add globals todo

Signed-off-by: varun-r-mallya <varunrmallya@gmail.com>

.gitignore

@@ -6,3 +6,4 @@
 __pycache__/
 *.ll
 *.o
+.ipynb_checkpoints/

demo/bcc.py

@@ -1,46 +0,0 @@
-from __future__ import print_function
-from bcc import BPF
-from bcc.utils import printb
-
-# load BPF program
-b = BPF(text="""
-#include <uapi/linux/ptrace.h>
-
-BPF_HASH(last);
-
-int do_trace(struct pt_regs *ctx) {
-    u64 ts, *tsp, delta, key = 0;
-
-    // attempt to read stored timestamp
-    tsp = last.lookup(&key);
-    if (tsp != NULL) {
-        delta = bpf_ktime_get_ns() - *tsp;
-        if (delta < 1000000000) {
-            // output if time is less than 1 second
-            bpf_trace_printk("%d\\n", delta / 1000000);
-        }
-        last.delete(&key);
-    }
-
-    // update stored timestamp
-    ts = bpf_ktime_get_ns();
-    last.update(&key, &ts);
-    return 0;
-}
-""")
-
-b.attach_kprobe(event=b.get_syscall_fnname("sync"), fn_name="do_trace")
-print("Tracing for quick sync's... Ctrl-C to end")
-
-# TODO
-# format output
-start = 0
-while 1:
-    try:
-        (task, pid, cpu, flags, ts, ms) = b.trace_fields()
-        if start == 0:
-            start = ts
-        ts = ts - start
-        printb(b"At time %.2f s: multiple syncs detected, last %s ms ago" % (ts, ms))
-    except KeyboardInterrupt:
-        exit()

demo/pybpf0.py

@@ -1,23 +0,0 @@
-from pythonbpf import bpf, section, bpfglobal, compile
-
-from ctypes import c_void_p, c_int64
-
-# Instructions to how to run this program
-# 1. Install PythonBPF: pip install pythonbpf
-# 2. Run the program: python demo/pybpf0.py
-# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf0.o
-# 4. Start up any program and watch the output
-
-
-@bpf
-@section("tracepoint/syscalls/sys_enter_execve")
-def hello_world(ctx: c_void_p) -> c_int64:
-    print("Hello, World!")
-    return c_int64(0)
-
-@bpf
-@bpfglobal
-def LICENSE() -> str:
-    return "GPL"
-
-compile()

demo/pybpf3.py

@@ -1,52 +0,0 @@
-from pythonbpf import bpf, map, section, bpfglobal, compile
-from pythonbpf.helpers import ktime
-from pythonbpf.maps import HashMap
-
-from ctypes import c_void_p, c_int64, c_uint64
-
-# Instructions to how to run this program
-# 1. Install PythonBPF: pip install pythonbpf
-# 2. Run the program: python demo/pybpf3.py
-# 3. Run the program with sudo: sudo examples/check.sh run demo/pybpf3.o
-# 4. Start up any program and watch the output
-
-@bpf
-@map
-def last() -> HashMap:
-    return HashMap(key=c_uint64, value=c_uint64, max_entries=3)
-
-
-@bpf
-@section("tracepoint/syscalls/sys_enter_execve")
-def do_trace(ctx: c_void_p) -> c_int64:
-    key = 0
-    tsp = last().lookup(key)
-    if tsp:
-        kt = ktime()
-        delta = (kt - tsp)
-        if delta < 1000000000:
-            time_ms = (delta // 1000000)
-            print(f"Execve syscall entered within last second, last {time_ms} ms ago")
-        last().delete(key)
-    else:
-        kt = ktime()
-        last().update(key, kt)
-    return c_int64(0)
-
-@bpf
-@section("tracepoint/syscalls/sys_exit_execve")
-def do_exit(ctx: c_void_p) -> c_int64:
-    va = 8
-    nm = 5 ^ va
-    al = 6 & 3
-    ru = (nm + al)
-    print(f"this is a variable {ru}")
-    return c_int64(0)
-
-@bpf
-@bpfglobal
-def LICENSE() -> str:
-    return "GPL"
-
-
-compile()

examples/c-form/ex3-2.bpf.c

@@ -2,38 +2,39 @@
 #include <bpf/bpf_helpers.h>
 
 #define u64 unsigned long long
+#define u32 unsigned int
 
 // Define the map
 struct {
     __uint(type, BPF_MAP_TYPE_HASH);
     __type(key, u64);
-    __type(value, u64);
+    __type(value, u32);
     __uint(max_entries, 4);
 } last SEC(".maps");
 
-// Handler for syscall entry
+// // Handler for syscall entry
-SEC("tracepoint/syscalls/sys_enter_execve")
+// SEC("tracepoint/syscalls/sys_enter_execve")
-int hello(void *ctx) {
+// int hello(void *ctx) {
-    bpf_printk("entered");
+//     bpf_printk("entered");
-    bpf_printk("multi constant support");
+//     bpf_printk("multi constant support");
-    return 0;
+//     return 0;
-}
+// }
 
-// Handler for syscall exit
+// // Handler for syscall exit
-SEC("tracepoint/syscalls/sys_exit_execve")
+// SEC("tracepoint/syscalls/sys_exit_execve")
-long hello_again(void *ctx) {
+// long hello_again(void *ctx) {
-    bpf_printk("exited");
+//     bpf_printk("exited");
 
-    // Create a key for map lookup
+//     // Create a key for map lookup
-    u64 key = 0;
+//     u64 key = 0;
 
-    // Simple lookup without conditionals
+//     // Simple lookup without conditionals
-    u64 *tsp = bpf_map_lookup_elem(&last, &key);
+//     u64 *tsp = bpf_map_lookup_elem(&last, &key);
 
-    // Get current timestamp
+//     // Get current timestamp
-    u64 ts = bpf_ktime_get_ns();
+//     u64 ts = bpf_ktime_get_ns();
 
-    return 0;
+//     return 0;
-}
+// }
 
 char LICENSE[] SEC("license") = "GPL";

examples/execve2.py

@@ -1,4 +1,4 @@
-from pythonbpf.decorators import bpf, map, section, bpfglobal
+from pythonbpf import bpf, map, section, bpfglobal, compile_to_ir
 from ctypes import c_void_p, c_int64, c_int32, c_uint64
 from pythonbpf.helpers import ktime
 from pythonbpf.maps import HashMap
@@ -10,26 +10,28 @@ def last() -> HashMap:
     return HashMap(key=c_uint64, value=c_uint64, max_entries=1)
 
 
-@bpf
+# @bpf
-@section("tracepoint/syscalls/sys_enter_execve")
+# @section("tracepoint/syscalls/sys_enter_execve")
-def hello(ctx: c_void_p) -> c_int32:
+# def hello(ctx: c_void_p) -> c_int32:
-    print("entered")
+#     print("entered")
-    print("multi constant support")
+#     print("multi constant support")
-    return c_int32(0)
+#     return c_int32(0)
 
 
-@bpf
+# @bpf
-@section("tracepoint/syscalls/sys_exit_execve")
+# @section("tracepoint/syscalls/sys_exit_execve")
-def hello_again(ctx: c_void_p) -> c_int64:
+# def hello_again(ctx: c_void_p) -> c_int64:
-    print("exited")
+#     print("exited")
-    key = 0
+#     key = 0
-    tsp = last().lookup(key)
+#     tsp = last().lookup(key)
-    print(tsp)
+#     print(tsp)
-    ts = ktime()
+#     ts = ktime()
-    return c_int64(0)
+#     return c_int64(0)
 
 
 @bpf
 @bpfglobal
 def LICENSE() -> str:
     return "GPL"
+
+compile_to_ir("execve2.py", "execve2.ll")

examples/execve5.py

@@ -26,10 +26,10 @@ def hello(ctx: c_void_p) -> c_int32:
     ts = ktime()
     process_id = pid()
     strobj = "hellohellohello"
-    dataobj.pid = process_id
+    dataobj.pid = pid()
-    dataobj.ts = ts
+    dataobj.ts = ktime()
     # dataobj.comm = strobj
-    print(f"clone called at {ts} by pid {process_id}, comm {strobj}")
+    print(f"clone called at {dataobj.ts} by pid {dataobj.pid}, comm {strobj}")
     events.output(dataobj)
     return c_int32(0)
 

examples/hello_world.py

@@ -1,15 +0,0 @@
-# This is what it is going to look like
-# pylint: disable-all# type: ignore
-from pythonbpf.decorators import tracepoint, syscalls, bpfglobal, bpf
-from ctypes import c_void_p, c_int32
-
-@bpf
-@tracepoint(syscalls.sys_clone)
-def trace_clone(ctx: c_void_p) -> c_int32:
-    print("Hello, World!")
-    return c_int32(0)
-
-@bpf
-@bpfglobal
-def LICENSE() -> str:
-    return "GPL"

examples/pybpf0.py

@@ -0,0 +1,35 @@
+from pythonbpf import bpf, section, bpfglobal, BPF
+import sys
+from ctypes import c_void_p, c_int64
+
+# Instructions to how to run this program
+# 1. Install PythonBPF: pip install pythonbpf
+# 2. `sudo /path/to/venv/bin/python ./python-bpf/demo/pybpf0.py`
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return c_int64(0)
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+b = BPF()
+b.load_and_attach()
+
+def main():
+    try:
+        with open("/sys/kernel/debug/tracing/trace_pipe", "r") as f:
+            for line in f:
+                sys.stdout.write(line)
+                sys.stdout.flush()
+    except KeyboardInterrupt:
+        pass
+    except PermissionError:
+        sys.stderr.write("Need root privileges to read trace_pipe\n")
+
+if __name__ == "__main__":
+    main()

examples/pybpf3.py

@@ -0,0 +1,49 @@
+from pythonbpf import *
+from pylibbpf import *
+import sys
+from ctypes import c_void_p, c_int64, c_uint64
+
+@bpf
+@map
+def last() -> HashMap:
+    return HashMap(key=c_uint64, value=c_uint64, max_entries=3)
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_clone")
+def do_trace(ctx: c_void_p) -> c_int64:
+    key = 0
+    tsp = last().lookup(key)
+    if tsp:
+        kt = ktime()
+        delta = (kt - tsp)
+        if delta < 1000000000:
+            time_ms = (delta // 1000000)
+            print(f"Clone syscall entered within last second, last {time_ms} ms ago")
+        last().delete(key)
+    else:
+        kt = ktime()
+        last().update(key, kt)
+    return c_int64(0)
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+b = BPF()
+# autoattaches tracepoints
+b.load_and_attach()
+
+def main():
+    try:
+        with open("/sys/kernel/debug/tracing/trace_pipe", "r") as f:
+            for line in f:
+                sys.stdout.write(line)
+                sys.stdout.flush()
+    except KeyboardInterrupt:
+        pass
+    except PermissionError:
+        sys.stderr.write("Need root privileges to read trace_pipe\n")
+
+if __name__ == "__main__":
+    main()

examples/pybpf4.py

@@ -3,7 +3,8 @@ import time
 from pythonbpf import bpf, map, section, bpfglobal, BPF
 from pythonbpf.helpers import pid
 from pythonbpf.maps import HashMap
-from pylibbpf import *
+from pylibbpf import BpfMap
+
 from ctypes import c_void_p, c_int64, c_uint64, c_int32
 import matplotlib.pyplot as plt
 
@@ -40,7 +41,6 @@ def hello(ctx: c_void_p) -> c_int64:
 def LICENSE() -> str:
     return "GPL"
 
-
 b = BPF()
 b.load_and_attach()
 hist = BpfMap(b, hist)
@@ -48,9 +48,15 @@ print("Recording")
 time.sleep(10)
 
 counts = list(hist.values())
+x = 0
+for key in hist.keys():
+    if hist[key] > 40:
+        x += 1
+        print(f"PID {key} called clone() >40 times")
 
+print(f"Total PIDs with clone() >40 times: {x}")
 plt.hist(counts, bins=20)
 plt.xlabel("Clone calls per PID")
-plt.ylabel("Frequency")
+plt.ylabel("Number of processes that called clone() x times in last 10 seconds")
-plt.title("Syscall clone counts")
+plt.title("x")
 plt.show()

pythonbpf/__init__.py

@@ -1,2 +1,4 @@
 from .decorators import bpf, map, section, bpfglobal, struct
 from .codegen import compile_to_ir, compile, BPF
+from .maps import HashMap, PerfEventArray
+from .helpers import pid, XDP_DROP, XDP_PASS, ktime, deref

pythonbpf/bpf_helper_handler.py

@@ -3,7 +3,7 @@ from llvmlite import ir
 from .expr_pass import eval_expr
 
 
-def bpf_ktime_get_ns_emitter(call, map_ptr, module, builder, func, local_sym_tab=None, local_var_metadata=None):
+def bpf_ktime_get_ns_emitter(call, map_ptr, module, builder, func, local_sym_tab=None, struct_sym_tab=None, local_var_metadata=None):
     """
     Emit LLVM IR for bpf_ktime_get_ns helper function call.
     """
@@ -63,7 +63,7 @@ def bpf_map_lookup_elem_emitter(call, map_ptr, module, builder, func, local_sym_
     return result, ir.PointerType()
 
 
-def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None, local_var_metadata=None):
+def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None, struct_sym_tab=None, local_var_metadata=None):
     if not hasattr(func, "_fmt_counter"):
         func._fmt_counter = 0
 
@@ -101,10 +101,42 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None,
                         else:
                             raise NotImplementedError(
                                 "Only integer and pointer types are supported in formatted values.")
-                        print("Formatted value variable:", var_ptr, var_type)
                     else:
                         raise ValueError(
                             f"Variable {value.value.id} not found in local symbol table.")
+                elif isinstance(value.value, ast.Attribute):
+                    # object field access from struct
+                    if isinstance(value.value.value, ast.Name) and local_sym_tab and value.value.value.id in local_sym_tab:
+                        var_name = value.value.value.id
+                        field_name = value.value.attr
+                        if local_var_metadata and var_name in local_var_metadata:
+                            var_type = local_var_metadata[var_name]
+                            if var_type in struct_sym_tab:
+                                struct_info = struct_sym_tab[var_type]
+                                if field_name in struct_info["fields"]:
+                                    field_index = struct_info["fields"][field_name]
+                                    field_type = struct_info["field_types"][field_index]
+                                    if isinstance(field_type, ir.IntType):
+                                        fmt_parts.append("%lld")
+                                        exprs.append(value.value)
+                                    elif field_type == ir.PointerType(ir.IntType(8)):
+                                        fmt_parts.append("%s")
+                                        exprs.append(value.value)
+                                    else:
+                                        raise NotImplementedError(
+                                            "Only integer and pointer types are supported in formatted values.")
+                                else:
+                                    raise ValueError(
+                                        f"Field {field_name} not found in struct {var_type}.")
+                            else:
+                                raise ValueError(
+                                    f"Struct type {var_type} for variable {var_name} not found in struct symbol table.")
+                        else:
+                            raise ValueError(
+                                f"Metadata for variable {var_name} not found in local variable metadata.")
+                    else:
+                        raise ValueError(
+                            f"Variable {value.value.value.id} not found in local symbol table.")
                 else:
                     raise NotImplementedError(
                         "Only simple variable names are supported in formatted values.")
@@ -119,12 +151,12 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None,
         fmt_gvar = ir.GlobalVariable(
             module, ir.ArrayType(ir.IntType(8), len(fmt_str)), name=fmt_name)
         fmt_gvar.global_constant = True
-        fmt_gvar.initializer = ir.Constant(
+        fmt_gvar.initializer = ir.Constant(                 # type: ignore
             ir.ArrayType(ir.IntType(8), len(fmt_str)),
             bytearray(fmt_str.encode("utf8"))
         )
         fmt_gvar.linkage = "internal"
-        fmt_gvar.align = 1
+        fmt_gvar.align = 1              # type: ignore
 
         fmt_ptr = builder.bitcast(fmt_gvar, ir.PointerType())
 
@@ -136,8 +168,9 @@ def bpf_printk_emitter(call, map_ptr, module, builder, func, local_sym_tab=None,
                 "Warning: bpf_printk supports up to 3 arguments, extra arguments will be ignored.")
 
         for expr in exprs[:3]:
+            print(f"{ast.dump(expr)}")
             val, _ = eval_expr(func, module, builder,
-                               expr, local_sym_tab, None)
+                               expr, local_sym_tab, None, struct_sym_tab, local_var_metadata)
             if val:
                 if isinstance(val.type, ir.PointerType):
                     val = builder.ptrtoint(val, ir.IntType(64))
@@ -339,7 +372,7 @@ def bpf_map_delete_elem_emitter(call, map_ptr, module, builder, func, local_sym_
     return result, None
 
 
-def bpf_get_current_pid_tgid_emitter(call, map_ptr, module, builder, func, local_sym_tab=None, local_var_metadata=None):
+def bpf_get_current_pid_tgid_emitter(call, map_ptr, module, builder, func, local_sym_tab=None, struct_sym_tab=None, local_var_metadata=None):
     """
     Emit LLVM IR for bpf_get_current_pid_tgid helper function call.
     """
@@ -420,11 +453,12 @@ helper_func_list = {
 
 
 def handle_helper_call(call, module, builder, func, local_sym_tab=None, map_sym_tab=None, struct_sym_tab=None, local_var_metadata=None):
+    print(local_var_metadata)
     if isinstance(call.func, ast.Name):
         func_name = call.func.id
         if func_name in helper_func_list:
             # it is not a map method call
-            return helper_func_list[func_name](call, None, module, builder, func, local_sym_tab)
+            return helper_func_list[func_name](call, None, module, builder, func, local_sym_tab, struct_sym_tab, local_var_metadata)
         else:
             raise NotImplementedError(
                 f"Function {func_name} is not implemented as a helper function.")

pythonbpf/codegen.py

@@ -1,5 +1,7 @@
 import ast
 from llvmlite import ir
+
+from .debuginfo import DW_LANG_C11, DwarfBehaviorEnum
 from .license_pass import license_processing
 from .functions_pass import func_proc
 from .maps_pass import maps_proc
@@ -10,7 +12,9 @@ import subprocess
 import inspect
 from pathlib import Path
 from pylibbpf import BpfProgram
+import tempfile
 
+version = "v0.1.3"
 
 def find_bpf_chunks(tree):
     """Find all functions decorated with @bpf in the AST."""
@@ -49,16 +53,18 @@ def compile_to_ir(filename: str, output: str):
     module.triple = "bpf"
 
     if not hasattr(module, '_debug_compile_unit'):
-        module._file_metadata = module.add_debug_info("DIFile", {       # type: ignore
+        module._file_metadata = module.add_debug_info("DIFile", {  # type: ignore
             "filename": filename,
             "directory": os.path.dirname(filename)
         })
 
-        module._debug_compile_unit = module.add_debug_info("DICompileUnit", {       # type: ignore
+        module._debug_compile_unit = module.add_debug_info("DICompileUnit", {  # type: ignore
-            "language": 29,  # DW_LANG_C11
+            "language": DW_LANG_C11,
-            "file": module._file_metadata,      # type: ignore
+            "file": module._file_metadata,  # type: ignore
-            "producer": "PythonBPF DSL Compiler",
+            "producer": f"PythonBPF {version}",
-            "isOptimized": True,
+            "isOptimized": True,        #TODO: This is probably not true
+            #TODO: add a global field here that keeps track of all the globals. Works without it, but I think it might
+            # be required for kprobes.
             "runtimeVersion": 0,
             "emissionKind": 1,
             "splitDebugInlining": False,
@@ -66,32 +72,32 @@ def compile_to_ir(filename: str, output: str):
         }, is_distinct=True)
 
         module.add_named_metadata(
-            "llvm.dbg.cu", module._debug_compile_unit)        # type: ignore
+            "llvm.dbg.cu", module._debug_compile_unit)  # type: ignore
 
     processor(source, filename, module)
 
-    wchar_size = module.add_metadata([ir.Constant(ir.IntType(32), 1),
+    wchar_size = module.add_metadata([DwarfBehaviorEnum.ERROR_IF_MISMATCH,
                                       "wchar_size",
                                       ir.Constant(ir.IntType(32), 4)])
-    frame_pointer = module.add_metadata([ir.Constant(ir.IntType(32), 7),
+    frame_pointer = module.add_metadata([DwarfBehaviorEnum.OVERRIDE_USE_LARGEST,
                                          "frame-pointer",
                                          ir.Constant(ir.IntType(32), 2)])
-    # Add Debug Info Version (3 = DWARF v3, which LLVM expects)
+    # Add Debug Info Version 3
-    debug_info_version = module.add_metadata([ir.Constant(ir.IntType(32), 2),
+    debug_info_version = module.add_metadata([DwarfBehaviorEnum.WARNING_IF_MISMATCH,
                                               "Debug Info Version",
                                               ir.Constant(ir.IntType(32), 3)])
 
-    # Add explicit DWARF version (4 is common, works with LLVM BPF backend)
+    # Add explicit DWARF version 5
-    dwarf_version = module.add_metadata([ir.Constant(ir.IntType(32), 2),
+    dwarf_version = module.add_metadata([DwarfBehaviorEnum.OVERRIDE_USE_LARGEST,
                                          "Dwarf Version",
-                                         ir.Constant(ir.IntType(32), 4)])
+                                         ir.Constant(ir.IntType(32), 5)])
 
     module.add_named_metadata("llvm.module.flags", wchar_size)
     module.add_named_metadata("llvm.module.flags", frame_pointer)
     module.add_named_metadata("llvm.module.flags", debug_info_version)
     module.add_named_metadata("llvm.module.flags", dwarf_version)
 
-    module.add_named_metadata("llvm.ident", ["llvmlite PythonBPF v0.0.1"])
+    module.add_named_metadata("llvm.ident", [f"PythonBPF {version}"])
 
     print(f"IR written to {output}")
     with open(output, "w") as f:
@@ -122,14 +128,17 @@ def compile():
 
 def BPF() -> BpfProgram:
     caller_frame = inspect.stack()[1]
-    caller_file = Path(caller_frame.filename).resolve()
+    src = inspect.getsource(caller_frame.frame)
-    ll_file = Path("/tmp") / caller_file.with_suffix(".ll").name
+    with tempfile.NamedTemporaryFile(mode="w+", delete=True, suffix=".py") as f, \
-    o_file = Path("/tmp") / caller_file.with_suffix(".o").name
+            tempfile.NamedTemporaryFile(mode="w+", delete=True, suffix=".ll") as inter, \
-    compile_to_ir(str(caller_file), str(ll_file))
+            tempfile.NamedTemporaryFile(mode="w+", delete=False, suffix=".o") as obj_file:
+        f.write(src)
+        f.flush()
+        source = f.name
+        compile_to_ir(source, str(inter.name))
+        subprocess.run([
+            "llc", "-march=bpf", "-filetype=obj", "-O2",
+            str(inter.name), "-o", str(obj_file.name)
+        ], check=True)
 
-    subprocess.run([
+        return BpfProgram(str(obj_file.name))
-        "llc", "-march=bpf", "-filetype=obj", "-O2",
-        str(ll_file), "-o", str(o_file)
-    ], check=True)
-
-    return BpfProgram(str(o_file))

pythonbpf/debuginfo/__init__.py

@@ -0,0 +1,2 @@
+from .dwarf_constants import *
+from .dtypes import *

pythonbpf/debuginfo/dtypes.py

@@ -0,0 +1,6 @@
+import llvmlite.ir as ir
+
+class DwarfBehaviorEnum:
+    ERROR_IF_MISMATCH = ir.Constant(ir.IntType(32), 1)
+    WARNING_IF_MISMATCH = ir.Constant(ir.IntType(32), 2)  
+    OVERRIDE_USE_LARGEST = ir.Constant(ir.IntType(32), 7)

pythonbpf/expr_pass.py

@@ -4,6 +4,7 @@ from llvmlite import ir
 
 def eval_expr(func, module, builder, expr, local_sym_tab, map_sym_tab, structs_sym_tab=None, local_var_metadata=None):
     print(f"Evaluating expression: {ast.dump(expr)}")
+    print(local_var_metadata)
     if isinstance(expr, ast.Name):
         if expr.id in local_sym_tab:
             var = local_sym_tab[expr.id][0]
@@ -66,6 +67,25 @@ def eval_expr(func, module, builder, expr, local_sym_tab, map_sym_tab, structs_s
                     if method_name in helper_func_list:
                         return handle_helper_call(
                             expr, module, builder, func, local_sym_tab, map_sym_tab, structs_sym_tab, local_var_metadata)
+    elif isinstance(expr, ast.Attribute):
+        if isinstance(expr.value, ast.Name):
+            var_name = expr.value.id
+            attr_name = expr.attr
+            if var_name in local_sym_tab:
+                var_ptr, var_type = local_sym_tab[var_name]
+                print(f"Loading attribute "
+                      f"{attr_name} from variable {var_name}")
+                print(f"Variable type: {var_type}, Variable ptr: {var_ptr}")
+                print(local_var_metadata)
+                if local_var_metadata and var_name in local_var_metadata:
+                    metadata = structs_sym_tab[local_var_metadata[var_name]]
+                    if attr_name in metadata["fields"]:
+                        field_idx = metadata["fields"][attr_name]
+                        gep = builder.gep(var_ptr, [ir.Constant(ir.IntType(32), 0),
+                                                    ir.Constant(ir.IntType(32), field_idx)])
+                        val = builder.load(gep)
+                        field_type = metadata["field_types"][field_idx]
+                        return val, field_type
     print("Unsupported expression evaluation")
     return None
 
@@ -73,6 +93,7 @@ def eval_expr(func, module, builder, expr, local_sym_tab, map_sym_tab, structs_s
 def handle_expr(func, module, builder, expr, local_sym_tab, map_sym_tab, structs_sym_tab, local_var_metadata):
     """Handle expression statements in the function body."""
     print(f"Handling expression: {ast.dump(expr)}")
+    print(local_var_metadata)
     call = expr.value
     if isinstance(call, ast.Call):
         eval_expr(func, module, builder, call, local_sym_tab,

pythonbpf/functions_pass.py

@@ -282,6 +282,7 @@ def handle_if(func, module, builder, stmt, map_sym_tab, local_sym_tab, structs_s
 def process_stmt(func, module, builder, stmt, local_sym_tab, map_sym_tab, structs_sym_tab, did_return, ret_type=ir.IntType(64)):
     print(f"Processing statement: {ast.dump(stmt)}")
     if isinstance(stmt, ast.Expr):
+        print(local_var_metadata)
         handle_expr(func, module, builder, stmt, local_sym_tab,
                     map_sym_tab, structs_sym_tab, local_var_metadata)
     elif isinstance(stmt, ast.Assign):

pythonbpf/maps_pass.py

@@ -1,7 +1,6 @@
 import ast
 from llvmlite import ir
-from .type_deducer import ctypes_to_ir
+from .debuginfo import dwarf_constants as dc
-from . import dwarf_constants as dc
 
 map_sym_tab = {}
 

pythonbpf/structs_pass.py

@@ -1,7 +1,6 @@
 import ast
 from llvmlite import ir
 from .type_deducer import ctypes_to_ir
-from . import dwarf_constants as dc
 
 structs_sym_tab = {}