat")
+int kprobe_execve(struct pt_regs *ctx)
+{
+    bpf_printk("unlinkat created");
+    return 0;
+}
+
+SEC("kretprobe/do_unlinkat")
+int kretprobe_execve(struct pt_regs *ctx)
+{
+    bpf_printk("unlinkat returned\n");
+    return 0;
+}

tests/failing_tests/direct_assign.py

@@ -4,6 +4,18 @@ from pythonbpf.maps import HashMap
 
 from ctypes import c_void_p, c_int64
 
+# NOTE: I have decided to not fix this example for now.
+# The issue is in line 31, where we are passing an expression.
+# The update helper expects a pointer type. But the problem is
+# that we must allocate the space for said pointer in the first
+# basic block. As that usage is in a different basic block, we
+# are unable to cast the expression to a pointer type. (as we never
+# allocated space for it).
+# Shall we change our space allocation logic? That allows users to
+# spam the same helper with the same args, and still run out of
+# stack space. So we consider this usage invalid for now.
+# Might fix it later.
+
 
 @bpf
 @map
@@ -14,12 +26,12 @@ def count() -> HashMap:
 @bpf
 @section("xdp")
 def hello_world(ctx: c_void_p) -> c_int64:
-    prev = count().lookup(0)
+    prev = count.lookup(0)
     if prev:
-        count().update(0, prev + 1)
+        count.update(0, prev + 1)
         return XDP_PASS
     else:
-        count().update(0, 1)
+        count.update(0, 1)
 
     return XDP_PASS
 

tests/failing_tests/named_arg.py

@@ -0,0 +1,40 @@
+from pythonbpf import bpf, map, section, bpfglobal, compile
+from pythonbpf.helper import XDP_PASS
+from pythonbpf.maps import HashMap
+
+from ctypes import c_void_p, c_int64
+
+# NOTE: This example exposes the problems with our typing system.
+# We can't do steps on line 25 and 27.
+# prev is of type i64**. For prev + 1, we deref it down to i64
+# To assign it back to prev, we need to go back to i64**.
+# We cannot allocate space for the intermediate type now.
+# We probably need to track the ref/deref chain for each variable.
+
+@bpf
+@map
+def count() -> HashMap:
+    return HashMap(key=c_int64, value=c_int64, max_entries=1)
+
+
+@bpf
+@section("xdp")
+def hello_world(ctx: c_void_p) -> c_int64:
+    prev = count.lookup(0)
+    if prev:
+        prev = prev + 1
+        count.update(0, prev)
+        return XDP_PASS
+    else:
+        count.update(0, 1)
+
+    return XDP_PASS
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/binop_const.py

@@ -0,0 +1,18 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return 1 + 1 - 2
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/binop_var.py

@@ -0,0 +1,19 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    a = 2
+    return a - 2
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/int.py

@@ -0,0 +1,18 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return 1
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/null.py

@@ -0,0 +1,18 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/typecast_binops.py

@@ -0,0 +1,20 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int32
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int32:
+    print("Hello, World!")
+    a = 1  # int64
+    x = 1  # int64
+    return c_int32(a - x)  # typecast to int32
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/typecast_const.py

@@ -0,0 +1,18 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int32
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int32:
+    print("Hello, World!")
+    return c_int32(1)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/typecast_var.py

@@ -0,0 +1,19 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int32
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int32:
+    print("Hello, World!")
+    a = 1 # int64
+    return c_int32(a) # typecast to int32
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/var.py

@@ -0,0 +1,19 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    a = 1
+    return a
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/return/xdp.py

@@ -0,0 +1,19 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+from pythonbpf.helper import XDP_PASS
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return XDP_PASS
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()

tests/passing_tests/var_rval.py

@@ -0,0 +1,20 @@
+import logging
+
+from pythonbpf import compile, bpf, section, bpfglobal
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("sometag1")
+def sometag(ctx: c_void_p) -> c_int64:
+    a = 1 - 1
+    return c_int64(a)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile(loglevel=logging.INFO)

tools/vmlinux-gen.py

@@ -0,0 +1,369 @@
+#!/usr/bin/env python3
+"""
+BTF to Python ctypes Converter
+Converts Linux kernel BTF (BPF Type Format) to Python ctypes definitions.
+
+This tool automates the process of:
+1. Dumping BTF from vmlinux
+2. Preprocessing enum definitions
+3. Processing struct kioctx to extract anonymous nested structs
+4. Running C preprocessor
+5. Converting to Python ctypes using clang2py
+6. Post-processing the output
+
+Requirements:
+- bpftool
+- clang
+- ctypeslib2 (pip install ctypeslib2)
+"""
+
+import argparse
+import os
+import re
+import subprocess
+import sys
+import tempfile
+
+
+class BTFConverter:
+    def __init__(self, btf_source="/sys/kernel/btf/vmlinux", output_file="vmlinux.py",
+                 keep_intermediate=False, verbose=False):
+        self.btf_source = btf_source
+        self.output_file = output_file
+        self.keep_intermediate = keep_intermediate
+        self.verbose = verbose
+        self.temp_dir = tempfile.mkdtemp() if not keep_intermediate else "."
+
+    def log(self, message):
+        """Print message if verbose mode is enabled."""
+        if self.verbose:
+            print(f"[*] {message}")
+
+    def run_command(self, cmd, description):
+        """Run a shell command and handle errors."""
+        self.log(f"{description}...")
+        try:
+            result = subprocess.run(
+                cmd,
+                shell=True,
+                check=True,
+                capture_output=True,
+                text=True
+            )
+            if self.verbose and result.stdout:
+                print(result.stdout)
+            return result
+        except subprocess.CalledProcessError as e:
+            print(f"Error during {description}:", file=sys.stderr)
+            print(e.stderr, file=sys.stderr)
+            sys.exit(1)
+
+    def step1_dump_btf(self):
+        """Step 1: Dump BTF from vmlinux."""
+        vmlinux_h = os.path.join(self.temp_dir, "vmlinux.h")
+        cmd = f"bpftool btf dump file {self.btf_source} format c > {vmlinux_h}"
+        self.run_command(cmd, "Dumping BTF from vmlinux")
+        return vmlinux_h
+
+    def step2_preprocess_enums(self, input_file):
+        """Step 1.5: Preprocess enum definitions."""
+        self.log("Preprocessing enum definitions...")
+
+        with open(input_file, 'r') as f:
+            original_code = f.read()
+
+        # Extract anonymous enums
+        enums = re.findall(
+            r'(?<!typedef\s)(enum\s*\{[^}]*\})\s*(\w+)\s*(?::\s*\d+)?\s*;',
+            original_code
+        )
+        enum_defs = [enum_block + ';' for enum_block, _ in enums]
+
+        # Replace anonymous enums with int declarations
+        processed_code = re.sub(
+            r'(?<!typedef\s)enum\s*\{[^}]*\}\s*(\w+)\s*(?::\s*\d+)?\s*;',
+            r'int \1;',
+            original_code
+        )
+
+        # Prepend enum definitions
+        if enum_defs:
+            enum_text = '\n'.join(enum_defs) + '\n\n'
+            processed_code = enum_text + processed_code
+
+        output_file = os.path.join(self.temp_dir, "vmlinux_processed.h")
+        with open(output_file, 'w') as f:
+            f.write(processed_code)
+
+        return output_file
+
+    def step2_5_process_kioctx(self, input_file):
+        #TODO: this is a very bad bug and design decision. A single struct has an issue mostly.
+        """Step 2.5: Process struct kioctx to extract nested anonymous structs."""
+        self.log("Processing struct kioctx nested structs...")
+
+        with open(input_file, 'r') as f:
+            content = f.read()
+
+        # Pattern to match struct kioctx with its full body (handles multiple nesting levels)
+        kioctx_pattern = r'struct\s+kioctx\s*\{(?:[^{}]|\{(?:[^{}]|\{[^{}]*\})*\})*\}\s*;'
+
+        def process_kioctx_replacement(match):
+            full_struct = match.group(0)
+            self.log(f"Found struct kioctx, length: {len(full_struct)} chars")
+
+            # Extract the struct body (everything between outermost { and })
+            body_match = re.search(r'struct\s+kioctx\s*\{(.*)\}\s*;', full_struct, re.DOTALL)
+            if not body_match:
+                return full_struct
+
+            body = body_match.group(1)
+
+            # Find all anonymous structs within the body
+            # Pattern: struct { ... } followed by ; (not a member name)
+            anon_struct_pattern = r'struct\s*\{[^}]*\}'
+
+            anon_structs = []
+            anon_counter = 4  # Start from 4, counting down to 1
+
+            def replace_anonymous_struct(m):
+                nonlocal anon_counter
+                anon_struct_content = m.group(0)
+
+                # Extract the body of the anonymous struct
+                anon_body_match = re.search(r'struct\s*\{(.*)\}', anon_struct_content, re.DOTALL)
+                if not anon_body_match:
+                    return anon_struct_content
+
+                anon_body = anon_body_match.group(1)
+
+                # Create the named struct definition
+                anon_name = f"__anon{anon_counter}"
+                member_name = f"a{anon_counter}"
+
+                # Store the struct definition
+                anon_structs.append(f"struct {anon_name} {{{anon_body}}};")
+
+                anon_counter -= 1
+
+                # Return the member declaration
+                return f"struct {anon_name} {member_name}"
+
+            # Process the body, finding and replacing anonymous structs
+            # We need to be careful to only match anonymous structs followed by ;
+            processed_body = body
+
+            # Find all occurrences and process them
+            pattern_with_semicolon = r'struct\s*\{([^}]*)\}\s*;'
+            matches = list(re.finditer(pattern_with_semicolon, body, re.DOTALL))
+
+            if not matches:
+                self.log("No anonymous structs found in kioctx")
+                return full_struct
+
+            self.log(f"Found {len(matches)} anonymous struct(s)")
+
+            # Process in reverse order to maintain string positions
+            for match in reversed(matches):
+                anon_struct_content = match.group(1)
+                start_pos = match.start()
+                end_pos = match.end()
+
+                # Create the named struct definition
+                anon_name = f"__anon{anon_counter}"
+                member_name = f"a{anon_counter}"
+
+                # Store the struct definition
+                anon_structs.insert(0, f"struct {anon_name} {{{anon_struct_content}}};")
+
+                # Replace in the body
+                replacement = f"struct {anon_name} {member_name};"
+                processed_body = processed_body[:start_pos] + replacement + processed_body[end_pos:]
+
+                anon_counter -= 1
+
+            # Rebuild the complete definition
+            if anon_structs:
+                # Prepend the anonymous struct definitions
+                anon_definitions = '\n'.join(anon_structs) + '\n\n'
+                new_struct = f"struct kioctx {{{processed_body}}};"
+                return anon_definitions + new_struct
+            else:
+                return full_struct
+
+        # Apply the transformation
+        processed_content = re.sub(
+            kioctx_pattern,
+            process_kioctx_replacement,
+            content,
+            flags=re.DOTALL
+        )
+
+        output_file = os.path.join(self.temp_dir, "vmlinux_kioctx_processed.h")
+        with open(output_file, 'w') as f:
+            f.write(processed_content)
+
+        self.log(f"Saved kioctx-processed output to {output_file}")
+        return output_file
+
+    def step3_run_preprocessor(self, input_file):
+        """Step 2: Run C preprocessor."""
+        output_file = os.path.join(self.temp_dir, "vmlinux.i")
+        cmd = f"clang -E {input_file} > {output_file}"
+        self.run_command(cmd, "Running C preprocessor")
+        return output_file
+
+    def step4_convert_to_ctypes(self, input_file):
+        """Step 3: Convert to Python ctypes using clang2py."""
+        output_file = os.path.join(self.temp_dir, "vmlinux_raw.py")
+        cmd = (
+            f"clang2py {input_file} -o {output_file} "
+            f"--clang-args=\"-fno-ms-extensions -I/usr/include -I/usr/include/linux\""
+        )
+        self.run_command(cmd, "Converting to Python ctypes")
+        return output_file
+
+    def step5_postprocess(self, input_file):
+        """Step 4: Post-process the generated Python file."""
+        self.log("Post-processing Python ctypes definitions...")
+
+        with open(input_file, "r") as f:
+            data = f.read()
+
+        # Remove lines like ('_45', ctypes.c_int64, 0)
+        data = re.sub(r"\('_[0-9]+',\s*ctypes\.[a-zA-Z0-9_]+,\s*0\),?\s*\n?", "", data)
+
+        # Replace ('_20', ctypes.c_uint64, 64) → ('_20', ctypes.c_uint64)
+        data = re.sub(r"\('(_[0-9]+)',\s*(ctypes\.[a-zA-Z0-9_]+),\s*[0-9]+\)", r"('\1', \2)", data)
+
+        # Replace ('_20', ctypes.c_char, 8) with ('_20', ctypes.c_uint8, 8)
+        data = re.sub(
+            r"(ctypes\.c_char)(\s*,\s*\d+\))",
+            r"ctypes.c_uint8\2",
+            data
+        )
+
+        # Remove ctypes. prefix from invalid entries
+        invalid_ctypes = ["bpf_iter_state", "_cache_type", "fs_context_purpose"]
+        for name in invalid_ctypes:
+            data = re.sub(rf"\bctypes\.{name}\b", name, data)
+
+        with open(self.output_file, "w") as f:
+            f.write(data)
+
+        self.log(f"Saved final output to {self.output_file}")
+
+    def cleanup(self):
+        """Remove temporary files if not keeping them."""
+        if not self.keep_intermediate and self.temp_dir != ".":
+            self.log(f"Cleaning up temporary directory: {self.temp_dir}")
+            import shutil
+            shutil.rmtree(self.temp_dir, ignore_errors=True)
+
+    def convert(self):
+        """Run the complete conversion pipeline."""
+        try:
+            self.log("Starting BTF to Python ctypes conversion...")
+
+            # Check dependencies
+            self.check_dependencies()
+
+            # Run conversion pipeline
+            vmlinux_h = self.step1_dump_btf()
+            vmlinux_processed_h = self.step2_preprocess_enums(vmlinux_h)
+            vmlinux_kioctx_h = self.step2_5_process_kioctx(vmlinux_processed_h)
+            vmlinux_i = self.step3_run_preprocessor(vmlinux_kioctx_h)
+            vmlinux_raw_py = self.step4_convert_to_ctypes(vmlinux_i)
+            self.step5_postprocess(vmlinux_raw_py)
+
+            print(f"\n✓ Conversion complete! Output saved to: {self.output_file}")
+
+        except Exception as e:
+            print(f"\n✗ Error during conversion: {e}", file=sys.stderr)
+            import traceback
+            traceback.print_exc()
+            sys.exit(1)
+        finally:
+            self.cleanup()
+
+    def check_dependencies(self):
+        """Check if required tools are available."""
+        self.log("Checking dependencies...")
+
+        dependencies = {
+            "bpftool": "bpftool --version",
+            "clang": "clang --version",
+            "clang2py": "clang2py --version"
+        }
+
+        missing = []
+        for tool, cmd in dependencies.items():
+            try:
+                subprocess.run(
+                    cmd,
+                    shell=True,
+                    check=True,
+                    capture_output=True
+                )
+            except subprocess.CalledProcessError:
+                missing.append(tool)
+
+        if missing:
+            print("Error: Missing required dependencies:", file=sys.stderr)
+            for tool in missing:
+                print(f"  - {tool}", file=sys.stderr)
+            if "clang2py" in missing:
+                print("\nInstall ctypeslib2: pip install ctypeslib2", file=sys.stderr)
+            sys.exit(1)
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description="Convert Linux kernel BTF to Python ctypes definitions",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog="""
+Examples:
+  %(prog)s
+  %(prog)s -o kernel_types.py
+  %(prog)s --btf-source /sys/kernel/btf/custom_module -k -v
+        """
+    )
+
+    parser.add_argument(
+        "--btf-source",
+        default="/sys/kernel/btf/vmlinux",
+        help="Path to BTF source (default: /sys/kernel/btf/vmlinux)"
+    )
+
+    parser.add_argument(
+        "-o", "--output",
+        default="vmlinux.py",
+        help="Output Python file (default: vmlinux.py)"
+    )
+
+    parser.add_argument(
+        "-k", "--keep-intermediate",
+        action="store_true",
+        help="Keep intermediate files (vmlinux.h, vmlinux_processed.h, etc.)"
+    )
+
+    parser.add_argument(
+        "-v", "--verbose",
+        action="store_true",
+        help="Enable verbose output"
+    )
+
+    args = parser.parse_args()
+
+    converter = BTFConverter(
+        btf_source=args.btf_source,
+        output_file=args.output,
+        keep_intermediate=args.keep_intermediate,
+        verbose=args.verbose
+    )
+
+    converter.convert()
+
+
+if __name__ == "__main__":
+    main()