varun-r-mallya/python-bpf
1
0
Fork 0
mirror of https://github.com/varun-r-mallya/Python-BPF.git synced 2025-12-31 21:06:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: varun-r-mallya:v0.1.2
Branches Tags
varun-r-mallya:master varun-r-mallya:kfunc varun-r-mallya:fix-vmlinux-ir-gen varun-r-mallya:request-struct varun-r-mallya:copilot/sub-pr-68 varun-r-mallya:copilot/fix-attributeerror-vmlinux-structs varun-r-mallya:symex varun-r-mallya:all_helpers varun-r-mallya:32int_support varun-r-mallya:refactor_assign varun-r-mallya:globals varun-r-mallya:refactor_conds varun-r-mallya:ringbuf-helpers varun-r-mallya:sym
varun-r-mallya:v0.1.8 varun-r-mallya:v0.1.7 varun-r-mallya:v0.1.6 varun-r-mallya:v0.1.5 varun-r-mallya:v0.1.4 varun-r-mallya:v0.1.3 varun-r-mallya:v0.1.2 varun-r-mallya:v0.1.1 varun-r-mallya:v0.0.0
...
compare: varun-r-mallya:168ab29be3a0ad461b7ccd2c8d148a5849dc061d
Branches Tags
varun-r-mallya:master varun-r-mallya:kfunc varun-r-mallya:fix-vmlinux-ir-gen varun-r-mallya:request-struct varun-r-mallya:copilot/sub-pr-68 varun-r-mallya:copilot/fix-attributeerror-vmlinux-structs varun-r-mallya:symex varun-r-mallya:all_helpers varun-r-mallya:32int_support varun-r-mallya:refactor_assign varun-r-mallya:globals varun-r-mallya:refactor_conds varun-r-mallya:ringbuf-helpers varun-r-mallya:sym
varun-r-mallya:v0.1.8 varun-r-mallya:v0.1.7 varun-r-mallya:v0.1.6 varun-r-mallya:v0.1.5 varun-r-mallya:v0.1.4 varun-r-mallya:v0.1.3 varun-r-mallya:v0.1.2 varun-r-mallya:v0.1.1 varun-r-mallya:v0.0.0

72 Commits
v0.1.2 ... 168ab29be3

Author SHA1 Message Date
Pragyansh Chaturvedi
168ab29be3 Format function definitions in bpf_helper_handler 2025-10-01 04:04:32 +05:30
Pragyansh Chaturvedi
61f6743f0a Use HelperHandleRegitry 2025-10-01 03:53:11 +05:30
Pragyansh Chaturvedi
6cd07498fe Create HelperProcessorRegistry 2025-10-01 03:07:36 +05:30
Pragyansh Chaturvedi
7e45864552 Move helper scripts to a new dir, make temp fixes to allow this 2025-09-30 23:57:31 +05:30
Pragyansh Chaturvedi
fa2ff0a242 Use BPFHelperID Enums in bpf_helper_handler 2025-09-30 23:51:05 +05:30
Pragyansh Chaturvedi
c1466a5bca Add BPFHelperID enum to bpf_helper_handler 2025-09-30 23:43:29 +05:30
Pragyansh Chaturvedi
44b95b69ca Add __init__.py under structs/, fix imports 2025-09-30 23:26:18 +05:30
varun-r-mallya
0e1cbb30b7 attribute out vmlinux 2025-09-30 21:10:20 +05:30
varunrmallya
f489129949 Merge pull request #9 from pythonbpf/refactor 
Cleanup and rename examples
 2025-09-30 21:07:06 +05:30
varun-r-mallya
0d0a318e46 cleanup and rename 2025-09-30 21:05:07 +05:30
varun-r-mallya
18811933bf cleanup stray files and add return paths 2025-09-30 20:52:41 +05:30
varunrmallya
912d0c8eac Merge pull request #8 from pythonbpf/refactor 
Add dwarf module
 2025-09-30 20:39:48 +05:30
varun-r-mallya
b88888fc68 Add DebugInfoGenerator functions instead of obscene looking debug information directly 2025-09-30 20:37:02 +05:30
varun-r-mallya
e80486975f Add DebugInfoGenerator class 2025-09-30 20:31:00 +05:30
varun-r-mallya
63944c5f93 add todo for global addition to debug compile unit. 2025-09-30 20:28:35 +05:30
varun-r-mallya
ce9be8750d add dwarf behaviour conditions 2025-09-30 20:26:38 +05:30
varun-r-mallya
6afcffb4ed add debug module 2025-09-30 20:18:26 +05:30
varun-r-mallya
af004cb864 janitorial 2025-09-30 20:09:04 +05:30
Pragyansh Chaturvedi
980f2af414 Merge pull request #6 from pythonbpf/refactor-maps 
Refactor maps_pass
 2025-09-30 19:58:32 +05:30
Pragyansh Chaturvedi
87908e8713 Remove backslash for multiline conditions in maps 2025-09-30 19:57:58 +05:30
Pragyansh Chaturvedi
0f3cc434a3 Fix return for unknown map types 2025-09-30 19:55:37 +05:30
Pragyansh Chaturvedi
d943b78a25 Add __init__ to maps to improve imports 2025-09-30 19:51:28 +05:30
Pragyansh Chaturvedi
744aa3fbdf Use logger instead of prints in map_pass 2025-09-30 19:44:29 +05:30
Pragyansh Chaturvedi
9fa362ec6a Remove global map_sym_tab 2025-09-30 19:29:45 +05:30
Pragyansh Chaturvedi
ca51b7ce01 Fix invalid member func for MapProcessorRegistry 2025-09-30 19:10:25 +05:30
Pragyansh Chaturvedi
2e005f6eb5 Create MapProcessorRegistry to add more maps 2025-09-30 19:08:56 +05:30
Pragyansh Chaturvedi
cbc6b93cd8 restructure maps dir, fix imports 2025-09-30 19:01:46 +05:30
Pragyansh Chaturvedi
9ae1b6ce15 Fix usage of map_params to use BPFMapType 2025-09-30 13:28:18 +05:30
Pragyansh Chaturvedi
1a1f2cf634 create BPFMapType enum 2025-09-30 12:20:07 +05:30
Pragyansh Chaturvedi
0d691865bc Add is_map in maps_pass 2025-09-30 11:44:12 +05:30
varunrmallya
0fb1cafd20 Revise README for clarity and additional details 
Updated README.md to enhance project description, installation instructions, and usage examples.
 2025-09-30 03:05:27 +05:30
Pragyansh Chaturvedi
1adf7d7fcc Merge pull request #5 from pythonbpf/struct_refactor 
Struct refactor
 2025-09-30 02:01:58 +05:30
Pragyansh Chaturvedi
3ded17bf8b Fix size calc for ArrayType in structs 2025-09-30 01:59:18 +05:30
Pragyansh Chaturvedi
715442d7bf fix struct usage in expr_pass 2025-09-30 01:59:17 +05:30
Pragyansh Chaturvedi
e464a3fdd5 fix struct usage in handle_helper_functions 2025-09-30 01:59:16 +05:30
Pragyansh Chaturvedi
fed4c179e6 fix struct usage in functions_pass 2025-09-30 01:59:15 +05:30
Pragyansh Chaturvedi
32c22c3148 fix struct imports 2025-09-30 01:59:14 +05:30
Pragyansh Chaturvedi
4557b094e1 Use StructType in struct_pass, fix indexing 2025-09-30 01:59:13 +05:30
Pragyansh Chaturvedi
84500305db Move structs_pass under structs, create StructType 2025-09-30 01:59:12 +05:30
Pragyansh Chaturvedi
0d21f84529 Remove redundant functions from struct_pass 2025-09-30 01:59:11 +05:30
Pragyansh Chaturvedi
5bcc02a931 add parser_struct_fields 2025-09-30 01:59:10 +05:30
Pragyansh Chaturvedi
fe91a176e2 fix structs_proc 2025-09-30 01:59:09 +05:30
Pragyansh Chaturvedi
083ee21e38 structs_pass cleanup 2025-09-30 01:59:06 +05:30
varun-r-mallya
ea5a1ab2de add jupyter notebook support 2025-09-27 12:24:49 +05:30
Pragyansh Chaturvedi
de5cc438ab Allow access from struct fields 2025-09-26 23:02:51 +05:30
varun-r-mallya
8c2196c05c bump version 
Signed-off-by: varun-r-mallya <varunrmallya@gmail.com>
 2025-09-26 22:48:17 +05:30
Pragyansh Chaturvedi
a2f86d680d Merge pull request #4 from varun-r-mallya/type_system 
Type system and strings
 2025-09-26 18:27:10 +05:30
Pragyansh Chaturvedi
0f365be65e Add some support for strings in structs 2025-09-26 18:26:07 +05:30
Pragyansh Chaturvedi
4ebf0480dd tweak commit to add placeholder string 2025-09-26 04:54:01 +05:30
Pragyansh Chaturvedi
b9ddecd6b1 Add string as a primitve to struct defs 2025-09-26 04:44:38 +05:30
Pragyansh Chaturvedi
737c4d3039 Support storing and printing string type 2025-09-26 04:17:29 +05:30
Pragyansh Chaturvedi
da8a495da7 Fix handle_cond for new symtab convention 2025-09-26 04:05:37 +05:30
Pragyansh Chaturvedi
ee03ac04d0 Fix printk handler to comply with new symtab convention 2025-09-26 01:02:10 +05:30
Pragyansh Chaturvedi
51595f9ec2 Add types returns to bpf helpers 2025-09-26 00:28:10 +05:30
Pragyansh Chaturvedi
4cf284a81f provide type as weel in eval_expr 2025-09-26 00:24:10 +05:30
Pragyansh Chaturvedi
1517f6e052 Fix local_sym_tab accesses in expr_pass 2025-09-25 23:54:04 +05:30
Pragyansh Chaturvedi
95f360059b Fix local_sym_tab accesses in binary_ops 2025-09-25 23:53:04 +05:30
Pragyansh Chaturvedi
dad57bd340 Fix local_sym_tab accesses in bpf_helper_handler 2025-09-25 23:51:08 +05:30
Pragyansh Chaturvedi
529b0bde19 Fix local_sym_tab accesses in functions_pass 2025-09-25 23:49:28 +05:30
Pragyansh Chaturvedi
943697ac9f Pass down type info in local_sym_tab 2025-09-25 23:43:19 +05:30
Pragyansh Chaturvedi
ba90af9ff2 Allocate space for string consts 2025-09-25 22:24:55 +05:30
Pragyansh Chaturvedi
35969c4ff7 Add string example 2025-09-25 22:15:14 +05:30
Pragyansh Chaturvedi
9e87ee52f2 Move relevant vmlinux files to ex7.bpf.c 2025-09-25 00:10:39 +05:30
Pragyansh Chaturvedi
d0be8893eb Add setuid C example 2025-09-24 23:48:42 +05:30
varun-r-mallya
dda05bd044 Add matplotlib example 2025-09-23 20:36:15 +05:30
varun-r-mallya
28e6f97708 add support for compilation with pylibbpf 
Signed-off-by: varun-r-mallya <varunrmallya@gmail.com>
 2025-09-21 18:05:43 +05:30
Pragyansh Chaturvedi
a1bc813ec5 Small fix to enum va 2025-09-21 17:58:51 +05:30
Pragyansh Chaturvedi
fefd6840c8 finish perf_event_output helper integration 2025-09-21 17:50:58 +05:30
Pragyansh Chaturvedi
79f0949abc Fix calling conventions changed by structs 2025-09-21 16:19:12 +05:30
Pragyansh Chaturvedi
a1371697cc overhaul handle_helper_calls 2025-09-21 16:10:29 +05:30
Pragyansh Chaturvedi
3c976b88d3 pass down structs_sym_tab 2025-09-21 15:20:41 +05:30
Pragyansh Chaturvedi
69a86c2433 Add perf_event_output boilerplate 2025-09-21 15:14:55 +05:30
51 changed files with 1606 additions and 733 deletions
Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
tests/c-form/vmlinux.h linguist-vendored

3
.gitignore vendored
View File

@ -5,4 +5,5 @@
.vscode/
__pycache__/
*.ll
*.o
*.o
.ipynb_checkpoints/

202
README.md
View File

@ -1,77 +1,183 @@
# Python-BPF
<p align="center">
<a href="https://www.python.org/downloads/release/python-3080/"><img src="https://img.shields.io/badge/python-3.8-blue.svg"></a>
<a href="https://pypi.org/project/pythonbpf"><img src="https://badge.fury.io/py/pythonbpf.svg"></a>
</p>
This is an LLVM IR generator for eBPF programs in Python. We use llvmlite to generate LLVM IR from pure Python. This is then compiled to LLVM object files, which can be loaded into the kernel for execution. We do not rely on BCC to do our compilation.
Python-BPF is an LLVM IR generator for eBPF programs written in Python. It uses [llvmlite](https://github.com/numba/llvmlite) to generate LLVM IR and then compiles to LLVM object files. These object files can be loaded into the kernel for execution. Unlike BCC, Python-BPF performs compilation without relying on its infrastructure.
# DO NOT USE IN PRODUCTION. IN DEVELOPMENT.
> **Note**: This project is under active development and not ready for production use.
## Video Demo
[Video demo for code under demo/](https://youtu.be/eMyLW8iWbks)
---
## Slide Deck
[Slide deck explaining the project](https://docs.google.com/presentation/d/1DsWDIVrpJhM4RgOETO9VWqUtEHo3-c7XIWmNpi6sTSo/edit?usp=sharing)
## Overview
## Installation
- Have `clang` installed.
- `pip install pythonbpf`
* Generate eBPF programs directly from Python.
* Compile to LLVM object files for kernel execution.
* Built with `llvmlite` for IR generation.
* Supports maps, helpers, and global definitions for BPF.
* Companion project: [pylibbpf](https://github.com/pythonbpf/pylibbpf), which provides the bindings required for object loading and execution.
---
## Installation
Dependencies:
* `clang`
* Python ≥ 3.8
Install via pip:
```bash
pip install pythonbpf pylibbpf
```
---
## Example Usage
## Usage
```python
# pythonbpf_example.py
from pythonbpf import bpf, map, bpfglobal, section, compile
from pythonbpf.helpers import bpf_ktime_get_ns
import time
from pythonbpf import bpf, map, section, bpfglobal, BPF
from pythonbpf.helpers import pid
from pythonbpf.maps import HashMap
from pylibbpf import *
from ctypes import c_void_p, c_int64, c_uint64, c_int32
import matplotlib.pyplot as plt
from ctypes import c_void_p, c_int64, c_int32, c_uint64
# This program attaches an eBPF tracepoint to sys_enter_clone,
# counts per-PID clone syscalls, stores them in a hash map,
# and then plots the distribution as a histogram using matplotlib.
# It provides a quick view of process creation activity over 10 seconds.
@bpf
@map
def last() -> HashMap:
return HashMap(key=c_uint64, value=c_uint64, max_entries=1)
def hist() -> HashMap:
return HashMap(key=c_int32, value=c_uint64, max_entries=4096)
@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello(ctx: c_void_p) -> c_int32:
print("entered")
return c_int32(0)
@bpf
@section("tracepoint/syscalls/sys_exit_execve")
def hello_again(ctx: c_void_p) -> c_int64:
print("exited")
key = 0
tsp = last().lookup(key)
print(tsp)
ts = bpf_ktime_get_ns()
@section("tracepoint/syscalls/sys_enter_clone")
def hello(ctx: c_void_p) -> c_int64:
process_id = pid()
one = 1
prev = hist().lookup(process_id)
if prev:
previous_value = prev + 1
print(f"count: {previous_value} with {process_id}")
hist().update(process_id, previous_value)
return c_int64(0)
else:
hist().update(process_id, one)
return c_int64(0)
@bpf
@bpfglobal
def LICENSE() -> str:
return "GPL"
def some_normal_function():
print("normal function")
# compiles and dumps object file in the same directory
compile()
b = BPF()
b.load_and_attach()
hist = BpfMap(b, hist)
print("Recording")
time.sleep(10)
counts = list(hist.values())
plt.hist(counts, bins=20)
plt.xlabel("Clone calls per PID")
plt.ylabel("Frequency")
plt.title("Syscall clone counts")
plt.show()
```
- Run `python pythonbpf_example.py` to get the compiled object file that can be then loaded into the kernel.
---
## Architecture
Python-BPF provides a complete pipeline to write, compile, and load eBPF programs in Python:
1. **Python Source Code**
* Users write BPF programs in Python using decorators like `@bpf`, `@map`, `@section`, and `@bpfglobal`.
* Maps (hash maps), helpers (e.g., `ktime`, `deref`), and tracepoints are defined using Python constructs, preserving a syntax close to standard Python.
2. **AST Generation**
* The Python `ast` module parses the source code into an Abstract Syntax Tree (AST).
* Decorators and type annotations are captured to determine BPF maps, tracepoints, and global variables.
3. **LLVM IR Emission**
* The AST is transformed into LLVM Intermediate Representation (IR) using `llvmlite`.
* IR captures BPF maps, control flow, assignments, and calls to helper functions.
* Debug information is emitted for easier inspection.
4. **LLVM Object File Compilation**
* The LLVM IR (`.ll`) is compiled into a BPF target object file (`.o`) using `llc -march=bpf -O2`.
* This produces a kernel-loadable ELF object file containing the BPF bytecode.
5. **libbpf Integration (via pylibbpf)**
* The compiled object file can be loaded into the kernel using `pylibbpf`.
* Maps, tracepoints, and program sections are initialized, and helper functions are resolved.
* Programs are attached to kernel hooks (e.g., syscalls) for execution.
6. **Execution in Kernel**
* The kernel executes the loaded eBPF program.
* Hash maps, helpers, and global variables behave as defined in the Python source.
* Output can be read via BPF maps, helper functions, or trace printing.
This architecture eliminates the need for embedding C code in Python, allowing full Python tooling support while generating true BPF object files ready for kernel execution.
---
## Development
- Make a virtual environment and activate it using `python3 -m venv .venv && source .venv/bin/activate`.
- Run `make install` to install the required dependencies.
- Run `make` to see the compilation output of the example.
- Run `check.sh` to check if generated object file passes through the verifier inside the examples directory.
- Run `make` in the `examples/c-form` directory to modify the example C BPF program to check the actual LLVM IR generated by clang.
### Development Notes
- Run ` ./check.sh check execve2.o;` in examples folder to check if the object code passes the verifier.
- Run ` ./check.sh run execve2.o;` in examples folder to run the object code using `bpftool`.
1. Create a virtual environment and activate it:
```bash
python3 -m venv .venv
source .venv/bin/activate
```
2. Install dependencies:
```bash
make install
```
3. Build and test examples:
```bash
make
```
4. Verify an object file with the kernel verifier:
```bash
./check.sh check execve2.o
```
5. Run an object file using `bpftool`:
```bash
./check.sh run execve2.o
```
6. Explore LLVM IR output from clang in `examples/c-form` by running `make`.
---
## Resources
* [Video demonstration](https://youtu.be/eMyLW8iWbks)
* [Slide deck](https://docs.google.com/presentation/d/1DsWDIVrpJhM4RgOETO9VWqUtEHo3-c7XIWmNpi6sTSo/edit?usp=sharing)
---
## Authors
- [@r41k0u](https://github.com/r41k0u)
- [@varun-r-mallya](https://github.com/varun-r-mallya)
* [@r41k0u](https://github.com/r41k0u)
* [@varun-r-mallya](https://github.com/varun-r-mallya)
---

46
demo/bcc.py
View File

@ -1,46 +0,0 @@
from __future__ import print_function
from bcc import BPF
from bcc.utils import printb
# load BPF program
b = BPF(text="""
#include <uapi/linux/ptrace.h>
BPF_HASH(last);
int do_trace(struct pt_regs *ctx) {
u64 ts, *tsp, delta, key = 0;
// attempt to read stored timestamp
tsp = last.lookup(&key);
if (tsp != NULL) {
delta = bpf_ktime_get_ns() - *tsp;
if (delta < 1000000000) {
// output if time is less than 1 second
bpf_trace_printk("%d\\n", delta / 1000000);
}
last.delete(&key);
}
// update stored timestamp
ts = bpf_ktime_get_ns();
last.update(&key, &ts);
return 0;
}
""")
b.attach_kprobe(event=b.get_syscall_fnname("sync"), fn_name="do_trace")
print("Tracing for quick sync's... Ctrl-C to end")
# TODO
# format output
start = 0
while 1:
try:
(task, pid, cpu, flags, ts, ms) = b.trace_fields()
if start == 0:
start = ts
ts = ts - start
printb(b"At time %.2f s: multiple syncs detected, last %s ms ago" % (ts, ms))
except KeyboardInterrupt:
exit()

23
demo/pybpf0.py
View File

@ -1,23 +0,0 @@
from pythonbpf import bpf, section, bpfglobal, compile
from ctypes import c_void_p, c_int64
# Instructions to how to run this program
# 1. Install PythonBPF: pip install pythonbpf
# 2. Run the program: python demo/pybpf0.py
# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf0.o
# 4. Start up any program and watch the output
@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello_world(ctx: c_void_p) -> c_int64:
print("Hello, World!")
return c_int64(0)
@bpf
@bpfglobal
def LICENSE() -> str:
return "GPL"
compile()

4
demo/pybpf3.py → examples/binops_demo.py
View File

@ -6,8 +6,8 @@ from ctypes import c_void_p, c_int64, c_uint64
# Instructions to how to run this program
# 1. Install PythonBPF: pip install pythonbpf
# 2. Run the program: python demo/pybpf3.py
# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf3.o
# 2. Run the program: python examples/binops_demo.py
# 3. Run the program with sudo: sudo tools/check.sh run examples/binops_demo.py
# 4. Start up any program and watch the output
@bpf

1
examples/execve4.py → examples/blk_request.py
View File

@ -10,7 +10,6 @@ from ctypes import c_void_p, c_int64, c_int32, c_uint64
def last() -> HashMap:
return HashMap(key=c_uint64, value=c_uint64, max_entries=3)
@bpf
@section("blk_start_request")
def trace_start(ctx: c_void_p) -> c_int32:

397
examples/clone-matplotlib.ipynb Normal file
View File

File diff suppressed because one or more lines are too long

56
examples/clone_plot.py Normal file
View File

@ -0,0 +1,56 @@
import time
from pythonbpf import bpf, map, section, bpfglobal, BPF
from pythonbpf.helpers import pid
from pythonbpf.maps import HashMap
from pylibbpf import *
from ctypes import c_void_p, c_int64, c_uint64, c_int32
import matplotlib.pyplot as plt
# This program attaches an eBPF tracepoint to sys_enter_clone,
# counts per-PID clone syscalls, stores them in a hash map,
# and then plots the distribution as a histogram using matplotlib.
# It provides a quick view of process creation activity over 10 seconds.
# Everything is done with Python only code and with the new pylibbpf library.
# Run `sudo /path/to/python/binary/ clone_plot.py`
@bpf
@map
def hist() -> HashMap:
return HashMap(key=c_int32, value=c_uint64, max_entries=4096)
@bpf
@section("tracepoint/syscalls/sys_enter_clone")
def hello(ctx: c_void_p) -> c_int64:
process_id = pid()
one = 1
prev = hist().lookup(process_id)
if prev:
previous_value = prev + 1
print(f"count: {previous_value} with {process_id}")
hist().update(process_id, previous_value)
return c_int64(0)
else:
hist().update(process_id, one)
return c_int64(0)
@bpf
@bpfglobal
def LICENSE() -> str:
return "GPL"
b = BPF()
b.load_and_attach()
hist = BpfMap(b, hist)
print("Recording")
time.sleep(10)
counts = list(hist.values())
plt.hist(counts, bins=20)
plt.xlabel("Clone calls per PID")
plt.ylabel("Frequency")
plt.title("Syscall clone counts")
plt.show()

35
examples/execve2.py
View File

@ -1,35 +0,0 @@
from pythonbpf.decorators import bpf, map, section, bpfglobal
from ctypes import c_void_p, c_int64, c_int32, c_uint64
from pythonbpf.helpers import ktime
from pythonbpf.maps import HashMap
@bpf
@map
def last() -> HashMap:
return HashMap(key=c_uint64, value=c_uint64, max_entries=1)
@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello(ctx: c_void_p) -> c_int32:
print("entered")
print("multi constant support")
return c_int32(0)
@bpf
@section("tracepoint/syscalls/sys_exit_execve")
def hello_again(ctx: c_void_p) -> c_int64:
print("exited")
key = 0
tsp = last().lookup(key)
print(tsp)
ts = ktime()
return c_int64(0)
@bpf
@bpfglobal
def LICENSE() -> str:
return "GPL"

55
examples/execve3.py
View File

@ -1,55 +0,0 @@
from pythonbpf import bpf, map, section, bpfglobal, compile
from pythonbpf.helpers import ktime, deref
from pythonbpf.maps import HashMap
from ctypes import c_void_p, c_int64, c_int32, c_uint64
@bpf
@map
def last() -> HashMap:
return HashMap(key=c_uint64, value=c_uint64, max_entries=3)
@bpf
@section("tracepoint/syscalls/sys_enter_execve")
def hello(ctx: c_void_p) -> c_int32:
print("entered")
print("multi constant support")
return c_int32(0)
@bpf
@section("tracepoint/syscalls/sys_exit_execve")
def hello_again(ctx: c_void_p) -> c_int64:
print("exited")
key = 0
delta = 0
dddelta = 0
tsp = last().lookup(key)
if True:
delta = ktime()
ddelta = deref(delta)
ttsp = deref(deref(tsp))
dddelta = ddelta - ttsp
if dddelta < 1000000000:
print("execve called within last second")
last().delete(key)
ts = ktime()
last().update(key, ts)
va = 8
nm = 5 + va
al = 6 & 3
print(f"this is a variable {nm}")
return c_int64(0)
@bpf
@bpfglobal
def LICENSE() -> str:
return "GPL"
compile()

27
examples/hello_world.py
View File

@ -1,15 +1,28 @@
# This is what it is going to look like
# pylint: disable-all# type: ignore
from pythonbpf.decorators import tracepoint, syscalls, bpfglobal, bpf
from ctypes import c_void_p, c_int32
from pythonbpf import bpf, section, bpfglobal, compile, BPF
from ctypes import c_void_p, c_int64
# Instructions to how to run this program
# 1. Install PythonBPF: pip install pythonbpf
# 2. Run the program: sudo python examples/hello_world.py
# 4. Start up any program and watch the output
@bpf
@tracepoint(syscalls.sys_clone)
def trace_clone(ctx: c_void_p) -> c_int32:
@section("tracepoint/syscalls/sys_enter_execve")
def hello_world(ctx: c_void_p) -> c_int64:
print("Hello, World!")
return c_int32(0)
return c_int64(0)
@bpf
@bpfglobal
def LICENSE() -> str:
return "GPL"
b = BPF()
b.load_and_attach()
if b.is_loaded() and b.is_attached():
print("Successfully loaded and attached")
else:
print("Could not load successfully")
# Now cat /sys/kernel/debug/tracing/trace_pipe to see results of the execve syscall.

12
examples/execve5.py → examples/struct_and_perf.py
View File

@ -10,6 +10,7 @@ from ctypes import c_void_p, c_int64, c_int32, c_uint64
class data_t:
pid: c_uint64
ts: c_uint64
comm: str(16)
@bpf
@ -22,11 +23,12 @@ def events() -> PerfEventArray:
@section("tracepoint/syscalls/sys_enter_clone")
def hello(ctx: c_void_p) -> c_int32:
dataobj = data_t()
ts = ktime()
process_id = pid()
dataobj.pid = process_id
dataobj.ts = ts
print(f"clone called at {ts} by pid {process_id}")
strobj = "hellohellohello"
dataobj.pid = pid()
dataobj.ts = ktime()
# dataobj.comm = strobj
print(f"clone called at {dataobj.ts} by pid {dataobj.pid}, comm {strobj}")
events.output(dataobj)
return c_int32(0)

7
demo/pybpf2.py → examples/sys_sync.py
View File

@ -1,15 +1,16 @@
from pythonbpf import bpf, map, section, bpfglobal, compile
from pythonbpf.helpers import ktime
from pythonbpf.helper.helpers import ktime
from pythonbpf.maps import HashMap
from ctypes import c_void_p, c_int64, c_uint64
# Instructions to how to run this program
# 1. Install PythonBPF: pip install pythonbpf
# 2. Run the program: python demo/pybpf2.py
# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf2.o
# 2. Run the program: python examples/sys_sync.py
# 3. Run the program with sudo: sudo tools/check.sh run examples/sys_sync.o
# 4. Start a Python repl and `import os` and then keep entering `os.sync()` to see reponses.
@bpf
@map
def last() -> HashMap:

6
demo/pybpf1.py → examples/xdp_pass.py
View File

@ -6,9 +6,9 @@ from ctypes import c_void_p, c_int64
# Instructions to how to run this program
# 1. Install PythonBPF: pip install pythonbpf
# 2. Run the program: python demo/pybpf1.py
# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf1.o
# 4. Attach object file to any network device with something like ./check.sh xdp ../demo/pybpf1.o tailscale0
# 2. Run the program: python examples/xdp_pass.py
# 3. Run the program with sudo: sudo tools/check.sh run examples/xdp_pass.o
# 4. Attach object file to any network device with something like ./check.sh xdp examples/xdp_pass.o tailscale0
# 5. send traffic through the device and observe effects
@bpf

5
pyproject.toml
View File

@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
[project]
name = "pythonbpf"
version = "0.1.2"
version = "0.1.3"
description = "Reduced Python frontend for eBPF"
authors = [
{ name = "r41k0u", email="pragyanshchaturvedi18@gmail.com" },
@ -16,7 +16,8 @@ requires-python = ">=3.8"
dependencies = [
"llvmlite",
"astpretty"
"astpretty",
"pylibbpf"
]
[tool.setuptools.packages.find]

2
pythonbpf/__init__.py
View File

@ -1,2 +1,2 @@
from .decorators import bpf, map, section, bpfglobal, struct
from .codegen import compile_to_ir, compile
from .codegen import compile_to_ir, compile, BPF

27
pythonbpf/binary_ops.py
View File

@ -15,6 +15,7 @@ def recursive_dereferencer(var, builder):
else:
raise TypeError(f"Unsupported type for dereferencing: {var.type}")
def handle_binary_op(rval, module, builder, var_name, local_sym_tab, map_sym_tab, func):
print(module)
left = rval.left
@ -24,7 +25,7 @@ def handle_binary_op(rval, module, builder, var_name, local_sym_tab, map_sym_tab
# Handle left operand
if isinstance(left, ast.Name):
if left.id in local_sym_tab:
left = recursive_dereferencer(local_sym_tab[left.id], builder)
left = recursive_dereferencer(local_sym_tab[left.id][0], builder)
else:
raise SyntaxError(f"Undefined variable: {left.id}")
elif isinstance(left, ast.Constant):
@ -34,7 +35,7 @@ def handle_binary_op(rval, module, builder, var_name, local_sym_tab, map_sym_tab
if isinstance(right, ast.Name):
if right.id in local_sym_tab:
right = recursive_dereferencer(local_sym_tab[right.id], builder)
right = recursive_dereferencer(local_sym_tab[right.id][0], builder)
else:
raise SyntaxError(f"Undefined variable: {right.id}")
elif isinstance(right, ast.Constant):
@ -46,36 +47,36 @@ def handle_binary_op(rval, module, builder, var_name, local_sym_tab, map_sym_tab
if isinstance(op, ast.Add):
builder.store(builder.add(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.Sub):
builder.store(builder.sub(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.Mult):
builder.store(builder.mul(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.Div):
builder.store(builder.sdiv(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.Mod):
builder.store(builder.srem(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.LShift):
builder.store(builder.shl(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.RShift):
builder.store(builder.lshr(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.BitOr):
builder.store(builder.or_(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.BitXor):
builder.store(builder.xor(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.BitAnd):
builder.store(builder.and_(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
elif isinstance(op, ast.FloorDiv):
builder.store(builder.udiv(left, right),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
else:
raise SyntaxError("Unsupported binary operation")

58
pythonbpf/codegen.py
View File

@ -2,13 +2,18 @@ import ast
from llvmlite import ir
from .license_pass import license_processing
from .functions_pass import func_proc
from .maps_pass import maps_proc
from .structs_pass import structs_proc
from pythonbpf.maps import maps_proc
from .structs import structs_proc
from .globals_pass import globals_processing
from .debuginfo import DW_LANG_C11, DwarfBehaviorEnum
import os
import subprocess
import inspect
from pathlib import Path
from pylibbpf import BpfProgram
import tempfile
VERSION = "v0.1.3"
def find_bpf_chunks(tree):
@ -48,16 +53,18 @@ def compile_to_ir(filename: str, output: str):
module.triple = "bpf"
if not hasattr(module, '_debug_compile_unit'):
module._file_metadata = module.add_debug_info("DIFile", { # type: ignore
module._file_metadata = module.add_debug_info("DIFile", { # type: ignore
"filename": filename,
"directory": os.path.dirname(filename)
})
module._debug_compile_unit = module.add_debug_info("DICompileUnit", { # type: ignore
"language": 29, # DW_LANG_C11
"file": module._file_metadata, # type: ignore
"producer": "PythonBPF DSL Compiler",
"isOptimized": True,
module._debug_compile_unit = module.add_debug_info("DICompileUnit", { # type: ignore
"language": DW_LANG_C11,
"file": module._file_metadata, # type: ignore
"producer": f"PythonBPF {VERSION}",
"isOptimized": True, # TODO: This is probably not true
# TODO: add a global field here that keeps track of all the globals. Works without it, but I think it might
# be required for kprobes.
"runtimeVersion": 0,
"emissionKind": 1,
"splitDebugInlining": False,
@ -65,33 +72,34 @@ def compile_to_ir(filename: str, output: str):
}, is_distinct=True)
module.add_named_metadata(
"llvm.dbg.cu", module._debug_compile_unit) # type: ignore
"llvm.dbg.cu", module._debug_compile_unit) # type: ignore
processor(source, filename, module)
wchar_size = module.add_metadata([ir.Constant(ir.IntType(32), 1),
wchar_size = module.add_metadata([DwarfBehaviorEnum.ERROR_IF_MISMATCH,
"wchar_size",
ir.Constant(ir.IntType(32), 4)])
frame_pointer = module.add_metadata([ir.Constant(ir.IntType(32), 7),
frame_pointer = module.add_metadata([DwarfBehaviorEnum.OVERRIDE_USE_LARGEST,
"frame-pointer",
ir.Constant(ir.IntType(32), 2)])
# Add Debug Info Version (3 = DWARF v3, which LLVM expects)
debug_info_version = module.add_metadata([ir.Constant(ir.IntType(32), 2),
debug_info_version = module.add_metadata([DwarfBehaviorEnum.WARNING_IF_MISMATCH,
"Debug Info Version",
ir.Constant(ir.IntType(32), 3)])
# Add explicit DWARF version (4 is common, works with LLVM BPF backend)
dwarf_version = module.add_metadata([ir.Constant(ir.IntType(32), 2),
# Add explicit DWARF version 5
dwarf_version = module.add_metadata([DwarfBehaviorEnum.OVERRIDE_USE_LARGEST,
"Dwarf Version",
ir.Constant(ir.IntType(32), 4)])
ir.Constant(ir.IntType(32), 5)])
module.add_named_metadata("llvm.module.flags", wchar_size)
module.add_named_metadata("llvm.module.flags", frame_pointer)
module.add_named_metadata("llvm.module.flags", debug_info_version)
module.add_named_metadata("llvm.module.flags", dwarf_version)
module.add_named_metadata("llvm.ident", ["llvmlite PythonBPF v0.0.1"])
module.add_named_metadata("llvm.ident", [f"PythonBPF {VERSION}"])
print(f"IR written to {output}")
with open(output, "w") as f:
f.write(f"source_filename = \"{filename}\"\n")
f.write(str(module))
@ -116,3 +124,21 @@ def compile():
], check=True)
print(f"Object written to {o_file}, {ll_file} can be removed")
def BPF() -> BpfProgram:
caller_frame = inspect.stack()[1]
src = inspect.getsource(caller_frame.frame)
with tempfile.NamedTemporaryFile(mode="w+", delete=True, suffix=".py") as f, \
tempfile.NamedTemporaryFile(mode="w+", delete=True, suffix=".ll") as inter, \
tempfile.NamedTemporaryFile(mode="w+", delete=False, suffix=".o") as obj_file:
f.write(src)
f.flush()
source = f.name
compile_to_ir(source, str(inter.name))
subprocess.run([
"llc", "-march=bpf", "-filetype=obj", "-O2",
str(inter.name), "-o", str(obj_file.name)
], check=True)
return BpfProgram(str(obj_file.name))

3
pythonbpf/debuginfo/__init__.py Normal file
View File

@ -0,0 +1,3 @@
from .dwarf_constants import *
from .dtypes import *
from .debug_info_generator import DebugInfoGenerator

92
pythonbpf/debuginfo/debug_info_generator.py Normal file
View File

@ -0,0 +1,92 @@
"""
Debug information generation module for Python-BPF
Provides utilities for generating DWARF/BTF debug information
"""
from . import dwarf_constants as dc
from typing import Dict, Any, List, Optional, Union
class DebugInfoGenerator:
def __init__(self, module):
self.module = module
self._type_cache = {} # Cache for common debug types
def get_basic_type(self, name: str, size: int, encoding: int) -> Any:
"""Get or create a basic type with caching"""
key = (name, size, encoding)
if key not in self._type_cache:
self._type_cache[key] = self.module.add_debug_info("DIBasicType", {
"name": name,
"size": size,
"encoding": encoding
})
return self._type_cache[key]
def get_uint32_type(self) -> Any:
"""Get debug info for unsigned 32-bit integer"""
return self.get_basic_type("unsigned int", 32, dc.DW_ATE_unsigned)
def get_uint64_type(self) -> Any:
"""Get debug info for unsigned 64-bit integer"""
return self.get_basic_type("unsigned long long", 64, dc.DW_ATE_unsigned)
def create_pointer_type(self, base_type: Any, size: int = 64) -> Any:
"""Create a pointer type to the given base type"""
return self.module.add_debug_info("DIDerivedType", {
"tag": dc.DW_TAG_pointer_type,
"baseType": base_type,
"size": size
})
def create_array_type(self, base_type: Any, count: int) -> Any:
"""Create an array type of the given base type with specified count"""
subrange = self.module.add_debug_info("DISubrange", {"count": count})
return self.module.add_debug_info("DICompositeType", {
"tag": dc.DW_TAG_array_type,
"baseType": base_type,
"size": self._compute_array_size(base_type, count),
"elements": [subrange]
})
@staticmethod
def _compute_array_size(base_type: Any, count: int) -> int:
# Extract size from base_type if possible
# For simplicity, assuming base_type has a size attribute
return getattr(base_type, "size", 32) * count
def create_struct_member(self, name: str, base_type: Any, offset: int) -> Any:
"""Create a struct member with the given name, type, and offset"""
return self.module.add_debug_info("DIDerivedType", {
"tag": dc.DW_TAG_member,
"name": name,
"file": self.module._file_metadata,
"baseType": base_type,
"size": getattr(base_type, "size", 64),
"offset": offset
})
def create_struct_type(self, members: List[Any], size: int, is_distinct: bool) -> Any:
"""Create a struct type with the given members and size"""
return self.module.add_debug_info("DICompositeType", {
"tag": dc.DW_TAG_structure_type,
"file": self.module._file_metadata,
"size": size,
"elements": members,
}, is_distinct=is_distinct)
def create_global_var_debug_info(self, name: str, var_type: Any, is_local: bool = False) -> Any:
"""Create debug info for a global variable"""
global_var = self.module.add_debug_info("DIGlobalVariable", {
"name": name,
"scope": self.module._debug_compile_unit,
"file": self.module._file_metadata,
"type": var_type,
"isLocal": is_local,
"isDefinition": True
}, is_distinct=True)
return self.module.add_debug_info("DIGlobalVariableExpression", {
"var": global_var,
"expr": self.module.add_debug_info("DIExpression", {})
})

6
pythonbpf/debuginfo/dtypes.py Normal file
View File

@ -0,0 +1,6 @@
import llvmlite.ir as ir
class DwarfBehaviorEnum:
ERROR_IF_MISMATCH = ir.Constant(ir.IntType(32), 1)
WARNING_IF_MISMATCH = ir.Constant(ir.IntType(32), 2)
OVERRIDE_USE_LARGEST = ir.Constant(ir.IntType(32), 7)

0
pythonbpf/dwarf_constants.py → pythonbpf/debuginfo/dwarf_constants.py
View File

59
pythonbpf/expr_pass.py
View File

@ -2,27 +2,28 @@ import ast
from llvmlite import ir
def eval_expr(func, module, builder, expr, local_sym_tab, map_sym_tab):
print(f"Evaluating expression: {expr}")
def eval_expr(func, module, builder, expr, local_sym_tab, map_sym_tab, structs_sym_tab=None, local_var_metadata=None):
print(f"Evaluating expression: {ast.dump(expr)}")
print(local_var_metadata)
if isinstance(expr, ast.Name):
if expr.id in local_sym_tab:
var = local_sym_tab[expr.id]
var = local_sym_tab[expr.id][0]
val = builder.load(var)
return val
return val, local_sym_tab[expr.id][1] # return value and type
else:
print(f"Undefined variable {expr.id}")
return None
elif isinstance(expr, ast.Constant):
if isinstance(expr.value, int):
return ir.Constant(ir.IntType(64), expr.value)
return ir.Constant(ir.IntType(64), expr.value), ir.IntType(64)
elif isinstance(expr.value, bool):
return ir.Constant(ir.IntType(1), int(expr.value))
return ir.Constant(ir.IntType(1), int(expr.value)), ir.IntType(1)
else:
print("Unsupported constant type")
return None
elif isinstance(expr, ast.Call):
# delayed import to avoid circular dependency
from .bpf_helper_handler import helper_func_list, handle_helper_call
from pythonbpf.helper import HelperHandlerRegistry, handle_helper_call
if isinstance(expr.func, ast.Name):
# check deref
@ -37,35 +38,63 @@ def eval_expr(func, module, builder, expr, local_sym_tab, map_sym_tab):
return None
if isinstance(arg, ast.Name):
if arg.id in local_sym_tab:
arg = local_sym_tab[arg.id]
arg = local_sym_tab[arg.id][0]
else:
print(f"Undefined variable {arg.id}")
return None
if arg is None:
print("Failed to evaluate deref argument")
return None
# Since we are handling only name case, directly take type from sym tab
val = builder.load(arg)
return val
return val, local_sym_tab[expr.args[0].id][1]
# check for helpers
if expr.func.id in helper_func_list:
if expr.func.id in HelperHandlerRegistry._handlers:
return handle_helper_call(
expr, module, builder, func, local_sym_tab, map_sym_tab)
expr, module, builder, func, local_sym_tab, map_sym_tab, structs_sym_tab, local_var_metadata)
elif isinstance(expr.func, ast.Attribute):
print(f"Handling method call: {ast.dump(expr.func)}")
if isinstance(expr.func.value, ast.Call) and isinstance(expr.func.value.func, ast.Name):
method_name = expr.func.attr
if method_name in helper_func_list:
if method_name in HelperHandlerRegistry._handlers:
return handle_helper_call(
expr, module, builder, func, local_sym_tab, map_sym_tab)
expr, module, builder, func, local_sym_tab, map_sym_tab, structs_sym_tab, local_var_metadata)
elif isinstance(expr.func.value, ast.Name):
obj_name = expr.func.value.id
method_name = expr.func.attr
if obj_name in map_sym_tab:
if method_name in HelperHandlerRegistry._handlers:
return handle_helper_call(
expr, module, builder, func, local_sym_tab, map_sym_tab, structs_sym_tab, local_var_metadata)
elif isinstance(expr, ast.Attribute):
if isinstance(expr.value, ast.Name):
var_name = expr.value.id
attr_name = expr.attr
if var_name in local_sym_tab:
var_ptr, var_type = local_sym_tab[var_name]
print(f"Loading attribute "
f"{attr_name} from variable {var_name}")
print(f"Variable type: {var_type}, Variable ptr: {var_ptr}")
print(local_var_metadata)
if local_var_metadata and var_name in local_var_metadata:
metadata = structs_sym_tab[local_var_metadata[var_name]]
if attr_name in metadata.fields:
gep = metadata.gep(builder, var_ptr, attr_name)
val = builder.load(gep)
field_type = metadata.field_type(attr_name)
return val, field_type
print("Unsupported expression evaluation")
return None
def handle_expr(func, module, builder, expr, local_sym_tab, map_sym_tab):
def handle_expr(func, module, builder, expr, local_sym_tab, map_sym_tab, structs_sym_tab, local_var_metadata):
"""Handle expression statements in the function body."""
print(f"Handling expression: {ast.dump(expr)}")
print(local_var_metadata)
call = expr.value
if isinstance(call, ast.Call):
eval_expr(func, module, builder, call, local_sym_tab, map_sym_tab)
eval_expr(func, module, builder, call, local_sym_tab,
map_sym_tab, structs_sym_tab, local_var_metadata)
else:
print("Unsupported expression type")

147
pythonbpf/functions_pass.py
View File

@ -2,7 +2,7 @@ from llvmlite import ir
import ast
from .bpf_helper_handler import helper_func_list, handle_helper_call
from .helper import HelperHandlerRegistry, handle_helper_call
from .type_deducer import ctypes_to_ir
from .binary_ops import handle_binary_op
from .expr_pass import eval_expr, handle_expr
@ -49,38 +49,55 @@ def handle_assign(func, module, builder, stmt, map_sym_tab, local_sym_tab, struc
struct_type = local_var_metadata[var_name]
struct_info = structs_sym_tab[struct_type]
if field_name in struct_info["fields"]:
field_idx = struct_info["fields"][field_name]
struct_ptr = local_sym_tab[var_name]
field_ptr = builder.gep(
struct_ptr, [ir.Constant(ir.IntType(32), 0),
ir.Constant(ir.IntType(32), field_idx)],
inbounds=True)
if field_name in struct_info.fields:
field_ptr = struct_info.gep(
builder, local_sym_tab[var_name][0], field_name)
val = eval_expr(func, module, builder, rval,
local_sym_tab, map_sym_tab)
local_sym_tab, map_sym_tab, structs_sym_tab)
if isinstance(struct_info.field_type(field_name), ir.ArrayType) and val[1] == ir.PointerType(ir.IntType(8)):
# TODO: Figure it out, not a priority rn
# Special case for string assignment to char array
# str_len = struct_info["field_types"][field_idx].count
# assign_string_to_array(builder, field_ptr, val[0], str_len)
# print(f"Assigned to struct field {var_name}.{field_name}")
pass
if val is None:
print("Failed to evaluate struct field assignment")
return
builder.store(val, field_ptr)
print(field_ptr)
builder.store(val[0], field_ptr)
print(f"Assigned to struct field {var_name}.{field_name}")
return
elif isinstance(rval, ast.Constant):
if isinstance(rval.value, bool):
if rval.value:
builder.store(ir.Constant(ir.IntType(1), 1),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
else:
builder.store(ir.Constant(ir.IntType(1), 0),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
print(f"Assigned constant {rval.value} to {var_name}")
elif isinstance(rval.value, int):
# Assume c_int64 for now
# var = builder.alloca(ir.IntType(64), name=var_name)
# var.align = 8
builder.store(ir.Constant(ir.IntType(64), rval.value),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
# local_sym_tab[var_name] = var
print(f"Assigned constant {rval.value} to {var_name}")
elif isinstance(rval.value, str):
str_val = rval.value.encode('utf-8') + b'\x00'
str_const = ir.Constant(ir.ArrayType(
ir.IntType(8), len(str_val)), bytearray(str_val))
global_str = ir.GlobalVariable(
module, str_const.type, name=f"{var_name}_str")
global_str.linkage = 'internal'
global_str.global_constant = True
global_str.initializer = str_const
str_ptr = builder.bitcast(
global_str, ir.PointerType(ir.IntType(8)))
builder.store(str_ptr, local_sym_tab[var_name][0])
print(f"Assigned string constant '{rval.value}' to {var_name}")
else:
print("Unsupported constant type")
elif isinstance(rval, ast.Call):
@ -92,36 +109,36 @@ def handle_assign(func, module, builder, stmt, map_sym_tab, local_sym_tab, struc
# var = builder.alloca(ir_type, name=var_name)
# var.align = ir_type.width // 8
builder.store(ir.Constant(
ir_type, rval.args[0].value), local_sym_tab[var_name])
ir_type, rval.args[0].value), local_sym_tab[var_name][0])
print(f"Assigned {call_type} constant "
f"{rval.args[0].value} to {var_name}")
# local_sym_tab[var_name] = var
elif call_type in helper_func_list:
elif call_type in HelperHandlerRegistry._handlers:
# var = builder.alloca(ir.IntType(64), name=var_name)
# var.align = 8
val = handle_helper_call(
rval, module, builder, None, local_sym_tab, map_sym_tab)
builder.store(val, local_sym_tab[var_name])
rval, module, builder, func, local_sym_tab, map_sym_tab, structs_sym_tab, local_var_metadata)
builder.store(val[0], local_sym_tab[var_name][0])
# local_sym_tab[var_name] = var
print(f"Assigned constant {rval.func.id} to {var_name}")
elif call_type == "deref" and len(rval.args) == 1:
print(f"Handling deref assignment {ast.dump(rval)}")
val = eval_expr(func, module, builder, rval,
local_sym_tab, map_sym_tab)
local_sym_tab, map_sym_tab, structs_sym_tab)
if val is None:
print("Failed to evaluate deref argument")
return
print(f"Dereferenced value: {val}, storing in {var_name}")
builder.store(val, local_sym_tab[var_name])
builder.store(val[0], local_sym_tab[var_name][0])
# local_sym_tab[var_name] = var
print(f"Dereferenced and assigned to {var_name}")
elif call_type in structs_sym_tab and len(rval.args) == 0:
struct_info = structs_sym_tab[call_type]
ir_type = struct_info["type"]
ir_type = struct_info.ir_type
# var = builder.alloca(ir_type, name=var_name)
# Null init
builder.store(ir.Constant(ir_type, None),
local_sym_tab[var_name])
local_sym_tab[var_name][0])
local_var_metadata[var_name] = call_type
print(f"Assigned struct {call_type} to {var_name}")
# local_sym_tab[var_name] = var
@ -137,12 +154,12 @@ def handle_assign(func, module, builder, stmt, map_sym_tab, local_sym_tab, struc
method_name = rval.func.attr
if map_name in map_sym_tab:
map_ptr = map_sym_tab[map_name]
if method_name in helper_func_list:
if method_name in HelperHandlerRegistry._handlers:
val = handle_helper_call(
rval, module, builder, func, local_sym_tab, map_sym_tab)
rval, module, builder, func, local_sym_tab, map_sym_tab, structs_sym_tab, local_var_metadata)
# var = builder.alloca(ir.IntType(64), name=var_name)
# var.align = 8
builder.store(val, local_sym_tab[var_name])
builder.store(val[0], local_sym_tab[var_name][0])
# local_sym_tab[var_name] = var
else:
print("Unsupported assignment call structure")
@ -166,7 +183,7 @@ def handle_cond(func, module, builder, cond, local_sym_tab, map_sym_tab):
return None
elif isinstance(cond, ast.Name):
if cond.id in local_sym_tab:
var = local_sym_tab[cond.id]
var = local_sym_tab[cond.id][0]
val = builder.load(var)
if val.type != ir.IntType(1):
# Convert nonzero values to true, zero to false
@ -183,12 +200,12 @@ def handle_cond(func, module, builder, cond, local_sym_tab, map_sym_tab):
return None
elif isinstance(cond, ast.Compare):
lhs = eval_expr(func, module, builder, cond.left,
local_sym_tab, map_sym_tab)
local_sym_tab, map_sym_tab)[0]
if len(cond.ops) != 1 or len(cond.comparators) != 1:
print("Unsupported complex comparison")
return None
rhs = eval_expr(func, module, builder,
cond.comparators[0], local_sym_tab, map_sym_tab)
cond.comparators[0], local_sym_tab, map_sym_tab)[0]
op = cond.ops[0]
if lhs.type != rhs.type:
@ -222,7 +239,7 @@ def handle_cond(func, module, builder, cond, local_sym_tab, map_sym_tab):
return None
def handle_if(func, module, builder, stmt, map_sym_tab, local_sym_tab):
def handle_if(func, module, builder, stmt, map_sym_tab, local_sym_tab, structs_sym_tab=None):
"""Handle if statements in the function body."""
print("Handling if statement")
start = builder.block.parent
@ -243,7 +260,7 @@ def handle_if(func, module, builder, stmt, map_sym_tab, local_sym_tab):
builder.position_at_end(then_block)
for s in stmt.body:
process_stmt(func, module, builder, s,
local_sym_tab, map_sym_tab, False)
local_sym_tab, map_sym_tab, structs_sym_tab, False)
if not builder.block.is_terminated:
builder.branch(merge_block)
@ -251,7 +268,7 @@ def handle_if(func, module, builder, stmt, map_sym_tab, local_sym_tab):
builder.position_at_end(else_block)
for s in stmt.orelse:
process_stmt(func, module, builder, s,
local_sym_tab, map_sym_tab, False)
local_sym_tab, map_sym_tab, structs_sym_tab, False)
if not builder.block.is_terminated:
builder.branch(merge_block)
@ -261,14 +278,17 @@ def handle_if(func, module, builder, stmt, map_sym_tab, local_sym_tab):
def process_stmt(func, module, builder, stmt, local_sym_tab, map_sym_tab, structs_sym_tab, did_return, ret_type=ir.IntType(64)):
print(f"Processing statement: {ast.dump(stmt)}")
if isinstance(stmt, ast.Expr):
handle_expr(func, module, builder, stmt, local_sym_tab, map_sym_tab)
print(local_var_metadata)
handle_expr(func, module, builder, stmt, local_sym_tab,
map_sym_tab, structs_sym_tab, local_var_metadata)
elif isinstance(stmt, ast.Assign):
handle_assign(func, module, builder, stmt, map_sym_tab,
local_sym_tab, structs_sym_tab)
elif isinstance(stmt, ast.AugAssign):
raise SyntaxError("Augmented assignment not supported")
elif isinstance(stmt, ast.If):
handle_if(func, module, builder, stmt, map_sym_tab, local_sym_tab)
handle_if(func, module, builder, stmt, map_sym_tab,
local_sym_tab, structs_sym_tab)
elif isinstance(stmt, ast.Return):
if stmt.value is None:
builder.ret(ir.Constant(ir.IntType(32), 0))
@ -324,7 +344,7 @@ def allocate_mem(module, builder, body, func, ret_type, map_sym_tab, local_sym_t
var.align = ir_type.width // 8
print(
f"Pre-allocated variable {var_name} of type {call_type}")
elif call_type in helper_func_list:
elif call_type in HelperHandlerRegistry._handlers:
# Assume return type is int64 for now
ir_type = ir.IntType(64)
var = builder.alloca(ir_type, name=var_name)
@ -340,7 +360,7 @@ def allocate_mem(module, builder, body, func, ret_type, map_sym_tab, local_sym_t
f"Pre-allocated variable {var_name} for deref")
elif call_type in structs_sym_tab:
struct_info = structs_sym_tab[call_type]
ir_type = struct_info["type"]
ir_type = struct_info.ir_type
var = builder.alloca(ir_type, name=var_name)
local_var_metadata[var_name] = call_type
print(
@ -368,8 +388,14 @@ def allocate_mem(module, builder, body, func, ret_type, map_sym_tab, local_sym_t
var.align = ir_type.width // 8
print(
f"Pre-allocated variable {var_name} of type c_int64")
elif isinstance(rval.value, str):
ir_type = ir.PointerType(ir.IntType(8))
var = builder.alloca(ir_type, name=var_name)
var.align = 8
print(
f"Pre-allocated variable {var_name} of type string")
else:
print("Unsupported constant type")
print(f"Unsupported constant type")
continue
elif isinstance(rval, ast.BinOp):
# Assume c_int64 for now
@ -381,7 +407,7 @@ def allocate_mem(module, builder, body, func, ret_type, map_sym_tab, local_sym_t
else:
print("Unsupported assignment value type")
continue
local_sym_tab[var_name] = var
local_sym_tab[var_name] = (var, ir_type)
return local_sym_tab
@ -441,7 +467,6 @@ def process_bpf_chunk(func_node, module, return_type, map_sym_tab, structs_sym_t
process_func_body(module, builder, func_node, func,
ret_type, map_sym_tab, structs_sym_tab)
return func
@ -517,3 +542,51 @@ def infer_return_type(func_node: ast.FunctionDef):
raise ValueError("Conflicting return types:"
f"{found_type} vs {t}")
return found_type or "None"
# For string assignment to fixed-size arrays
def assign_string_to_array(builder, target_array_ptr, source_string_ptr, array_length):
"""
Copy a string (i8*) to a fixed-size array ([N x i8]*)
"""
# Create a loop to copy characters one by one
entry_block = builder.block
copy_block = builder.append_basic_block("copy_char")
end_block = builder.append_basic_block("copy_end")
# Create loop counter
i = builder.alloca(ir.IntType(32))
builder.store(ir.Constant(ir.IntType(32), 0), i)
# Start the loop
builder.branch(copy_block)
# Copy loop
builder.position_at_end(copy_block)
idx = builder.load(i)
in_bounds = builder.icmp_unsigned(
'<', idx, ir.Constant(ir.IntType(32), array_length))
builder.cbranch(in_bounds, copy_block, end_block)
with builder.if_then(in_bounds):
# Load character from source
src_ptr = builder.gep(source_string_ptr, [idx])
char = builder.load(src_ptr)
# Store character in target
dst_ptr = builder.gep(
target_array_ptr, [ir.Constant(ir.IntType(32), 0), idx])
builder.store(char, dst_ptr)
# Increment counter
next_idx = builder.add(idx, ir.Constant(ir.IntType(32), 1))
builder.store(next_idx, i)
builder.position_at_end(end_block)
# Ensure null termination
last_idx = ir.Constant(ir.IntType(32), array_length - 1)
null_ptr = builder.gep(
target_array_ptr, [ir.Constant(ir.IntType(32), 0), last_idx])
builder.store(ir.Constant(ir.IntType(8), 0), null_ptr)

2
pythonbpf/helper/__init__.py Normal file
View File

@ -0,0 +1,2 @@
from .helper_utils import HelperHandlerRegistry
from .bpf_helper_handler import handle_helper_call

245
pythonbpf/bpf_helper_handler.py → pythonbpf/helper/bpf_helper_handler.py
View File

@ -1,22 +1,40 @@
import ast
from llvmlite import ir
from .expr_pass import eval_expr
from pythonbpf.expr_pass import eval_expr
from enum import Enum
from .helper_utils import HelperHandlerRegistry
def bpf_ktime_get_ns_emitter(call, map_ptr, module, builder, func, local_sym_tab=None):
class BPFHelperID(Enum):
BPF_MAP_LOOKUP_ELEM = 1
BPF_MAP_UPDATE_ELEM = 2
BPF_MAP_DELETE_ELEM = 3
BPF_KTIME_GET_NS = 5
BPF_PRINTK = 6
BPF_GET_CURRENT_PID_TGID = 14
BPF_PERF_EVENT_OUTPUT = 25
@HelperHandlerRegistry.register("ktime")
def bpf_ktime_get_ns_emitter(call, map_ptr, module, builder, func,
local_sym_tab=None, struct_sym_tab=None,
local_var_metadata=None):
"""
Emit LLVM IR for bpf_ktime_get_ns helper function call.
"""
# func is an arg to just have a uniform signature with other emitters
helper_id = ir.Constant(ir.IntType(64), 5)
helper_id = ir.Constant(ir.IntType(64), BPFHelperID.BPF_KTIME_GET_NS.value)
fn_type = ir.FunctionType(ir.IntType(64), [], var_arg=False)
fn_ptr_type = ir.PointerType(fn_type)
fn_ptr = builder.inttoptr(helper_id, fn_ptr_type)
result = builder.call(fn_ptr, [], tail=False)
return result
return result, ir.IntType(64)
def bpf_map_lookup_elem_emitter(call, map_ptr, module, builder, local_sym_tab=None):
@HelperHandlerRegistry.register("lookup")
def bpf_map_lookup_elem_emitter(call, map_ptr, module, builder, func,
local_sym_tab=None, struct_sym_tab=None,
local_var_metadata=None):
"""
Emit LLVM IR for bpf_map_lookup_elem helper function call.
"""
@ -27,7 +45,7 @@ def bpf_map_lookup_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
if isinstance(key_arg, ast.Name):
key_name = key_arg.id
if local_sym_tab and key_name in local_sym_tab:
key_ptr = local_sym_tab[key_name]
key_ptr = local_sym_tab[key_name][0]
else:
raise ValueError(
f"Key variable {key_name} not found in local symbol table.")
@ -55,15 +73,19 @@ def bpf_map_lookup_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
fn_ptr_type = ir.PointerType(fn_type)
# Helper ID 1 is bpf_map_lookup_elem
fn_addr = ir.Constant(ir.IntType(64), 1)
fn_addr = ir.Constant(ir.IntType(
64), BPFHelperID.BPF_MAP_LOOKUP_ELEM.value)
fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
result = builder.call(fn_ptr, [map_void_ptr, key_ptr], tail=False)
return result
return result, ir.PointerType()
def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None):
@HelperHandlerRegistry.register("print")
def bpf_printk_emitter(call, map_ptr, module, builder, func,
local_sym_tab=None, struct_sym_tab=None,
local_var_metadata=None):
if not hasattr(func, "_fmt_counter"):
func._fmt_counter = 0
@ -75,6 +97,7 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None)
exprs = []
for value in call.args[0].values:
print("Value in f-string:", ast.dump(value))
if isinstance(value, ast.Constant):
if isinstance(value.value, str):
fmt_parts.append(value.value)
@ -85,10 +108,59 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None)
raise NotImplementedError(
"Only string and integer constants are supported in f-string.")
elif isinstance(value, ast.FormattedValue):
# Assume int for now
fmt_parts.append("%lld")
print("Formatted value:", ast.dump(value))
# TODO: Dirty handling here, only checks for int or str
if isinstance(value.value, ast.Name):
exprs.append(value.value)
if local_sym_tab and value.value.id in local_sym_tab:
var_ptr, var_type = local_sym_tab[value.value.id]
if isinstance(var_type, ir.IntType):
fmt_parts.append("%lld")
exprs.append(value.value)
elif var_type == ir.PointerType(ir.IntType(8)):
# Case with string
fmt_parts.append("%s")
exprs.append(value.value)
else:
raise NotImplementedError(
"Only integer and pointer types are supported in formatted values.")
else:
raise ValueError(
f"Variable {value.value.id} not found in local symbol table.")
elif isinstance(value.value, ast.Attribute):
# object field access from struct
if (isinstance(value.value.value, ast.Name) and
local_sym_tab and
value.value.value.id in local_sym_tab):
var_name = value.value.value.id
field_name = value.value.attr
if local_var_metadata and var_name in local_var_metadata:
var_type = local_var_metadata[var_name]
if var_type in struct_sym_tab:
struct_info = struct_sym_tab[var_type]
if field_name in struct_info.fields:
field_type = struct_info.field_type(
field_name)
if isinstance(field_type, ir.IntType):
fmt_parts.append("%lld")
exprs.append(value.value)
elif field_type == ir.PointerType(ir.IntType(8)):
fmt_parts.append("%s")
exprs.append(value.value)
else:
raise NotImplementedError(
"Only integer and pointer types are supported in formatted values.")
else:
raise ValueError(
f"Field {field_name} not found in struct {var_type}.")
else:
raise ValueError(
f"Struct type {var_type} for variable {var_name} not found in struct symbol table.")
else:
raise ValueError(
f"Metadata for variable {var_name} not found in local variable metadata.")
else:
raise ValueError(
f"Variable {value.value.value.id} not found in local symbol table.")
else:
raise NotImplementedError(
"Only simple variable names are supported in formatted values.")
@ -103,12 +175,12 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None)
fmt_gvar = ir.GlobalVariable(
module, ir.ArrayType(ir.IntType(8), len(fmt_str)), name=fmt_name)
fmt_gvar.global_constant = True
fmt_gvar.initializer = ir.Constant(
fmt_gvar.initializer = ir.Constant( # type: ignore
ir.ArrayType(ir.IntType(8), len(fmt_str)),
bytearray(fmt_str.encode("utf8"))
)
fmt_gvar.linkage = "internal"
fmt_gvar.align = 1
fmt_gvar.align = 1 # type: ignore
fmt_ptr = builder.bitcast(fmt_gvar, ir.PointerType())
@ -120,7 +192,9 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None)
"Warning: bpf_printk supports up to 3 arguments, extra arguments will be ignored.")
for expr in exprs[:3]:
val = eval_expr(func, module, builder, expr, local_sym_tab, None)
print(f"{ast.dump(expr)}")
val, _ = eval_expr(func, module, builder,
expr, local_sym_tab, None, struct_sym_tab, local_var_metadata)
if val:
if isinstance(val.type, ir.PointerType):
val = builder.ptrtoint(val, ir.IntType(64))
@ -136,7 +210,6 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None)
print(
"Warning: Failed to evaluate expression for bpf_printk argument. It will be converted to 0.")
args.append(ir.Constant(ir.IntType(64), 0))
fn_type = ir.FunctionType(ir.IntType(
64), [ir.PointerType(), ir.IntType(32)], var_arg=True)
fn_ptr_type = ir.PointerType(fn_type)
@ -165,19 +238,25 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None)
fn_type = ir.FunctionType(ir.IntType(
64), [ir.PointerType(), ir.IntType(32)], var_arg=True)
fn_ptr_type = ir.PointerType(fn_type)
fn_addr = ir.Constant(ir.IntType(64), 6)
fn_addr = ir.Constant(ir.IntType(64), BPFHelperID.BPF_PRINTK.value)
fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
builder.call(fn_ptr, [fmt_ptr, ir.Constant(
ir.IntType(32), len(fmt_str))], tail=True)
return None
def bpf_map_update_elem_emitter(call, map_ptr, module, builder, local_sym_tab=None):
@HelperHandlerRegistry.register("update")
def bpf_map_update_elem_emitter(call, map_ptr, module, builder, func,
local_sym_tab=None, struct_sym_tab=None,
local_var_metadata=None):
"""
Emit LLVM IR for bpf_map_update_elem helper function call.
Expected call signature: map.update(key, value, flags=0)
"""
if not call.args or len(call.args) < 2 or len(call.args) > 3:
if (not call.args or
len(call.args) < 2 or
len(call.args) > 3):
raise ValueError("Map update expects 2 or 3 arguments (key, value, flags), got "
f"{len(call.args)}")
@ -189,7 +268,7 @@ def bpf_map_update_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
if isinstance(key_arg, ast.Name):
key_name = key_arg.id
if local_sym_tab and key_name in local_sym_tab:
key_ptr = local_sym_tab[key_name]
key_ptr = local_sym_tab[key_name][0]
else:
raise ValueError(
f"Key variable {key_name} not found in local symbol table.")
@ -208,7 +287,7 @@ def bpf_map_update_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
if isinstance(value_arg, ast.Name):
value_name = value_arg.id
if local_sym_tab and value_name in local_sym_tab:
value_ptr = local_sym_tab[value_name]
value_ptr = local_sym_tab[value_name][0]
else:
raise ValueError(
f"Value variable {value_name} not found in local symbol table.")
@ -231,7 +310,7 @@ def bpf_map_update_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
flags_name = flags_arg.id
if local_sym_tab and flags_name in local_sym_tab:
# Assume it's a stored integer value, load it
flags_ptr = local_sym_tab[flags_name]
flags_ptr = local_sym_tab[flags_name][0]
flags_val = builder.load(flags_ptr)
else:
raise ValueError(
@ -254,7 +333,8 @@ def bpf_map_update_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
fn_ptr_type = ir.PointerType(fn_type)
# helper id
fn_addr = ir.Constant(ir.IntType(64), 2)
fn_addr = ir.Constant(ir.IntType(
64), BPFHelperID.BPF_MAP_UPDATE_ELEM.value)
fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
if isinstance(flags_val, int):
@ -265,10 +345,13 @@ def bpf_map_update_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
result = builder.call(
fn_ptr, [map_void_ptr, key_ptr, value_ptr, flags_const], tail=False)
return result
return result, None
def bpf_map_delete_elem_emitter(call, map_ptr, module, builder, local_sym_tab=None):
@HelperHandlerRegistry.register("delete")
def bpf_map_delete_elem_emitter(call, map_ptr, module, builder, func,
local_sym_tab=None, struct_sym_tab=None,
local_var_metadata=None):
"""
Emit LLVM IR for bpf_map_delete_elem helper function call.
Expected call signature: map.delete(key)
@ -284,7 +367,7 @@ def bpf_map_delete_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
if isinstance(key_arg, ast.Name):
key_name = key_arg.id
if local_sym_tab and key_name in local_sym_tab:
key_ptr = local_sym_tab[key_name]
key_ptr = local_sym_tab[key_name][0]
else:
raise ValueError(
f"Key variable {key_name} not found in local symbol table.")
@ -314,21 +397,26 @@ def bpf_map_delete_elem_emitter(call, map_ptr, module, builder, local_sym_tab=No
fn_ptr_type = ir.PointerType(fn_type)
# Helper ID 3 is bpf_map_delete_elem
fn_addr = ir.Constant(ir.IntType(64), 3)
fn_addr = ir.Constant(ir.IntType(
64), BPFHelperID.BPF_MAP_DELETE_ELEM.value)
fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
# Call the helper function
result = builder.call(fn_ptr, [map_void_ptr, key_ptr], tail=False)
return result
return result, None
def bpf_get_current_pid_tgid_emitter(call, map_ptr, module, builder, func, local_sym_tab=None):
@HelperHandlerRegistry.register("pid")
def bpf_get_current_pid_tgid_emitter(call, map_ptr, module, builder, func,
local_sym_tab=None, struct_sym_tab=None,
local_var_metadata=None):
"""
Emit LLVM IR for bpf_get_current_pid_tgid helper function call.
"""
# func is an arg to just have a uniform signature with other emitters
helper_id = ir.Constant(ir.IntType(64), 14)
helper_id = ir.Constant(ir.IntType(
64), BPFHelperID.BPF_GET_CURRENT_PID_TGID.value)
fn_type = ir.FunctionType(ir.IntType(64), [], var_arg=False)
fn_ptr_type = ir.PointerType(fn_type)
fn_ptr = builder.inttoptr(helper_id, fn_ptr_type)
@ -337,25 +425,74 @@ def bpf_get_current_pid_tgid_emitter(call, map_ptr, module, builder, func, local
# Extract the lower 32 bits (PID) using bitwise AND with 0xFFFFFFFF
mask = ir.Constant(ir.IntType(64), 0xFFFFFFFF)
pid = builder.and_(result, mask)
return pid
return pid, ir.IntType(64)
helper_func_list = {
"lookup": bpf_map_lookup_elem_emitter,
"print": bpf_printk_emitter,
"ktime": bpf_ktime_get_ns_emitter,
"update": bpf_map_update_elem_emitter,
"delete": bpf_map_delete_elem_emitter,
"pid": bpf_get_current_pid_tgid_emitter,
}
def bpf_perf_event_output_handler(call, map_ptr, module, builder, func,
local_sym_tab=None, struct_sym_tab=None,
local_var_metadata=None):
if len(call.args) != 1:
raise ValueError("Perf event output expects exactly one argument (data), got "
f"{len(call.args)}")
data_arg = call.args[0]
ctx_ptr = func.args[0] # First argument to the function is ctx
if isinstance(data_arg, ast.Name):
data_name = data_arg.id
if local_sym_tab and data_name in local_sym_tab:
data_ptr = local_sym_tab[data_name][0]
else:
raise ValueError(
f"Data variable {data_name} not found in local symbol table.")
# Check is data_name is a struct
if local_var_metadata and data_name in local_var_metadata:
data_type = local_var_metadata[data_name]
if data_type in struct_sym_tab:
struct_info = struct_sym_tab[data_type]
size_val = ir.Constant(ir.IntType(64), struct_info.size)
else:
raise ValueError(
f"Struct type {data_type} for variable {data_name} not found in struct symbol table.")
else:
raise ValueError(
f"Metadata for variable {data_name} not found in local variable metadata.")
# BPF_F_CURRENT_CPU is -1 in 32 bit
flags_val = ir.Constant(ir.IntType(64), 0xFFFFFFFF)
map_void_ptr = builder.bitcast(map_ptr, ir.PointerType())
data_void_ptr = builder.bitcast(data_ptr, ir.PointerType())
fn_type = ir.FunctionType(
ir.IntType(64),
[ir.PointerType(ir.IntType(8)), ir.PointerType(), ir.IntType(64),
ir.PointerType(), ir.IntType(64)],
var_arg=False
)
fn_ptr_type = ir.PointerType(fn_type)
# helper id
fn_addr = ir.Constant(ir.IntType(
64), BPFHelperID.BPF_PERF_EVENT_OUTPUT.value)
fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
result = builder.call(
fn_ptr, [ctx_ptr, map_void_ptr, flags_val, data_void_ptr, size_val], tail=False)
return result, None
else:
raise NotImplementedError(
"Only simple object names are supported as data in perf event output.")
def handle_helper_call(call, module, builder, func, local_sym_tab=None, map_sym_tab=None):
def handle_helper_call(call, module, builder, func,
local_sym_tab=None, map_sym_tab=None,
struct_sym_tab=None, local_var_metadata=None):
print(local_var_metadata)
if isinstance(call.func, ast.Name):
func_name = call.func.id
if func_name in helper_func_list:
hdl_func = HelperHandlerRegistry.get_handler(func_name)
if hdl_func:
# it is not a map method call
return helper_func_list[func_name](call, None, module, builder, func, local_sym_tab)
return hdl_func(call, None, module, builder, func, local_sym_tab, struct_sym_tab, local_var_metadata)
else:
raise NotImplementedError(
f"Function {func_name} is not implemented as a helper function.")
@ -366,15 +503,33 @@ def handle_helper_call(call, module, builder, func, local_sym_tab=None, map_sym_
method_name = call.func.attr
if map_sym_tab and map_name in map_sym_tab:
map_ptr = map_sym_tab[map_name]
if method_name in helper_func_list:
return helper_func_list[method_name](
call, map_ptr, module, builder, local_sym_tab)
hdl_func = HelperHandlerRegistry.get_handler(method_name)
if hdl_func:
print(local_var_metadata)
return hdl_func(
call, map_ptr, module, builder, func, local_sym_tab, struct_sym_tab, local_var_metadata)
else:
raise NotImplementedError(
f"Map method {method_name} is not implemented as a helper function.")
else:
raise ValueError(
f"Map variable {map_name} not found in symbol tables.")
elif isinstance(call.func.value, ast.Name):
obj_name = call.func.value.id
method_name = call.func.attr
if map_sym_tab and obj_name in map_sym_tab:
map_ptr = map_sym_tab[obj_name]
hdl_func = HelperHandlerRegistry.get_handler(method_name)
if hdl_func:
return hdl_func(
call, map_ptr, module, builder, func, local_sym_tab, struct_sym_tab, local_var_metadata)
else:
raise NotImplementedError(
f"Map method {method_name} is not implemented as a helper function.")
else:
raise ValueError(
f"Map variable {obj_name} not found in symbol tables.")
else:
raise NotImplementedError(
"Attribute not supported for map method calls.")
return None

16
pythonbpf/helper/helper_utils.py Normal file
View File

@ -0,0 +1,16 @@
class HelperHandlerRegistry:
"""Registry for BPF helpers"""
_handlers = {}
@classmethod
def register(cls, helper_name):
"""Decorator to register a handler function for a helper"""
def decorator(func):
cls._handlers[helper_name] = func
return func
return decorator
@classmethod
def get_handler(cls, helper_name):
"""Get the handler function for a helper"""
return cls._handlers.get(helper_name)

2
pythonbpf/maps/__init__.py Normal file
View File

@ -0,0 +1,2 @@
from .maps import HashMap, PerfEventArray
from .maps_pass import maps_proc

3
pythonbpf/maps.py → pythonbpf/maps/maps.py
View File

@ -30,3 +30,6 @@ class PerfEventArray:
self.key_type = key_size
self.value_type = value_size
self.entries = {}
def output(self, data):
pass # Placeholder for output method

183
pythonbpf/maps/maps_pass.py Normal file
View File

@ -0,0 +1,183 @@
import ast
from llvmlite import ir
from enum import Enum
from .maps_utils import MapProcessorRegistry
from ..debuginfo import dwarf_constants as dc, DebugInfoGenerator
import logging
logger = logging.getLogger(__name__)
def maps_proc(tree, module, chunks):
""" Process all functions decorated with @map to find BPF maps """
map_sym_tab = {}
for func_node in chunks:
if is_map(func_node):
print(f"Found BPF map: {func_node.name}")
map_sym_tab[func_node.name] = process_bpf_map(func_node, module)
return map_sym_tab
def is_map(func_node):
return any(
isinstance(decorator, ast.Name) and decorator.id == "map"
for decorator in func_node.decorator_list
)
class BPFMapType(Enum):
HASH = 1
PERF_EVENT_ARRAY = 4
def create_bpf_map(module, map_name, map_params):
"""Create a BPF map in the module with given parameters and debug info"""
# Create the anonymous struct type for BPF map
map_struct_type = ir.LiteralStructType(
[ir.PointerType() for _ in range(len(map_params))])
# Create the global variable
map_global = ir.GlobalVariable(module, map_struct_type, name=map_name)
map_global.linkage = 'dso_local'
map_global.global_constant = False
map_global.initializer = ir.Constant(
map_struct_type, None)
map_global.section = ".maps"
map_global.align = 8
# Generate debug info for BTF
create_map_debug_info(module, map_global, map_name, map_params)
logger.info(f"Created BPF map: {map_name} with params {map_params}")
return map_global
def create_map_debug_info(module, map_global, map_name, map_params):
"""Generate debug information metadata for BPF map"""
generator = DebugInfoGenerator(module)
uint_type = generator.get_uint32_type()
ulong_type = generator.get_uint64_type()
array_type = generator.create_array_type(uint_type, map_params.get("type", BPFMapType.HASH).value)
type_ptr = generator.create_pointer_type(array_type, 64)
key_ptr = generator.create_pointer_type(array_type if "key_size" in map_params else ulong_type, 64)
value_ptr = generator.create_pointer_type(array_type if "value_size" in map_params else ulong_type, 64)
elements_arr = []
# Create struct members
# scope field does not appear for some reason
cnt = 0
for elem in map_params:
if elem == "max_entries":
continue
if elem == "type":
ptr = type_ptr
elif "key" in elem:
ptr = key_ptr
else:
ptr = value_ptr
# TODO: the best way to do this is not 64, but get the size each time. this will not work for structs.
member = generator.create_struct_member(elem, ptr, cnt * 64)
elements_arr.append(member)
cnt += 1
if "max_entries" in map_params:
max_entries_array = generator.create_array_type(uint_type, map_params["max_entries"])
max_entries_ptr = generator.create_pointer_type(max_entries_array, 64)
max_entries_member = generator.create_struct_member("max_entries", max_entries_ptr, cnt * 64)
elements_arr.append(max_entries_member)
# Create the struct type
struct_type = generator.create_struct_type(elements_arr, 64 * len(elements_arr), is_distinct=True)
# Create global variable debug info
global_var = generator.create_global_var_debug_info(map_name, struct_type, is_local=False)
# Attach debug info to the global variable
map_global.set_metadata("dbg", global_var)
return global_var
@MapProcessorRegistry.register("HashMap")
def process_hash_map(map_name, rval, module):
"""Process a BPF_HASH map declaration"""
logger.info(f"Processing HashMap: {map_name}")
map_params = {"type": BPFMapType.HASH}
# Assuming order: key_type, value_type, max_entries
if len(rval.args) >= 1 and isinstance(rval.args[0], ast.Name):
map_params["key"] = rval.args[0].id
if len(rval.args) >= 2 and isinstance(rval.args[1], ast.Name):
map_params["value"] = rval.args[1].id
if len(rval.args) >= 3 and isinstance(rval.args[2], ast.Constant):
const_val = rval.args[2].value
if isinstance(const_val, (int, str)): # safe check
map_params["max_entries"] = const_val
for keyword in rval.keywords:
if keyword.arg == "key" and isinstance(keyword.value, ast.Name):
map_params["key"] = keyword.value.id
elif keyword.arg == "value" and isinstance(keyword.value, ast.Name):
map_params["value"] = keyword.value.id
elif (keyword.arg == "max_entries" and
isinstance(keyword.value, ast.Constant)):
const_val = keyword.value.value
if isinstance(const_val, (int, str)):
map_params["max_entries"] = const_val
logger.info(f"Map parameters: {map_params}")
return create_bpf_map(module, map_name, map_params)
@MapProcessorRegistry.register("PerfEventArray")
def process_perf_event_map(map_name, rval, module):
"""Process a BPF_PERF_EVENT_ARRAY map declaration"""
logger.info(f"Processing PerfEventArray: {map_name}")
map_params = {"type": BPFMapType.PERF_EVENT_ARRAY}
if len(rval.args) >= 1 and isinstance(rval.args[0], ast.Name):
map_params["key_size"] = rval.args[0].id
if len(rval.args) >= 2 and isinstance(rval.args[1], ast.Name):
map_params["value_size"] = rval.args[1].id
for keyword in rval.keywords:
if keyword.arg == "key_size" and isinstance(keyword.value, ast.Name):
map_params["key_size"] = keyword.value.id
elif (keyword.arg == "value_size" and
isinstance(keyword.value, ast.Name)):
map_params["value_size"] = keyword.value.id
logger.info(f"Map parameters: {map_params}")
return create_bpf_map(module, map_name, map_params)
def process_bpf_map(func_node, module):
"""Process a BPF map (a function decorated with @map)"""
map_name = func_node.name
logger.info(f"Processing BPF map: {map_name}")
# For now, assume single return statement
return_stmt = None
for stmt in func_node.body:
if isinstance(stmt, ast.Return):
return_stmt = stmt
break
if return_stmt is None:
raise ValueError("BPF map must have a return statement")
rval = return_stmt.value
if isinstance(rval, ast.Call) and isinstance(rval.func, ast.Name):
handler = MapProcessorRegistry.get_processor(rval.func.id)
if handler:
return handler(map_name, rval, module)
else:
logger.warning(f"Unknown map type "
f"{rval.func.id}, defaulting to HashMap")
return process_hash_map(map_name, rval, module)
else:
raise ValueError("Function under @map must return a map")

16
pythonbpf/maps/maps_utils.py Normal file
View File

@ -0,0 +1,16 @@
class MapProcessorRegistry:
"""Registry for map processor functions"""
_processors = {}
@classmethod
def register(cls, map_type_name):
"""Decorator to register a processor function for a map type"""
def decorator(func):
cls._processors[map_type_name] = func
return func
return decorator
@classmethod
def get_processor(cls, map_type_name):
"""Get the processor function for a map type"""
return cls._processors.get(map_type_name)

262
pythonbpf/maps_pass.py
View File

@ -1,262 +0,0 @@
import ast
from llvmlite import ir
from .type_deducer import ctypes_to_ir
from . import dwarf_constants as dc
map_sym_tab = {}
def maps_proc(tree, module, chunks):
for func_node in chunks:
# Check if this function is a map
is_map = False
for decorator in func_node.decorator_list:
if isinstance(decorator, ast.Name) and decorator.id == "map":
is_map = True
break
if is_map:
print(f"Found BPF map: {func_node.name}")
process_bpf_map(func_node, module)
continue
return map_sym_tab
BPF_MAP_MAPPINGS = {
"HASH": 1, # BPF_MAP_TYPE_HASH
"PERF_EVENT_ARRAY": 4, # BPF_MAP_TYPE_PERF_EVENT_ARRAY
}
def create_bpf_map(module, map_name, map_params):
"""Create a BPF map in the module with the given parameters and debug info"""
map_type_str = map_params.get("type", "HASH")
map_type = BPF_MAP_MAPPINGS.get(map_type_str)
# Create the anonymous struct type for BPF map
map_struct_type = ir.LiteralStructType(
[ir.PointerType() for _ in range(len(map_params))])
# Create the global variable
map_global = ir.GlobalVariable(module, map_struct_type, name=map_name)
map_global.linkage = 'dso_local'
map_global.global_constant = False
map_global.initializer = ir.Constant(
map_struct_type, None) # type: ignore
map_global.section = ".maps"
map_global.align = 8 # type: ignore
# Generate debug info for BTF
create_map_debug_info(module, map_global, map_name, map_params)
print(f"Created BPF map: {map_name}")
map_sym_tab[map_name] = map_global
return map_global
def create_map_debug_info(module, map_global, map_name, map_params):
"""Generate debug information metadata for BPF map"""
file_metadata = module._file_metadata
compile_unit = module._debug_compile_unit
# Create basic type for unsigned int (32-bit)
uint_type = module.add_debug_info("DIBasicType", {
"name": "unsigned int",
"size": 32,
"encoding": dc.DW_ATE_unsigned
})
# Create basic type for unsigned long long (64-bit)
ulong_type = module.add_debug_info("DIBasicType", {
"name": "unsigned long long",
"size": 64,
"encoding": dc.DW_ATE_unsigned
})
# Create array type for map type field (array of 1 unsigned int)
array_subrange = module.add_debug_info(
"DISubrange", {"count": BPF_MAP_MAPPINGS[map_params.get("type", "HASH")]})
array_type = module.add_debug_info("DICompositeType", {
"tag": dc.DW_TAG_array_type,
"baseType": uint_type,
"size": 32,
"elements": [array_subrange]
})
# Create pointer types
type_ptr = module.add_debug_info("DIDerivedType", {
"tag": dc.DW_TAG_pointer_type,
"baseType": array_type,
"size": 64
})
key_ptr = module.add_debug_info("DIDerivedType", {
"tag": dc.DW_TAG_pointer_type,
# Adjust based on actual key type
"baseType": array_type if "key_size" in map_params else uint_type,
"size": 64
})
value_ptr = module.add_debug_info("DIDerivedType", {
"tag": dc.DW_TAG_pointer_type,
# Adjust based on actual value type
"baseType": array_type if "value_size" in map_params else ulong_type,
"size": 64
})
elements_arr = []
# Create struct members
# scope field does not appear for some reason
cnt = 0
for elem in map_params:
if elem == "max_entries":
continue
if elem == "type":
ptr = type_ptr
elif "key" in elem:
ptr = key_ptr
else:
ptr = value_ptr
member = module.add_debug_info("DIDerivedType", {
"tag": dc.DW_TAG_member,
"name": elem,
"file": file_metadata,
"baseType": ptr,
"size": 64,
"offset": cnt * 64
})
elements_arr.append(member)
cnt += 1
if "max_entries" in map_params:
array_subrange_max_entries = module.add_debug_info(
"DISubrange", {"count": map_params["max_entries"]})
array_type_max_entries = module.add_debug_info("DICompositeType", {
"tag": dc.DW_TAG_array_type,
"baseType": uint_type,
"size": 32,
"elements": [array_subrange_max_entries]
})
max_entries_ptr = module.add_debug_info("DIDerivedType", {
"tag": dc.DW_TAG_pointer_type,
"baseType": array_type_max_entries,
"size": 64
})
max_entries_member = module.add_debug_info("DIDerivedType", {
"tag": dc.DW_TAG_member,
"name": "max_entries",
"file": file_metadata,
"baseType": max_entries_ptr,
"size": 64,
"offset": cnt * 64
})
elements_arr.append(max_entries_member)
# Create the struct type
struct_type = module.add_debug_info("DICompositeType", {
"tag": dc.DW_TAG_structure_type,
"file": file_metadata,
"size": 64 * len(elements_arr), # 4 * 64-bit pointers
"elements": elements_arr,
}, is_distinct=True)
# Create global variable debug info
global_var = module.add_debug_info("DIGlobalVariable", {
"name": map_name,
"scope": compile_unit,
"file": file_metadata,
"type": struct_type,
"isLocal": False,
"isDefinition": True
}, is_distinct=True)
# Create global variable expression
global_var_expr = module.add_debug_info("DIGlobalVariableExpression", {
"var": global_var,
"expr": module.add_debug_info("DIExpression", {})
})
# Attach debug info to the global variable
map_global.set_metadata("dbg", global_var_expr)
return global_var_expr
def process_hash_map(map_name, rval, module):
print(f"Creating HashMap map: {map_name}")
map_params: dict[str, object] = {"type": "HASH"}
# Assuming order: key_type, value_type, max_entries
if len(rval.args) >= 1 and isinstance(rval.args[0], ast.Name):
map_params["key"] = rval.args[0].id
if len(rval.args) >= 2 and isinstance(rval.args[1], ast.Name):
map_params["value"] = rval.args[1].id
if len(rval.args) >= 3 and isinstance(rval.args[2], ast.Constant):
const_val = rval.args[2].value
if isinstance(const_val, (int, str)): # safe check
map_params["max_entries"] = const_val
for keyword in rval.keywords:
if keyword.arg == "key" and isinstance(keyword.value, ast.Name):
map_params["key"] = keyword.value.id
elif keyword.arg == "value" and isinstance(keyword.value, ast.Name):
map_params["value"] = keyword.value.id
elif keyword.arg == "max_entries" and isinstance(keyword.value, ast.Constant):
const_val = keyword.value.value
if isinstance(const_val, (int, str)):
map_params["max_entries"] = const_val
print(f"Map parameters: {map_params}")
return create_bpf_map(module, map_name, map_params)
def process_perf_event_map(map_name, rval, module):
print(f"Creating PerfEventArray map: {map_name}")
map_params = {"type": "PERF_EVENT_ARRAY"}
if len(rval.args) >= 1 and isinstance(rval.args[0], ast.Name):
map_params["key_size"] = rval.args[0].id
if len(rval.args) >= 2 and isinstance(rval.args[1], ast.Name):
map_params["value_size"] = rval.args[1].id
for keyword in rval.keywords:
if keyword.arg == "key_size" and isinstance(keyword.value, ast.Name):
map_params["key_size"] = keyword.value.id
elif keyword.arg == "value_size" and isinstance(keyword.value, ast.Name):
map_params["value_size"] = keyword.value.id
print(f"Map parameters: {map_params}")
return create_bpf_map(module, map_name, map_params)
def process_bpf_map(func_node, module):
"""Process a BPF map (a function decorated with @map)"""
map_name = func_node.name
print(f"Processing BPF map: {map_name}")
BPF_MAP_TYPES = {"HashMap": process_hash_map, # BPF_MAP_TYPE_HASH
"PerfEventArray": process_perf_event_map, # BPF_MAP_TYPE_PERF_EVENT_ARRAY
}
# For now, assume single return statement
return_stmt = None
for stmt in func_node.body:
if isinstance(stmt, ast.Return):
return_stmt = stmt
break
if return_stmt is None:
raise ValueError("BPF map must have a return statement")
rval = return_stmt.value
# Handle only HashMap maps
if isinstance(rval, ast.Call) and isinstance(rval.func, ast.Name):
if rval.func.id in BPF_MAP_TYPES:
handler = BPF_MAP_TYPES[rval.func.id]
handler(map_name, rval, module)
else:
print(f"Unknown map type {rval.func.id}, defaulting to HashMap")
process_hash_map(map_name, rval, module)
else:
raise ValueError("Function under @map must return a map")

1
pythonbpf/structs/__init__.py Normal file
View File

@ -0,0 +1 @@
from .structs_pass import structs_proc

31
pythonbpf/structs/struct_type.py Normal file
View File

@ -0,0 +1,31 @@
from llvmlite import ir
class StructType:
def __init__(self, ir_type, fields, size):
self.ir_type = ir_type
self.fields = fields
self.size = size
def field_idx(self, field_name):
return list(self.fields.keys()).index(field_name)
def field_type(self, field_name):
return self.fields[field_name]
def gep(self, builder, ptr, field_name):
idx = self.field_idx(field_name)
return builder.gep(ptr, [ir.Constant(ir.IntType(32), 0),
ir.Constant(ir.IntType(32), idx)],
inbounds=True)
def field_size(self, field_name):
fld = self.fields[field_name]
if isinstance(fld, ir.ArrayType):
return fld.count * (fld.element.width // 8)
elif isinstance(fld, ir.IntType):
return fld.width // 8
elif isinstance(fld, ir.PointerType):
return 8
raise TypeError(f"Unsupported field type: {fld}")

97
pythonbpf/structs/structs_pass.py Normal file
View File

@ -0,0 +1,97 @@
import ast
import logging
from llvmlite import ir
from pythonbpf.type_deducer import ctypes_to_ir
from .struct_type import StructType
logger = logging.getLogger(__name__)
# TODO: Shall we allow the following syntax:
# struct MyStruct:
# field1: int
# field2: str(32)
# Where int is mapped to c_uint64?
# Shall we just int64, int32 and uint32 similarly?
def structs_proc(tree, module, chunks):
""" Process all class definitions to find BPF structs """
structs_sym_tab = {}
for cls_node in chunks:
if is_bpf_struct(cls_node):
print(f"Found BPF struct: {cls_node.name}")
struct_info = process_bpf_struct(cls_node, module)
structs_sym_tab[cls_node.name] = struct_info
return structs_sym_tab
def is_bpf_struct(cls_node):
return any(
isinstance(decorator, ast.Name) and decorator.id == "struct"
for decorator in cls_node.decorator_list
)
def process_bpf_struct(cls_node, module):
""" Process a single BPF struct definition """
fields = parse_struct_fields(cls_node)
field_types = list(fields.values())
total_size = calc_struct_size(field_types)
struct_type = ir.LiteralStructType(field_types)
logger.info(f"Created struct {cls_node.name} with fields {fields.keys()}")
return StructType(struct_type, fields, total_size)
def parse_struct_fields(cls_node):
""" Parse fields of a struct class node """
fields = {}
for item in cls_node.body:
if isinstance(item, ast.AnnAssign) and \
isinstance(item.target, ast.Name):
fields[item.target.id] = get_type_from_ann(item.annotation)
else:
logger.error(f"Unsupported struct field: {ast.dump(item)}")
raise TypeError(f"Unsupported field in {ast.dump(cls_node)}")
return fields
def get_type_from_ann(annotation):
""" Convert an AST annotation node to an LLVM IR type for struct fields"""
if isinstance(annotation, ast.Call) and \
isinstance(annotation.func, ast.Name):
if annotation.func.id == "str":
# Char array
# Assumes constant integer argument
length = annotation.args[0].value
return ir.ArrayType(ir.IntType(8), length)
elif isinstance(annotation, ast.Name):
# Int type, written as c_int64, c_uint32, etc.
return ctypes_to_ir(annotation.id)
raise TypeError(f"Unsupported annotation type: {ast.dump(annotation)}")
def calc_struct_size(field_types):
""" Calculate total size of the struct with alignment and padding """
curr_offset = 0
for ftype in field_types:
if isinstance(ftype, ir.IntType):
fsize = ftype.width // 8
alignment = fsize
elif isinstance(ftype, ir.ArrayType):
fsize = ftype.count * (ftype.element.width // 8)
alignment = ftype.element.width // 8
elif isinstance(ftype, ir.PointerType):
# We won't encounter this rn, but for the future
fsize = 8
alignment = 8
else:
raise TypeError(f"Unsupported field type: {ftype}")
padding = (alignment - (curr_offset % alignment)) % alignment
curr_offset += padding + fsize
final_padding = (8 - (curr_offset % 8)) % 8
return curr_offset + final_padding

39
pythonbpf/structs_pass.py
View File

@ -1,39 +0,0 @@
import ast
from llvmlite import ir
from .type_deducer import ctypes_to_ir
from . import dwarf_constants as dc
structs_sym_tab = {}
def structs_proc(tree, module, chunks):
for cls_node in chunks:
# Check if this class is a struct
is_struct = False
for decorator in cls_node.decorator_list:
if isinstance(decorator, ast.Name) and decorator.id == "struct":
is_struct = True
break
if is_struct:
print(f"Found BPF struct: {cls_node.name}")
process_bpf_struct(cls_node, module)
continue
return structs_sym_tab
def process_bpf_struct(cls_node, module):
struct_name = cls_node.name
field_names = []
field_types = []
for item in cls_node.body:
if isinstance(item, ast.AnnAssign) and isinstance(item.target, ast.Name):
field_names.append(item.target.id)
field_types.append(ctypes_to_ir(item.annotation.id))
struct_type = ir.LiteralStructType(field_types)
structs_sym_tab[struct_name] = {
"type": struct_type,
"fields": {name: idx for idx, name in enumerate(field_names)}
}
print(f"Created struct {struct_name} with fields {field_names}")

54
pythonbpf/trace.py
View File

@ -1,54 +0,0 @@
class TraceEvent:
def __init__(self, timestamp, comm, pid, cpu, flags, message):
"""Represents a parsed trace pipe event"""
self.timestamp = timestamp # float: timestamp in seconds
self.comm = comm # str: command name
self.pid = pid # int: process ID
self.cpu = cpu # int: CPU number
self.flags = flags # str: trace flags
self.message = message # str: the actual message
def __iter__(self):
"""Allow unpacking like the original BCC tuple"""
yield self.comm
yield self.pid
yield self.cpu
yield self.flags
yield self.timestamp
yield self.message
class TraceReader:
def __init__(self, trace_pipe_path="/sys/kernel/debug/tracing/trace_pipe"):
self.trace_pipe_path = trace_pipe_path
self.file = None
def __enter__(self):
self.file = open(self.trace_pipe_path, "r")
return self
def __exit__(self, exc_type, exc_val, exc_tb):
if self.file:
self.file.close()
def __iter__(self):
while True:
event = self.trace_fields()
if event:
yield event
def trace_fields(self):
"""Read and parse one line from the trace pipe"""
if not self.file:
self.file = open(self.trace_pipe_path, "r")
line = self.file.readline()
if not line:
return None
# Parse the line into components (simplified)
# Real implementation would need more robust parsing
parts = self._parse_trace_line(line)
return TraceEvent(*parts)
def _parse_trace_line(self, line):
# TODO: Implement
pass

0
examples/c-form/Makefile → tests/c-form/Makefile
View File

0
examples/c-form/ex2.bpf.c → tests/c-form/ex2.bpf.c
View File

0
examples/c-form/ex3-2.bpf.c → tests/c-form/ex3-2.bpf.c
View File

0
examples/c-form/ex3.bpf.c → tests/c-form/ex3.bpf.c
View File

0
examples/c-form/ex4.bpf.c → tests/c-form/ex4.bpf.c
View File

0
examples/c-form/ex5.bpf.c → tests/c-form/ex5.bpf.c
View File

0
examples/c-form/ex6.bpf.c → tests/c-form/ex6.bpf.c
View File

47
tests/c-form/ex7.bpf.c Normal file
View File

@ -0,0 +1,47 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
struct trace_entry {
short unsigned int type;
unsigned char flags;
unsigned char preempt_count;
int pid;
};
struct trace_event_raw_sys_enter {
struct trace_entry ent;
long int id;
long unsigned int args[6];
char __data[0];
};
struct event {
__u32 pid;
__u32 uid;
__u64 ts;
};
struct {
__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
__uint(key_size, sizeof(int));
__uint(value_size, sizeof(int));
} events SEC(".maps");
SEC("tp/syscalls/sys_enter_setuid")
int handle_setuid_entry(struct trace_event_raw_sys_enter *ctx) {
struct event data = {};
// Extract UID from the syscall arguments
data.uid = (unsigned int)ctx->args[0];
data.ts = bpf_ktime_get_ns();
data.pid = bpf_get_current_pid_tgid() >> 32;
bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data, sizeof(data));
return 0;
}
char LICENSE[] SEC("license") = "GPL";

47
tests/c-form/ex8.bpf.c Normal file
View File

@ -0,0 +1,47 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include <linux/blkdev.h>
#define __TARGET_ARCH_aarch64
#define u64 unsigned long long
struct {
__uint(type, BPF_MAP_TYPE_HASH);
__uint(max_entries, 10240);
__type(key, struct request *);
__type(value, u64);
} start SEC(".maps");
SEC("kprobe/blk_start_request")
int BPF_KPROBE(trace_start_req, struct request *req)
{
u64 ts = bpf_ktime_get_ns();
bpf_map_update_elem(&start, &req, &ts, BPF_ANY);
return 0;
}
SEC("kprobe/blk_mq_start_request")
int BPF_KPROBE(trace_start_mq, struct request *req)
{
u64 ts = bpf_ktime_get_ns();
bpf_map_update_elem(&start, &req, &ts, BPF_ANY);
return 0;
}
SEC("kprobe/blk_account_io_completion")
int BPF_KPROBE(trace_completion, struct request *req)
{
u64 *tsp, delta;
tsp = bpf_map_lookup_elem(&start, &req);
if (tsp) {
delta = bpf_ktime_get_ns() - *tsp;
bpf_printk("%d %x %d\n", req->__data_len,
req->cmd_flags, delta / 1000);
bpf_map_delete_elem(&start, &req);
}
return 0;
}
char LICENSE[] SEC("license") = "GPL";

0
examples/c-form/example.bpf.c → tests/c-form/example.bpf.c
View File

0
examples/c-form/vmlinux.h → tests/c-form/vmlinux.h vendored
View File

0
examples/check.sh → tools/check.sh
View File

20
tools/compile.py
View File

@ -1,20 +0,0 @@
#!/usr/bin/env python3
import argparse, subprocess, os
from pythonbpf import codegen
def main():
parser = argparse.ArgumentParser()
parser.add_argument("source", help="Python BPF program")
args = parser.parse_args()
ll_file = os.path.splitext(args.source)[0] + ".ll"
o_file = os.path.splitext(args.source)[0] + ".o"
print(f"[+] Compiling {args.source}{ll_file}")
codegen.compile_to_ir(args.source, ll_file)
print("[+] Running llc -march=bpf")
subprocess.run(["llc", "-march=bpf", "-filetype=obj", "-O2", ll_file, "-o", o_file], check=True)
if __name__ == "__main__":
main()