add c_int to type_deducer.py

move requests.py to passing tests
sort fields in debug info by offset order
2025-12-31 21:06:25 +00:00 · 2025-11-22 13:36:21 +05:30 · 2025-11-22 13:19:55 +05:30 · 2025-11-22 12:35:47 +05:30 · 2025-11-22 01:48:44 +05:30 · 2025-11-22 01:47:25 +05:30
91 changed files with 6680 additions and 122409 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1 +1,3 @@
 tests/c-form/vmlinux.h linguist-vendored
+examples/ linguist-vendored
+BCC-Examples/ linguist-vendored
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@ -33,7 +33,7 @@ jobs:
          python -m build

      - name: Upload distributions
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
        with:
          name: release-dists
          path: dist/
@ -59,7 +59,7 @@ jobs:

    steps:
      - name: Retrieve release distributions
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
        with:
          name: release-dists
          path: dist/
--- a/BCC-Examples/README.md
+++ b/BCC-Examples/README.md
@ -0,0 +1,20 @@
+## BCC examples ported to PythonBPF
+
+This folder contains examples of BCC tutorial examples that have been ported to use **PythonBPF**.
+
+## Requirements
+- install `pythonbpf` and `pylibbpf` using pip.
+- You will also need `matplotlib` for vfsreadlat.py example.
+- You will also need `rich` for vfsreadlat_rich.py example.
+- You will also need `plotly` and `dash` for vfsreadlat_plotly.py example.
+
+## Usage
+- You'll need root privileges to run these examples. If you are using a virtualenv, use the following command to run the scripts:
+  ```bash
+  sudo <path_to_virtualenv>/bin/python3 <script_name>.py
+  ```
+- For vfsreadlat_plotly.py, run the following command to start the Dash server:
+  ```bash
+  sudo <path_to_virtualenv>/bin/python3 vfsreadlat_plotly/bpf_program.py
+  ```
+  Then open your web browser and navigate to the given URL.
--- a/BCC-Examples/hello_fields.ipynb
+++ b/BCC-Examples/hello_fields.ipynb
@ -0,0 +1,83 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "28cf2e27-41e2-461c-a39c-147417141a4e",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pythonbpf import bpf, section, bpfglobal, BPF, trace_fields\n",
+    "from ctypes import c_void_p, c_int64"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "133190e5-5a99-4585-b6e1-91224ed973c2",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "@bpf\n",
+    "@section(\"tracepoint/syscalls/sys_enter_clone\")\n",
+    "def hello_world(ctx: c_void_p) -> c_int64:\n",
+    "    print(\"Hello, World!\")\n",
+    "    return 0\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@bpfglobal\n",
+    "def LICENSE() -> str:\n",
+    "    return \"GPL\"\n",
+    "\n",
+    "\n",
+    "# Compile and load\n",
+    "b = BPF()\n",
+    "b.load()\n",
+    "b.attach_all()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "d3934efb-4043-4545-ae4c-c50ec40a24fd",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# header\n",
+    "print(f\"{'TIME(s)':<18} {'COMM':<16} {'PID':<6} {'MESSAGE'}\")\n",
+    "\n",
+    "# format output\n",
+    "while True:\n",
+    "    try:\n",
+    "        (task, pid, cpu, flags, ts, msg) = trace_fields()\n",
+    "    except ValueError:\n",
+    "        continue\n",
+    "    except KeyboardInterrupt:\n",
+    "        exit()\n",
+    "    print(f\"{ts:<18} {task:<16} {pid:<6} {msg}\")"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.13.3"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
--- a/BCC-Examples/hello_fields.py
+++ b/BCC-Examples/hello_fields.py
@ -0,0 +1,34 @@
+from pythonbpf import bpf, section, bpfglobal, BPF, trace_fields
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_clone")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Compile and load
+b = BPF()
+b.load()
+b.attach_all()
+
+# header
+print(f"{'TIME(s)':<18} {'COMM':<16} {'PID':<6} {'MESSAGE'}")
+
+# format output
+while True:
+    try:
+        (task, pid, cpu, flags, ts, msg) = trace_fields()
+    except ValueError:
+        continue
+    except KeyboardInterrupt:
+        exit()
+    print(f"{ts:<18} {task:<16} {pid:<6} {msg}")
--- a/BCC-Examples/hello_perf_output.ipynb
+++ b/BCC-Examples/hello_perf_output.ipynb
@ -0,0 +1,110 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "79b74928-f4b4-4320-96e3-d973997de2f4",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pythonbpf import bpf, map, struct, section, bpfglobal, BPF\n",
+    "from pythonbpf.helper import ktime, pid, comm\n",
+    "from pythonbpf.maps import PerfEventArray\n",
+    "from ctypes import c_void_p, c_int64"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "5bdb0329-ae2d-45e8-808e-5ed5b1374204",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "@bpf\n",
+    "@struct\n",
+    "class data_t:\n",
+    "    pid: c_int64\n",
+    "    ts: c_int64\n",
+    "    comm: str(16)\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@map\n",
+    "def events() -> PerfEventArray:\n",
+    "    return PerfEventArray(key_size=c_int64, value_size=c_int64)\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@section(\"tracepoint/syscalls/sys_enter_clone\")\n",
+    "def hello(ctx: c_void_p) -> c_int64:\n",
+    "    dataobj = data_t()\n",
+    "    dataobj.pid, dataobj.ts = pid(), ktime()\n",
+    "    comm(dataobj.comm)\n",
+    "    events.output(dataobj)\n",
+    "    return 0\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@bpfglobal\n",
+    "def LICENSE() -> str:\n",
+    "    return \"GPL\"\n",
+    "\n",
+    "\n",
+    "# Compile and load\n",
+    "b = BPF()\n",
+    "b.load()\n",
+    "b.attach_all()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "4bcc7d57-6cc4-48a3-bbd2-42ad6263afdf",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "start = 0\n",
+    "\n",
+    "\n",
+    "def callback(cpu, event):\n",
+    "    global start\n",
+    "    if start == 0:\n",
+    "        start = event.ts\n",
+    "    ts = (event.ts - start) / 1e9\n",
+    "    print(f\"[CPU {cpu}] PID: {event.pid}, TS: {ts}, COMM: {event.comm.decode()}\")\n",
+    "\n",
+    "\n",
+    "perf = b[\"events\"].open_perf_buffer(callback, struct_name=\"data_t\")\n",
+    "print(\"Starting to poll... (Ctrl+C to stop)\")\n",
+    "print(\"Try running: fork() or clone() system calls to trigger events\")\n",
+    "\n",
+    "try:\n",
+    "    while True:\n",
+    "        b[\"events\"].poll(1000)\n",
+    "except KeyboardInterrupt:\n",
+    "    print(\"Stopping...\")"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.13.3"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
--- a/BCC-Examples/hello_perf_output.py
+++ b/BCC-Examples/hello_perf_output.py
@ -0,0 +1,61 @@
+from pythonbpf import bpf, map, struct, section, bpfglobal, BPF
+from pythonbpf.helper import ktime, pid, comm
+from pythonbpf.maps import PerfEventArray
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@struct
+class data_t:
+    pid: c_int64
+    ts: c_int64
+    comm: str(16)  # type: ignore [valid-type]
+
+
+@bpf
+@map
+def events() -> PerfEventArray:
+    return PerfEventArray(key_size=c_int64, value_size=c_int64)
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_clone")
+def hello(ctx: c_void_p) -> c_int64:
+    dataobj = data_t()
+    dataobj.pid, dataobj.ts = pid(), ktime()
+    comm(dataobj.comm)
+    events.output(dataobj)
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Compile and load
+b = BPF()
+b.load()
+b.attach_all()
+
+start = 0
+
+
+def callback(cpu, event):
+    global start
+    if start == 0:
+        start = event.ts
+    ts = (event.ts - start) / 1e9
+    print(f"[CPU {cpu}] PID: {event.pid}, TS: {ts}, COMM: {event.comm.decode()}")
+
+
+perf = b["events"].open_perf_buffer(callback, struct_name="data_t")
+print("Starting to poll... (Ctrl+C to stop)")
+print("Try running: fork() or clone() system calls to trigger events")
+
+try:
+    while True:
+        b["events"].poll(1000)
+except KeyboardInterrupt:
+    print("Stopping...")
--- a/BCC-Examples/hello_world.ipynb
+++ b/BCC-Examples/hello_world.ipynb
@ -0,0 +1,116 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "id": "7d5d3cfb-39ba-4516-9856-b3bed47a0cef",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe\n",
+    "from ctypes import c_void_p, c_int64"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 10,
+   "id": "cf1c87aa-e173-4156-8f2d-762225bc6d19",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "@bpf\n",
+    "@section(\"tracepoint/syscalls/sys_enter_clone\")\n",
+    "def hello_world(ctx: c_void_p) -> c_int64:\n",
+    "    print(\"Hello, World!\")\n",
+    "    return 0\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@bpfglobal\n",
+    "def LICENSE() -> str:\n",
+    "    return \"GPL\"\n",
+    "\n",
+    "\n",
+    "b = BPF()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "bd81383d-f75a-4269-8451-3d985d85b124",
+   "metadata": {
+    "scrolled": true
+   },
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "      Cache2 I/O-4716    [003] ...21  8218.000492: bpf_trace_printk: count: 11 with 4716\n",
+      "\n",
+      "      Cache2 I/O-4716    [003] ...21  8218.000499: bpf_trace_printk: Hello, World!\n",
+      "\n",
+      "   WebExtensions-5168    [002] ...21  8219.320392: bpf_trace_printk: count: 13 with 5168\n",
+      "\n",
+      "   WebExtensions-5168    [002] ...21  8219.320399: bpf_trace_printk: Hello, World!\n",
+      "\n",
+      "          python-21155   [001] ...21  8220.933716: bpf_trace_printk: count: 5 with 21155\n",
+      "\n",
+      "          python-21155   [001] ...21  8220.933721: bpf_trace_printk: Hello, World!\n",
+      "\n",
+      "          python-21155   [002] ...21  8221.341290: bpf_trace_printk: count: 6 with 21155\n",
+      "\n",
+      "          python-21155   [002] ...21  8221.341295: bpf_trace_printk: Hello, World!\n",
+      "\n",
+      " Isolated Web Co-5462    [000] ...21  8223.095033: bpf_trace_printk: count: 7 with 5462\n",
+      "\n",
+      " Isolated Web Co-5462    [000] ...21  8223.095043: bpf_trace_printk: Hello, World!\n",
+      "\n",
+      "         firefox-4542    [000] ...21  8227.760067: bpf_trace_printk: count: 8 with 4542\n",
+      "\n",
+      "         firefox-4542    [000] ...21  8227.760080: bpf_trace_printk: Hello, World!\n",
+      "\n",
+      " Isolated Web Co-12404   [003] ...21  8227.917086: bpf_trace_printk: count: 7 with 12404\n",
+      "\n",
+      " Isolated Web Co-12404   [003] ...21  8227.917095: bpf_trace_printk: Hello, World!\n",
+      "\n"
+     ]
+    }
+   ],
+   "source": [
+    "b.load()\n",
+    "b.attach_all()\n",
+    "trace_pipe()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "01e1f25b-decc-425b-a1aa-a5e701082574",
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.13.3"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
--- a/BCC-Examples/hello_world.py
+++ b/BCC-Examples/hello_world.py
@ -0,0 +1,23 @@
+from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_clone")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("Hello, World!")
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Compile and load
+b = BPF()
+b.load()
+b.attach_all()
+
+trace_pipe()
--- a/BCC-Examples/sync_count.ipynb
+++ b/BCC-Examples/sync_count.ipynb
@ -0,0 +1,107 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "dcab010c-f5e9-446f-9f9f-056cc794ad14",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pythonbpf import bpf, map, section, bpfglobal, BPF, trace_fields\n",
+    "from pythonbpf.helper import ktime\n",
+    "from pythonbpf.maps import HashMap\n",
+    "\n",
+    "from ctypes import c_void_p, c_int64"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "720797e8-9c81-4af6-a385-80f1ec4c0f15",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "@bpf\n",
+    "@map\n",
+    "def last() -> HashMap:\n",
+    "    return HashMap(key=c_int64, value=c_int64, max_entries=2)\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@section(\"tracepoint/syscalls/sys_enter_sync\")\n",
+    "def do_trace(ctx: c_void_p) -> c_int64:\n",
+    "    ts_key, cnt_key = 0, 1\n",
+    "    tsp, cntp = last.lookup(ts_key), last.lookup(cnt_key)\n",
+    "    if not cntp:\n",
+    "        last.update(cnt_key, 0)\n",
+    "        cntp = last.lookup(cnt_key)\n",
+    "    if tsp:\n",
+    "        delta = ktime() - tsp\n",
+    "        if delta < 1000000000:\n",
+    "            time_ms = delta // 1000000\n",
+    "            print(f\"{time_ms} {cntp}\")\n",
+    "        last.delete(ts_key)\n",
+    "    else:\n",
+    "        last.update(ts_key, ktime())\n",
+    "    last.update(cnt_key, cntp + 1)\n",
+    "    return 0\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@bpfglobal\n",
+    "def LICENSE() -> str:\n",
+    "    return \"GPL\"\n",
+    "\n",
+    "\n",
+    "# Compile and load\n",
+    "b = BPF()\n",
+    "b.load()\n",
+    "b.attach_all()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "78a8b82c-7c5f-43c1-9de1-cd982a0f345b",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "print(\"Tracing for quick sync's... Ctrl-C to end\")\n",
+    "\n",
+    "# format output\n",
+    "start = 0\n",
+    "while True:\n",
+    "    try:\n",
+    "        task, pid, cpu, flags, ts, msg = trace_fields()\n",
+    "        if start == 0:\n",
+    "            start = ts\n",
+    "        ts -= start\n",
+    "        ms, cnt = msg.split()\n",
+    "        print(f\"At time {ts} s: Multiple syncs detected, last {ms} ms ago. Count {cnt}\")\n",
+    "    except KeyboardInterrupt:\n",
+    "        exit()"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.13.3"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
--- a/BCC-Examples/sync_count.py
+++ b/BCC-Examples/sync_count.py
@ -0,0 +1,58 @@
+from pythonbpf import bpf, map, section, bpfglobal, BPF, trace_fields
+from pythonbpf.helper import ktime
+from pythonbpf.maps import HashMap
+
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@map
+def last() -> HashMap:
+    return HashMap(key=c_int64, value=c_int64, max_entries=2)
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_sync")
+def do_trace(ctx: c_void_p) -> c_int64:
+    ts_key, cnt_key = 0, 1
+    tsp, cntp = last.lookup(ts_key), last.lookup(cnt_key)
+    if not cntp:
+        last.update(cnt_key, 0)
+        cntp = last.lookup(cnt_key)
+    if tsp:
+        delta = ktime() - tsp
+        if delta < 1000000000:
+            time_ms = delta // 1000000
+            print(f"{time_ms} {cntp}")
+        last.delete(ts_key)
+    else:
+        last.update(ts_key, ktime())
+    last.update(cnt_key, cntp + 1)
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Compile and load
+b = BPF()
+b.load()
+b.attach_all()
+
+print("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+while True:
+    try:
+        task, pid, cpu, flags, ts, msg = trace_fields()
+        if start == 0:
+            start = ts
+        ts -= start
+        ms, cnt = msg.split()
+        print(f"At time {ts} s: Multiple syncs detected, last {ms} ms ago. Count {cnt}")
+    except KeyboardInterrupt:
+        exit()
--- a/BCC-Examples/sync_perf_output.ipynb
+++ b/BCC-Examples/sync_perf_output.ipynb
@ -0,0 +1,134 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "b0d1ab05-0c1f-4578-9c1b-568202b95a5c",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pythonbpf import bpf, map, struct, section, bpfglobal, BPF\n",
+    "from pythonbpf.helper import ktime\n",
+    "from pythonbpf.maps import HashMap, PerfEventArray\n",
+    "from ctypes import c_void_p, c_int64"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "85e50d0a-f9d8-468f-8e03-f5f7128f05d8",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "@bpf\n",
+    "@struct\n",
+    "class data_t:\n",
+    "    ts: c_int64\n",
+    "    ms: c_int64\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@map\n",
+    "def events() -> PerfEventArray:\n",
+    "    return PerfEventArray(key_size=c_int64, value_size=c_int64)\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@map\n",
+    "def last() -> HashMap:\n",
+    "    return HashMap(key=c_int64, value=c_int64, max_entries=1)\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@section(\"tracepoint/syscalls/sys_enter_sync\")\n",
+    "def do_trace(ctx: c_void_p) -> c_int64:\n",
+    "    dat, dat.ts, key = data_t(), ktime(), 0\n",
+    "    tsp = last.lookup(key)\n",
+    "    if tsp:\n",
+    "        delta = ktime() - tsp\n",
+    "        if delta < 1000000000:\n",
+    "            dat.ms = delta // 1000000\n",
+    "            events.output(dat)\n",
+    "        last.delete(key)\n",
+    "    else:\n",
+    "        last.update(key, ktime())\n",
+    "    return 0\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@bpfglobal\n",
+    "def LICENSE() -> str:\n",
+    "    return \"GPL\"\n",
+    "\n",
+    "\n",
+    "# Compile and load\n",
+    "b = BPF()\n",
+    "b.load()\n",
+    "b.attach_all()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "40bb1107-369f-4be7-9f10-37201900c16b",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "print(\"Tracing for quick sync's... Ctrl-C to end\")\n",
+    "\n",
+    "# format output\n",
+    "start = 0\n",
+    "\n",
+    "\n",
+    "def callback(cpu, event):\n",
+    "    global start\n",
+    "    if start == 0:\n",
+    "        start = event.ts\n",
+    "    event.ts -= start\n",
+    "    print(\n",
+    "        f\"At time {event.ts / 1e9} s: Multiple sync detected, Last sync: {event.ms} ms ago\"\n",
+    "    )\n",
+    "\n",
+    "\n",
+    "perf = b[\"events\"].open_perf_buffer(callback, struct_name=\"data_t\")\n",
+    "print(\"Starting to poll... (Ctrl+C to stop)\")\n",
+    "print(\"Try running: fork() or clone() system calls to trigger events\")\n",
+    "\n",
+    "try:\n",
+    "    while True:\n",
+    "        b[\"events\"].poll(1000)\n",
+    "except KeyboardInterrupt:\n",
+    "    print(\"Stopping...\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "94a588d9-3a40-437c-a35b-fc40410f3eb7",
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.13.3"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
--- a/BCC-Examples/sync_perf_output.py
+++ b/BCC-Examples/sync_perf_output.py
@ -0,0 +1,75 @@
+from pythonbpf import bpf, map, struct, section, bpfglobal, BPF
+from pythonbpf.helper import ktime
+from pythonbpf.maps import HashMap, PerfEventArray
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@struct
+class data_t:
+    ts: c_int64
+    ms: c_int64
+
+
+@bpf
+@map
+def events() -> PerfEventArray:
+    return PerfEventArray(key_size=c_int64, value_size=c_int64)
+
+
+@bpf
+@map
+def last() -> HashMap:
+    return HashMap(key=c_int64, value=c_int64, max_entries=1)
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_sync")
+def do_trace(ctx: c_void_p) -> c_int64:
+    dat, dat.ts, key = data_t(), ktime(), 0
+    tsp = last.lookup(key)
+    if tsp:
+        delta = ktime() - tsp
+        if delta < 1000000000:
+            dat.ms = delta // 1000000
+            events.output(dat)
+        last.delete(key)
+    else:
+        last.update(key, ktime())
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Compile and load
+b = BPF()
+b.load()
+b.attach_all()
+
+print("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+
+
+def callback(cpu, event):
+    global start
+    if start == 0:
+        start = event.ts
+    event.ts -= start
+    print(
+        f"At time {event.ts / 1e9} s: Multiple sync detected, Last sync: {event.ms} ms ago"
+    )
+
+
+perf = b["events"].open_perf_buffer(callback, struct_name="data_t")
+print("Starting to poll... (Ctrl+C to stop)")
+try:
+    while True:
+        b["events"].poll(1000)
+except KeyboardInterrupt:
+    print("Stopping...")
--- a/BCC-Examples/sync_timing.ipynb
+++ b/BCC-Examples/sync_timing.ipynb
@ -0,0 +1,102 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "bfe01ceb-2f27-41b3-b3ba-50ec65cfddda",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pythonbpf import bpf, map, section, bpfglobal, BPF, trace_fields\n",
+    "from pythonbpf.helper import ktime\n",
+    "from pythonbpf.maps import HashMap\n",
+    "\n",
+    "from ctypes import c_void_p, c_int64"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "ddb115f4-20a7-43bc-bb5b-ccbfd6031fc2",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "@bpf\n",
+    "@map\n",
+    "def last() -> HashMap:\n",
+    "    return HashMap(key=c_int64, value=c_int64, max_entries=1)\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@section(\"tracepoint/syscalls/sys_enter_sync\")\n",
+    "def do_trace(ctx: c_void_p) -> c_int64:\n",
+    "    key = 0\n",
+    "    tsp = last.lookup(key)\n",
+    "    if tsp:\n",
+    "        delta = ktime() - tsp\n",
+    "        if delta < 1000000000:\n",
+    "            time_ms = delta // 1000000\n",
+    "            print(f\"{time_ms}\")\n",
+    "        last.delete(key)\n",
+    "    else:\n",
+    "        last.update(key, ktime())\n",
+    "    return 0\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@bpfglobal\n",
+    "def LICENSE() -> str:\n",
+    "    return \"GPL\"\n",
+    "\n",
+    "\n",
+    "# Compile and load\n",
+    "b = BPF()\n",
+    "b.load()\n",
+    "b.attach_all()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "e4f46574-9fd8-46e7-9c7b-27a36d07f200",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "print(\"Tracing for quick sync's... Ctrl-C to end\")\n",
+    "\n",
+    "# format output\n",
+    "start = 0\n",
+    "while True:\n",
+    "    try:\n",
+    "        task, pid, cpu, flags, ts, ms = trace_fields()\n",
+    "        if start == 0:\n",
+    "            start = ts\n",
+    "        ts -= start\n",
+    "        print(f\"At time {ts} s: Multiple syncs detected, last {ms} ms ago\")\n",
+    "    except KeyboardInterrupt:\n",
+    "        exit()"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.13.3"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
--- a/BCC-Examples/sync_timing.py
+++ b/BCC-Examples/sync_timing.py
@ -0,0 +1,53 @@
+from pythonbpf import bpf, map, section, bpfglobal, BPF, trace_fields
+from pythonbpf.helper import ktime
+from pythonbpf.maps import HashMap
+
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@map
+def last() -> HashMap:
+    return HashMap(key=c_int64, value=c_int64, max_entries=1)
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_sync")
+def do_trace(ctx: c_void_p) -> c_int64:
+    key = 0
+    tsp = last.lookup(key)
+    if tsp:
+        delta = ktime() - tsp
+        if delta < 1000000000:
+            time_ms = delta // 1000000
+            print(f"{time_ms}")
+        last.delete(key)
+    else:
+        last.update(key, ktime())
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Compile and load
+b = BPF()
+b.load()
+b.attach_all()
+
+print("Tracing for quick sync's... Ctrl-C to end")
+
+# format output
+start = 0
+while True:
+    try:
+        task, pid, cpu, flags, ts, ms = trace_fields()
+        if start == 0:
+            start = ts
+        ts -= start
+        print(f"At time {ts} s: Multiple syncs detected, last {ms} ms ago")
+    except KeyboardInterrupt:
+        exit()
--- a/BCC-Examples/sys_sync.ipynb
+++ b/BCC-Examples/sys_sync.ipynb
@ -0,0 +1,73 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "bb49598f-b9cc-4ea8-8391-923cad513711",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe\n",
+    "from ctypes import c_void_p, c_int64"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "5da237b0-1c7d-4ec5-8c24-696b1c1d97fa",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "@bpf\n",
+    "@section(\"tracepoint/syscalls/sys_enter_sync\")\n",
+    "def hello_world(ctx: c_void_p) -> c_int64:\n",
+    "    print(\"sys_sync() called\")\n",
+    "    return 0\n",
+    "\n",
+    "\n",
+    "@bpf\n",
+    "@bpfglobal\n",
+    "def LICENSE() -> str:\n",
+    "    return \"GPL\"\n",
+    "\n",
+    "\n",
+    "# Compile and load\n",
+    "b = BPF()\n",
+    "b.load()\n",
+    "b.attach_all()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "e4c218ac-fe47-4fd1-a27b-c07e02f3cd05",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "print(\"Tracing sys_sync()... Ctrl-C to end.\")\n",
+    "trace_pipe()"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.13.3"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
--- a/BCC-Examples/sys_sync.py
+++ b/BCC-Examples/sys_sync.py
@ -0,0 +1,23 @@
+from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_sync")
+def hello_world(ctx: c_void_p) -> c_int64:
+    print("sys_sync() called")
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Compile and load
+b = BPF()
+b.load()
+b.attach_all()
+print("Tracing sys_sync()... Ctrl-C to end.")
+trace_pipe()
--- a/BCC-Examples/vfsreadlat.ipynb
+++ b/BCC-Examples/vfsreadlat.ipynb
--- a/BCC-Examples/vfsreadlat.py
+++ b/BCC-Examples/vfsreadlat.py
@ -0,0 +1,127 @@
+from pythonbpf import bpf, map, struct, section, bpfglobal, BPF
+from pythonbpf.helper import ktime, pid
+from pythonbpf.maps import HashMap, PerfEventArray
+from ctypes import c_void_p, c_uint64
+import matplotlib.pyplot as plt
+import numpy as np
+
+
+@bpf
+@struct
+class latency_event:
+    pid: c_uint64
+    delta_us: c_uint64  # Latency in microseconds
+
+
+@bpf
+@map
+def start() -> HashMap:
+    return HashMap(key=c_uint64, value=c_uint64, max_entries=10240)
+
+
+@bpf
+@map
+def events() -> PerfEventArray:
+    return PerfEventArray(key_size=c_uint64, value_size=c_uint64)
+
+
+@bpf
+@section("kprobe/vfs_read")
+def do_entry(ctx: c_void_p) -> c_uint64:
+    p, ts = pid(), ktime()
+    start.update(p, ts)
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@section("kretprobe/vfs_read")
+def do_return(ctx: c_void_p) -> c_uint64:
+    p = pid()
+    tsp = start.lookup(p)
+
+    if tsp:
+        delta_ns = ktime() - tsp
+
+        # Only track if latency > 1 microsecond
+        if delta_ns > 1000:
+            evt = latency_event()
+            evt.pid, evt.delta_us = p, delta_ns // 1000
+            events.output(evt)
+
+        start.delete(p)
+
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Load BPF
+print("Loading BPF program...")
+b = BPF()
+b.load()
+b.attach_all()
+
+# Collect latencies
+latencies = []
+
+
+def callback(cpu, event):
+    latencies.append(event.delta_us)
+
+
+b["events"].open_perf_buffer(callback, struct_name="latency_event")
+
+print("Tracing vfs_read latency... Hit Ctrl-C to end.")
+
+try:
+    while True:
+        b["events"].poll(1000)
+        if len(latencies) > 0 and len(latencies) % 1000 == 0:
+            print(f"Collected {len(latencies)} samples...")
+
+except KeyboardInterrupt:
+    print(f"Collected {len(latencies)} samples. Generating histogram...")
+
+# Create histogram with matplotlib
+if latencies:
+    # Use log scale for better visualization
+    log_latencies = np.log2(latencies)
+
+    plt.figure(figsize=(12, 6))
+
+    # Plot 1: Linear histogram
+    plt.subplot(1, 2, 1)
+    plt.hist(latencies, bins=50, edgecolor="black", alpha=0.7)
+    plt.xlabel("Latency (microseconds)")
+    plt.ylabel("Count")
+    plt.title("VFS Read Latency Distribution (Linear)")
+    plt.grid(True, alpha=0.3)
+
+    # Plot 2: Log2 histogram (like BCC)
+    plt.subplot(1, 2, 2)
+    plt.hist(log_latencies, bins=50, edgecolor="black", alpha=0.7, color="orange")
+    plt.xlabel("log2(Latency in µs)")
+    plt.ylabel("Count")
+    plt.title("VFS Read Latency Distribution (Log2)")
+    plt.grid(True, alpha=0.3)
+
+    # Add statistics
+    print("Statistics:")
+    print(f"  Count:  {len(latencies)}")
+    print(f"  Min:    {min(latencies)} µs")
+    print(f"  Max:    {max(latencies)} µs")
+    print(f"  Mean:   {np.mean(latencies):.2f} µs")
+    print(f"  Median: {np.median(latencies):.2f} µs")
+    print(f"  P95:    {np.percentile(latencies, 95):.2f} µs")
+    print(f"  P99:    {np.percentile(latencies, 99):.2f} µs")
+
+    plt.tight_layout()
+    plt.savefig("vfs_read_latency.png", dpi=150)
+    print("Histogram saved to vfs_read_latency.png")
+    plt.show()
+else:
+    print("No samples collected!")
--- a/BCC-Examples/vfsreadlat_plotly/bpf_program.py
+++ b/BCC-Examples/vfsreadlat_plotly/bpf_program.py
@ -0,0 +1,101 @@
+"""BPF program for tracing VFS read latency."""
+
+from pythonbpf import bpf, map, struct, section, bpfglobal, BPF
+from pythonbpf.helper import ktime, pid
+from pythonbpf.maps import HashMap, PerfEventArray
+from ctypes import c_void_p, c_uint64
+import argparse
+from data_collector import LatencyCollector
+from dashboard import LatencyDashboard
+
+
+@bpf
+@struct
+class latency_event:
+    pid: c_uint64
+    delta_us: c_uint64
+
+
+@bpf
+@map
+def start() -> HashMap:
+    """Map to store start timestamps by PID."""
+    return HashMap(key=c_uint64, value=c_uint64, max_entries=10240)
+
+
+@bpf
+@map
+def events() -> PerfEventArray:
+    """Perf event array for sending latency events to userspace."""
+    return PerfEventArray(key_size=c_uint64, value_size=c_uint64)
+
+
+@bpf
+@section("kprobe/vfs_read")
+def do_entry(ctx: c_void_p) -> c_uint64:
+    """Record start time when vfs_read is called."""
+    p, ts = pid(), ktime()
+    start.update(p, ts)
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@section("kretprobe/vfs_read")
+def do_return(ctx: c_void_p) -> c_uint64:
+    """Calculate and record latency when vfs_read returns."""
+    p = pid()
+    tsp = start.lookup(p)
+
+    if tsp:
+        delta_ns = ktime() - tsp
+
+        # Only track latencies > 1 microsecond
+        if delta_ns > 1000:
+            evt = latency_event()
+            evt.pid, evt.delta_us = p, delta_ns // 1000
+            events.output(evt)
+
+        start.delete(p)
+
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+def parse_args():
+    """Parse command line arguments."""
+    parser = argparse.ArgumentParser(
+        description="Monitor VFS read latency with live dashboard"
+    )
+    parser.add_argument(
+        "--host", default="0.0.0.0", help="Dashboard host (default: 0.0.0.0)"
+    )
+    parser.add_argument(
+        "--port", type=int, default=8050, help="Dashboard port (default: 8050)"
+    )
+    parser.add_argument(
+        "--buffer", type=int, default=10000, help="Recent data buffer size"
+    )
+    return parser.parse_args()
+
+
+args = parse_args()
+
+# Load BPF program
+print("Loading BPF program...")
+b = BPF()
+b.load()
+b.attach_all()
+print("✅ BPF program loaded and attached")
+
+# Setup data collector
+collector = LatencyCollector(b, buffer_size=args.buffer)
+collector.start()
+
+# Create and run dashboard
+dashboard = LatencyDashboard(collector)
+dashboard.run(host=args.host, port=args.port)
--- a/BCC-Examples/vfsreadlat_plotly/dashboard.py
+++ b/BCC-Examples/vfsreadlat_plotly/dashboard.py
@ -0,0 +1,282 @@
+"""Plotly Dash dashboard for visualizing latency data."""
+
+import dash
+from dash import dcc, html
+from dash.dependencies import Input, Output
+import plotly.graph_objects as go
+from plotly.subplots import make_subplots
+import numpy as np
+
+
+class LatencyDashboard:
+    """Interactive dashboard for latency visualization."""
+
+    def __init__(self, collector, title: str = "VFS Read Latency Monitor"):
+        self.collector = collector
+        self.app = dash.Dash(__name__)
+        self.app.title = title
+        self._setup_layout()
+        self._setup_callbacks()
+
+    def _setup_layout(self):
+        """Create dashboard layout."""
+        self.app.layout = html.Div(
+            [
+                html.H1(
+                    "🔥 VFS Read Latency Dashboard",
+                    style={
+                        "textAlign": "center",
+                        "color": "#2c3e50",
+                        "marginBottom": 20,
+                    },
+                ),
+                # Stats cards
+                html.Div(
+                    [
+                        self._create_stat_card(
+                            "total-samples", "📊 Total Samples", "#3498db"
+                        ),
+                        self._create_stat_card(
+                            "mean-latency", "⚡ Mean Latency", "#e74c3c"
+                        ),
+                        self._create_stat_card(
+                            "p99-latency", "🔥 P99 Latency", "#f39c12"
+                        ),
+                    ],
+                    style={
+                        "display": "flex",
+                        "justifyContent": "space-around",
+                        "marginBottom": 30,
+                    },
+                ),
+                # Graphs - ✅ Make sure these IDs match the callback outputs
+                dcc.Graph(id="dual-histogram", style={"height": "450px"}),
+                dcc.Graph(id="log2-buckets", style={"height": "350px"}),
+                dcc.Graph(id="timeseries-graph", style={"height": "300px"}),
+                # Auto-update
+                dcc.Interval(id="interval-component", interval=1000, n_intervals=0),
+            ],
+            style={"padding": 20, "fontFamily": "Arial, sans-serif"},
+        )
+
+    def _create_stat_card(self, id_name: str, title: str, color: str):
+        """Create a statistics card."""
+        return html.Div(
+            [
+                html.H3(title, style={"color": color}),
+                html.H2(id=id_name, style={"fontSize": 48, "color": "#2c3e50"}),
+            ],
+            className="stat-box",
+            style={
+                "background": "white",
+                "padding": 20,
+                "borderRadius": 10,
+                "boxShadow": "0 4px 6px rgba(0,0,0,0.1)",
+                "textAlign": "center",
+                "flex": 1,
+                "margin": "0 10px",
+            },
+        )
+
+    def _setup_callbacks(self):
+        """Setup dashboard callbacks."""
+
+        @self.app.callback(
+            [
+                Output("total-samples", "children"),
+                Output("mean-latency", "children"),
+                Output("p99-latency", "children"),
+                Output("dual-histogram", "figure"),  # ✅ Match layout IDs
+                Output("log2-buckets", "figure"),  # ✅ Match layout IDs
+                Output("timeseries-graph", "figure"),  # ✅ Match layout IDs
+            ],
+            [Input("interval-component", "n_intervals")],
+        )
+        def update_dashboard(n):
+            stats = self.collector.get_stats()
+
+            if stats.total == 0:
+                return self._empty_state()
+
+            return (
+                f"{stats.total:,}",
+                f"{stats.mean:.1f} µs",
+                f"{stats.p99:.1f} µs",
+                self._create_dual_histogram(),
+                self._create_log2_buckets(),
+                self._create_timeseries(),
+            )
+
+    def _empty_state(self):
+        """Return empty state for dashboard."""
+        empty_fig = go.Figure()
+        empty_fig.update_layout(
+            title="Waiting for data... Generate some disk I/O!", template="plotly_white"
+        )
+        # ✅ Return 6 values (3 stats + 3 figures)
+        return "0", "0 µs", "0 µs", empty_fig, empty_fig, empty_fig
+
+    def _create_dual_histogram(self) -> go.Figure:
+        """Create side-by-side linear and log2 histograms."""
+        latencies = self.collector.get_all_latencies()
+
+        # Create subplots
+        fig = make_subplots(
+            rows=1,
+            cols=2,
+            subplot_titles=("Linear Scale", "Log2 Scale"),
+            horizontal_spacing=0.12,
+        )
+
+        # Linear histogram
+        fig.add_trace(
+            go.Histogram(
+                x=latencies,
+                nbinsx=50,
+                marker_color="rgb(55, 83, 109)",
+                opacity=0.75,
+                name="Linear",
+            ),
+            row=1,
+            col=1,
+        )
+
+        # Log2 histogram
+        log2_latencies = np.log2(latencies + 1)  # +1 to avoid log2(0)
+        fig.add_trace(
+            go.Histogram(
+                x=log2_latencies,
+                nbinsx=30,
+                marker_color="rgb(243, 156, 18)",
+                opacity=0.75,
+                name="Log2",
+            ),
+            row=1,
+            col=2,
+        )
+
+        # Update axes
+        fig.update_xaxes(title_text="Latency (µs)", row=1, col=1)
+        fig.update_xaxes(title_text="log2(Latency in µs)", row=1, col=2)
+        fig.update_yaxes(title_text="Count", row=1, col=1)
+        fig.update_yaxes(title_text="Count", row=1, col=2)
+
+        fig.update_layout(
+            title_text="📊 Latency Distribution (Linear vs Log2)",
+            template="plotly_white",
+            showlegend=False,
+            height=450,
+        )
+
+        return fig
+
+    def _create_log2_buckets(self) -> go.Figure:
+        """Create bar chart of log2 buckets (like BCC histogram)."""
+        buckets = self.collector.get_histogram_buckets()
+
+        if not buckets:
+            fig = go.Figure()
+            fig.update_layout(
+                title="🔥 Log2 Histogram - Waiting for data...", template="plotly_white"
+            )
+            return fig
+
+        # Sort buckets
+        sorted_buckets = sorted(buckets.keys())
+        counts = [buckets[b] for b in sorted_buckets]
+
+        # Create labels (e.g., "8-16µs", "16-32µs")
+        labels = []
+        hover_text = []
+        for bucket in sorted_buckets:
+            lower = 2**bucket
+            upper = 2 ** (bucket + 1)
+            labels.append(f"{lower}-{upper}")
+
+            # Calculate percentage
+            total = sum(counts)
+            pct = (buckets[bucket] / total) * 100 if total > 0 else 0
+            hover_text.append(
+                f"Range: {lower}-{upper} µs<br>"
+                f"Count: {buckets[bucket]:,}<br>"
+                f"Percentage: {pct:.2f}%"
+            )
+
+        # Create bar chart
+        fig = go.Figure()
+
+        fig.add_trace(
+            go.Bar(
+                x=labels,
+                y=counts,
+                marker=dict(
+                    color=counts,
+                    colorscale="YlOrRd",
+                    showscale=True,
+                    colorbar=dict(title="Count"),
+                ),
+                text=counts,
+                textposition="outside",
+                hovertext=hover_text,
+                hoverinfo="text",
+            )
+        )
+
+        fig.update_layout(
+            title="🔥 Log2 Histogram (BCC-style buckets)",
+            xaxis_title="Latency Range (µs)",
+            yaxis_title="Count",
+            template="plotly_white",
+            height=350,
+            xaxis=dict(tickangle=-45),
+        )
+
+        return fig
+
+    def _create_timeseries(self) -> go.Figure:
+        """Create time series figure."""
+        recent = self.collector.get_recent_latencies()
+
+        if not recent:
+            fig = go.Figure()
+            fig.update_layout(
+                title="⏱️ Real-time Latency - Waiting for data...",
+                template="plotly_white",
+            )
+            return fig
+
+        times = [d["time"] for d in recent]
+        lats = [d["latency"] for d in recent]
+
+        fig = go.Figure()
+        fig.add_trace(
+            go.Scatter(
+                x=times,
+                y=lats,
+                mode="lines",
+                line=dict(color="rgb(231, 76, 60)", width=2),
+                fill="tozeroy",
+                fillcolor="rgba(231, 76, 60, 0.2)",
+            )
+        )
+
+        fig.update_layout(
+            title="⏱️ Real-time Latency (Last 10,000 samples)",
+            xaxis_title="Time (seconds)",
+            yaxis_title="Latency (µs)",
+            template="plotly_white",
+            height=300,
+        )
+
+        return fig
+
+    def run(self, host: str = "0.0.0.0", port: int = 8050, debug: bool = False):
+        """Run the dashboard server."""
+        print(f"\n{'=' * 60}")
+        print(f"🚀 Dashboard running at: http://{host}:{port}")
+        print("   Access from your browser to see live graphs")
+        print(
+            "   Generate disk I/O to see data: dd if=/dev/zero of=/tmp/test bs=1M count=100"
+        )
+        print(f"{'=' * 60}\n")
+        self.app.run(debug=debug, host=host, port=port)
--- a/BCC-Examples/vfsreadlat_plotly/data_collector.py
+++ b/BCC-Examples/vfsreadlat_plotly/data_collector.py
@ -0,0 +1,96 @@
+"""Data collection and management."""
+
+import threading
+import time
+import numpy as np
+from collections import deque
+from dataclasses import dataclass
+from typing import List, Dict
+
+
+@dataclass
+class LatencyStats:
+    """Statistics computed from latency data."""
+
+    total: int = 0
+    mean: float = 0.0
+    median: float = 0.0
+    min: float = 0.0
+    max: float = 0.0
+    p95: float = 0.0
+    p99: float = 0.0
+
+    @classmethod
+    def from_array(cls, data: np.ndarray) -> "LatencyStats":
+        """Compute stats from numpy array."""
+        if len(data) == 0:
+            return cls()
+
+        return cls(
+            total=len(data),
+            mean=float(np.mean(data)),
+            median=float(np.median(data)),
+            min=float(np.min(data)),
+            max=float(np.max(data)),
+            p95=float(np.percentile(data, 95)),
+            p99=float(np.percentile(data, 99)),
+        )
+
+
+class LatencyCollector:
+    """Collects and manages latency data from BPF."""
+
+    def __init__(self, bpf_object, buffer_size: int = 10000):
+        self.bpf = bpf_object
+        self.all_latencies: List[float] = []
+        self.recent_latencies = deque(maxlen=buffer_size)  # type: ignore [var-annotated]
+        self.start_time = time.time()
+        self._lock = threading.Lock()
+        self._poll_thread = None
+
+    def callback(self, cpu: int, event):
+        """Callback for BPF events."""
+        with self._lock:
+            self.all_latencies.append(event.delta_us)
+            self.recent_latencies.append(
+                {"time": time.time() - self.start_time, "latency": event.delta_us}
+            )
+
+    def start(self):
+        """Start collecting data."""
+        self.bpf["events"].open_perf_buffer(self.callback, struct_name="latency_event")
+
+        def poll_loop():
+            while True:
+                self.bpf["events"].poll(100)
+
+        self._poll_thread = threading.Thread(target=poll_loop, daemon=True)
+        self._poll_thread.start()
+        print("✅ Data collection started")
+
+    def get_all_latencies(self) -> np.ndarray:
+        """Get all latencies as numpy array."""
+        with self._lock:
+            return np.array(self.all_latencies) if self.all_latencies else np.array([])
+
+    def get_recent_latencies(self) -> List[Dict]:
+        """Get recent latencies with timestamps."""
+        with self._lock:
+            return list(self.recent_latencies)
+
+    def get_stats(self) -> LatencyStats:
+        """Compute current statistics."""
+        return LatencyStats.from_array(self.get_all_latencies())
+
+    def get_histogram_buckets(self) -> Dict[int, int]:
+        """Get log2 histogram buckets."""
+        latencies = self.get_all_latencies()
+        if len(latencies) == 0:
+            return {}
+
+        log_buckets = np.floor(np.log2(latencies + 1)).astype(int)
+        buckets = {}  # type: ignore [var-annotated]
+        for bucket in log_buckets:
+            buckets[bucket] = buckets.get(bucket, 0) + 1
+
+        return buckets
--- a/BCC-Examples/vfsreadlat_rich.py
+++ b/BCC-Examples/vfsreadlat_rich.py
@ -0,0 +1,178 @@
+from pythonbpf import bpf, map, struct, section, bpfglobal, BPF
+from pythonbpf.helper import ktime, pid
+from pythonbpf.maps import HashMap, PerfEventArray
+from ctypes import c_void_p, c_uint64
+
+from rich.console import Console
+from rich.live import Live
+from rich.table import Table
+from rich.panel import Panel
+from rich.layout import Layout
+import numpy as np
+import threading
+import time
+from collections import Counter
+
+# ==================== BPF Setup ====================
+
+
+@bpf
+@struct
+class latency_event:
+    pid: c_uint64
+    delta_us: c_uint64
+
+
+@bpf
+@map
+def start() -> HashMap:
+    return HashMap(key=c_uint64, value=c_uint64, max_entries=10240)
+
+
+@bpf
+@map
+def events() -> PerfEventArray:
+    return PerfEventArray(key_size=c_uint64, value_size=c_uint64)
+
+
+@bpf
+@section("kprobe/vfs_read")
+def do_entry(ctx: c_void_p) -> c_uint64:
+    p, ts = pid(), ktime()
+    start.update(p, ts)
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@section("kretprobe/vfs_read")
+def do_return(ctx: c_void_p) -> c_uint64:
+    p = pid()
+    tsp = start.lookup(p)
+
+    if tsp:
+        delta_ns = ktime() - tsp
+
+        if delta_ns > 1000:
+            evt = latency_event()
+            evt.pid, evt.delta_us = p, delta_ns // 1000
+            events.output(evt)
+
+        start.delete(p)
+
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+console = Console()
+console.print("[bold green]Loading BPF program...[/]")
+
+b = BPF()
+b.load()
+b.attach_all()
+
+# ==================== Data Collection ====================
+
+all_latencies = []
+histogram_buckets = Counter()  # type: ignore [var-annotated]
+
+
+def callback(cpu, event):
+    all_latencies.append(event.delta_us)
+    # Create log2 bucket
+    bucket = int(np.floor(np.log2(event.delta_us + 1)))
+    histogram_buckets[bucket] += 1
+
+
+b["events"].open_perf_buffer(callback, struct_name="latency_event")
+
+
+def poll_events():
+    while True:
+        b["events"].poll(100)
+
+
+poll_thread = threading.Thread(target=poll_events, daemon=True)
+poll_thread.start()
+
+# ==================== Live Display ====================
+
+
+def generate_display():
+    layout = Layout()
+    layout.split_column(
+        Layout(name="header", size=3),
+        Layout(name="stats", size=8),
+        Layout(name="histogram", size=20),
+    )
+
+    # Header
+    layout["header"].update(
+        Panel("[bold cyan]🔥 VFS Read Latency Monitor[/]", style="bold white on blue")
+    )
+
+    # Stats
+    if len(all_latencies) > 0:
+        lats = np.array(all_latencies)
+        stats_table = Table(show_header=False, box=None, padding=(0, 2))
+        stats_table.add_column(style="bold cyan")
+        stats_table.add_column(style="bold yellow")
+
+        stats_table.add_row("📊 Total Samples:", f"{len(lats):,}")
+        stats_table.add_row("⚡ Mean Latency:", f"{np.mean(lats):.2f} µs")
+        stats_table.add_row("📉 Min Latency:", f"{np.min(lats):.2f} µs")
+        stats_table.add_row("📈 Max Latency:", f"{np.max(lats):.2f} µs")
+        stats_table.add_row("🎯 P95 Latency:", f"{np.percentile(lats, 95):.2f} µs")
+        stats_table.add_row("🔥 P99 Latency:", f"{np.percentile(lats, 99):.2f} µs")
+
+        layout["stats"].update(
+            Panel(stats_table, title="Statistics", border_style="green")
+        )
+    else:
+        layout["stats"].update(
+            Panel("[yellow]Waiting for data...[/]", border_style="yellow")
+        )
+
+    # Histogram
+    if histogram_buckets:
+        hist_table = Table(title="Latency Distribution", box=None)
+        hist_table.add_column("Range", style="cyan", no_wrap=True)
+        hist_table.add_column("Count", justify="right", style="yellow")
+        hist_table.add_column("Distribution", style="green")
+
+        max_count = max(histogram_buckets.values())
+
+        for bucket in sorted(histogram_buckets.keys()):
+            count = histogram_buckets[bucket]
+            lower = 2**bucket
+            upper = 2 ** (bucket + 1)
+
+            # Create bar
+            bar_width = int((count / max_count) * 40)
+            bar = "█" * bar_width
+
+            hist_table.add_row(
+                f"{lower:5d}-{upper:5d} µs",
+                f"{count:6d}",
+                f"[green]{bar}[/] {count / len(all_latencies) * 100:.1f}%",
+            )
+
+        layout["histogram"].update(Panel(hist_table, border_style="green"))
+
+    return layout
+
+
+try:
+    with Live(generate_display(), refresh_per_second=2, console=console) as live:
+        while True:
+            time.sleep(0.5)
+            live.update(generate_display())
+except KeyboardInterrupt:
+    console.print("\n[bold red]Stopping...[/]")
+
+    if all_latencies:
+        console.print(f"\n[bold green]✅ Collected {len(all_latencies):,} samples[/]")
--- a/README.md
+++ b/README.md
@ -40,6 +40,12 @@ Python-BPF is an LLVM IR generator for eBPF programs written in Python. It uses

 ---

+## Try It Out!
+Run
+```bash
+curl -s https://raw.githubusercontent.com/pythonbpf/Python-BPF/refs/heads/master/tools/setup.sh | sudo bash
+```
+
 ## Installation

 Dependencies:
--- a/examples/binops_demo.py
+++ b/examples/binops_demo.py
@ -21,17 +21,17 @@ def last() -> HashMap:
@section("tracepoint/syscalls/sys_enter_execve")
 def do_trace(ctx: c_void_p) -> c_int64:
    key = 0
-    tsp = last().lookup(key)
+    tsp = last.lookup(key)
    if tsp:
        kt = ktime()
        delta = kt - tsp
        if delta < 1000000000:
            time_ms = delta // 1000000
            print(f"Execve syscall entered within last second, last {time_ms} ms ago")
-        last().delete(key)
+        last.delete(key)
    else:
        kt = ktime()
-        last().update(key, kt)
+        last.update(key, kt)
    return c_int64(0)


--- a/examples/clone-matplotlib.ipynb
+++ b/examples/clone-matplotlib.ipynb
--- a/examples/clone_plot.py
+++ b/examples/clone_plot.py
@ -3,7 +3,6 @@ import time
 from pythonbpf import bpf, map, section, bpfglobal, BPF
 from pythonbpf.helper import pid
 from pythonbpf.maps import HashMap
-from pylibbpf import BpfMap
 from ctypes import c_void_p, c_int64, c_uint64, c_int32
 import matplotlib.pyplot as plt

@ -26,14 +25,14 @@ def hist() -> HashMap:
 def hello(ctx: c_void_p) -> c_int64:
    process_id = pid()
    one = 1
-    prev = hist().lookup(process_id)
+    prev = hist.lookup(process_id)
    if prev:
        previous_value = prev + 1
        print(f"count: {previous_value} with {process_id}")
-        hist().update(process_id, previous_value)
+        hist.update(process_id, previous_value)
        return c_int64(0)
    else:
-        hist().update(process_id, one)
+        hist.update(process_id, one)
    return c_int64(0)


@ -44,12 +43,12 @@ def LICENSE() -> str:


 b = BPF()
-b.load_and_attach()
-hist = BpfMap(b, hist)
+b.load()
+b.attach_all()
 print("Recording")
 time.sleep(10)

-counts = list(hist.values())
+counts = list(b["hist"].values())

 plt.hist(counts, bins=20)
 plt.xlabel("Clone calls per PID")
--- a/examples/hello_world.py
+++ b/examples/hello_world.py
@ -1,4 +1,4 @@
-from pythonbpf import bpf, section, bpfglobal, BPF
+from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
 from ctypes import c_void_p, c_int64

 # Instructions to how to run this program
@ -21,10 +21,6 @@ def LICENSE() -> str:


 b = BPF()
-b.load_and_attach()
-if b.is_loaded() and b.is_attached():
-    print("Successfully loaded and attached")
-else:
-    print("Could not load successfully")
-
-# Now cat /sys/kernel/debug/tracing/trace_pipe to see results of the execve syscall.
+b.load()
+b.attach_all()
+trace_pipe()
--- a/examples/kprobes.py
+++ b/examples/kprobes.py
@ -1,4 +1,4 @@
-from pythonbpf import bpf, section, bpfglobal, BPF
+from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
 from ctypes import c_void_p, c_int64


@ -23,7 +23,7 @@ def LICENSE() -> str:


 b = BPF()
-b.load_and_attach()
-while True:
-    print("running")
-# Now cat /sys/kernel/debug/tracing/trace_pipe to see results of unlink kprobe.
+b.load()
+b.attach_all()
+print("running")
+trace_pipe()
--- a/examples/xdp_pass.py
+++ b/examples/xdp_pass.py
@ -23,14 +23,14 @@ def count() -> HashMap:
 def hello_world(ctx: c_void_p) -> c_int64:
    key = 0
    one = 1
-    prev = count().lookup(key)
+    prev = count.lookup(key)
    if prev:
        prevval = prev + 1
        print(f"count: {prevval}")
-        count().update(key, prevval)
+        count.update(key, prevval)
        return XDP_PASS
    else:
-        count().update(key, one)
+        count.update(key, one)

    return XDP_PASS

--- a/pyproject.toml
+++ b/pyproject.toml
@ -4,15 +4,29 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "pythonbpf"
-version = "0.1.5"
+version = "0.1.6"
 description = "Reduced Python frontend for eBPF"
 authors = [
  { name = "r41k0u", email="pragyanshchaturvedi18@gmail.com" },
  { name = "varun-r-mallya", email="varunrmallya@gmail.com" }
 ]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "Operating System :: POSIX :: Linux",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+    "Topic :: System :: Operating System Kernels :: Linux",
+]
 readme = "README.md"
 license = {text = "Apache-2.0"}
-requires-python = ">=3.8"
+requires-python = ">=3.10"

 dependencies = [
  "llvmlite",
--- a/pythonbpf/init.py
+++ b/pythonbpf/init.py
@ -1,5 +1,6 @@
 from .decorators import bpf, map, section, bpfglobal, struct
 from .codegen import compile_to_ir, compile, BPF
+from .utils import trace_pipe, trace_fields

 __all__ = [
    "bpf",
@ -10,4 +11,6 @@ __all__ = [
    "compile_to_ir",
    "compile",
    "BPF",
+    "trace_pipe",
+    "trace_fields",
 ]
--- a/pythonbpf/allocation_pass.py
+++ b/pythonbpf/allocation_pass.py
@ -1,75 +1,94 @@
 import ast
 import logging
-
+import ctypes
 from llvmlite import ir
-from dataclasses import dataclass
-from typing import Any
+from .local_symbol import LocalSymbol
 from pythonbpf.helper import HelperHandlerRegistry
+from pythonbpf.vmlinux_parser.dependency_node import Field
+from .expr import VmlinuxHandlerRegistry
 from pythonbpf.type_deducer import ctypes_to_ir
+from pythonbpf.maps import BPFMapType

 logger = logging.getLogger(__name__)


-@dataclass
-class LocalSymbol:
-    var: ir.AllocaInstr
-    ir_type: ir.Type
-    metadata: Any = None
-
-    def __iter__(self):
-        yield self.var
-        yield self.ir_type
-        yield self.metadata
+def create_targets_and_rvals(stmt):
+    """Create lists of targets and right-hand values from an assignment statement."""
+    if isinstance(stmt.targets[0], ast.Tuple):
+        if not isinstance(stmt.value, ast.Tuple):
+            logger.warning("Mismatched multi-target assignment, skipping allocation")
+            return [], []
+        targets, rvals = stmt.targets[0].elts, stmt.value.elts
+        if len(targets) != len(rvals):
+            logger.warning("length of LHS != length of RHS, skipping allocation")
+            return [], []
+        return targets, rvals
+    return stmt.targets, [stmt.value]


-def handle_assign_allocation(builder, stmt, local_sym_tab, structs_sym_tab):
+def handle_assign_allocation(
+    builder, stmt, local_sym_tab, map_sym_tab, structs_sym_tab
+):
    """Handle memory allocation for assignment statements."""

-    # Validate assignment
-    if len(stmt.targets) != 1:
-        logger.warning("Multi-target assignment not supported, skipping allocation")
-        return
+    logger.info(f"Handling assignment for allocation: {ast.dump(stmt)}")

-    target = stmt.targets[0]
+    # NOTE: Support multi-target assignments (e.g.: a, b = 1, 2)
+    targets, rvals = create_targets_and_rvals(stmt)

-    # Skip non-name targets (e.g., struct field assignments)
-    if isinstance(target, ast.Attribute):
-        logger.debug(f"Struct field assignment to {target.attr}, no allocation needed")
-        return
+    for target, rval in zip(targets, rvals):
+        # Skip non-name targets (e.g., struct field assignments)
+        if isinstance(target, ast.Attribute):
+            logger.debug(
+                f"Struct field assignment to {target.attr}, no allocation needed"
+            )
+            continue

-    if not isinstance(target, ast.Name):
-        logger.warning(f"Unsupported assignment target type: {type(target).__name__}")
-        return
+        if not isinstance(target, ast.Name):
+            logger.warning(
+                f"Unsupported assignment target type: {type(target).__name__}"
+            )
+            continue

-    var_name = target.id
-    rval = stmt.value
+        var_name = target.id
+        # Skip if already allocated
+        if var_name in local_sym_tab:
+            logger.debug(f"Variable {var_name} already allocated, skipping")
+            continue

-    # Skip if already allocated
-    if var_name in local_sym_tab:
-        logger.debug(f"Variable {var_name} already allocated, skipping")
-        return
-
-    # Determine type and allocate based on rval
-    if isinstance(rval, ast.Call):
-        _allocate_for_call(builder, var_name, rval, local_sym_tab, structs_sym_tab)
-    elif isinstance(rval, ast.Constant):
-        _allocate_for_constant(builder, var_name, rval, local_sym_tab)
-    elif isinstance(rval, ast.BinOp):
-        _allocate_for_binop(builder, var_name, local_sym_tab)
-    else:
-        logger.warning(
-            f"Unsupported assignment value type for {var_name}: {type(rval).__name__}"
-        )
+        # Determine type and allocate based on rval
+        if isinstance(rval, ast.Call):
+            _allocate_for_call(
+                builder, var_name, rval, local_sym_tab, map_sym_tab, structs_sym_tab
+            )
+        elif isinstance(rval, ast.Constant):
+            _allocate_for_constant(builder, var_name, rval, local_sym_tab)
+        elif isinstance(rval, ast.BinOp):
+            _allocate_for_binop(builder, var_name, local_sym_tab)
+        elif isinstance(rval, ast.Name):
+            # Variable-to-variable assignment (b = a)
+            _allocate_for_name(builder, var_name, rval, local_sym_tab)
+        elif isinstance(rval, ast.Attribute):
+            # Struct field-to-variable assignment (a = dat.fld)
+            _allocate_for_attribute(
+                builder, var_name, rval, local_sym_tab, structs_sym_tab
+            )
+        else:
+            logger.warning(
+                f"Unsupported assignment value type for {var_name}: {type(rval).__name__}"
+            )


-def _allocate_for_call(builder, var_name, rval, local_sym_tab, structs_sym_tab):
+def _allocate_for_call(
+    builder, var_name, rval, local_sym_tab, map_sym_tab, structs_sym_tab
+):
    """Allocate memory for variable assigned from a call."""

    if isinstance(rval.func, ast.Name):
        call_type = rval.func.id

        # C type constructors
-        if call_type in ("c_int32", "c_int64", "c_uint32", "c_uint64"):
+        if call_type in ("c_int32", "c_int64", "c_uint32", "c_uint64", "c_void_p"):
            ir_type = ctypes_to_ir(call_type)
            var = builder.alloca(ir_type, name=var_name)
            var.align = ir_type.width // 8
@ -99,20 +118,91 @@ def _allocate_for_call(builder, var_name, rval, local_sym_tab, structs_sym_tab):
            local_sym_tab[var_name] = LocalSymbol(var, struct_info.ir_type, call_type)
            logger.info(f"Pre-allocated {var_name} for struct {call_type}")

+        elif VmlinuxHandlerRegistry.is_vmlinux_struct(call_type):
+            # When calling struct_name(pointer), we're doing a cast, not construction
+            # So we allocate as a pointer (i64) not as the actual struct
+            var = builder.alloca(ir.IntType(64), name=var_name)
+            var.align = 8
+            local_sym_tab[var_name] = LocalSymbol(
+                var, ir.IntType(64), VmlinuxHandlerRegistry.get_struct_type(call_type)
+            )
+            logger.info(
+                f"Pre-allocated {var_name} for vmlinux struct pointer cast to {call_type}"
+            )
+
        else:
            logger.warning(f"Unknown call type for allocation: {call_type}")

    elif isinstance(rval.func, ast.Attribute):
        # Map method calls - need double allocation for ptr handling
-        _allocate_for_map_method(builder, var_name, local_sym_tab)
+        _allocate_for_map_method(
+            builder, var_name, rval, local_sym_tab, map_sym_tab, structs_sym_tab
+        )

    else:
        logger.warning(f"Unsupported call function type for {var_name}")


-def _allocate_for_map_method(builder, var_name, local_sym_tab):
+def _allocate_for_map_method(
+    builder, var_name, rval, local_sym_tab, map_sym_tab, structs_sym_tab
+):
    """Allocate memory for variable assigned from map method (double alloc)."""

+    map_name = rval.func.value.id
+    method_name = rval.func.attr
+
+    # NOTE: We will have to special case HashMap.lookup which returns a pointer to value type
+    # The value type can be a struct as well, so we need to handle that properly
+    # This special casing is not ideal, as over time other map methods may need similar handling
+    # But for now, we will just handle lookup specifically
+    if map_name not in map_sym_tab:
+        logger.error(f"Map '{map_name}' not found for allocation")
+        return
+
+    if method_name != "lookup":
+        # Fallback allocation for other map methods
+        _allocate_for_map_method_fallback(builder, var_name, local_sym_tab)
+        return
+
+    map_params = map_sym_tab[map_name].params
+    if map_params["type"] != BPFMapType.HASH:
+        logger.warning(
+            "Map method lookup used on non-hash map, using fallback allocation"
+        )
+        _allocate_for_map_method_fallback(builder, var_name, local_sym_tab)
+        return
+
+    value_type = map_params["value"]
+    # Determine IR type for value
+    if isinstance(value_type, str) and value_type in structs_sym_tab:
+        struct_info = structs_sym_tab[value_type]
+        value_ir_type = struct_info.ir_type
+    else:
+        value_ir_type = ctypes_to_ir(value_type)
+
+    if value_ir_type is None:
+        logger.warning(
+            f"Could not determine IR type for map value '{value_type}', using fallback allocation"
+        )
+        _allocate_for_map_method_fallback(builder, var_name, local_sym_tab)
+        return
+
+    # Main variable (pointer to pointer)
+    ir_type = ir.PointerType(ir.IntType(64))
+    var = builder.alloca(ir_type, name=var_name)
+    local_sym_tab[var_name] = LocalSymbol(var, ir_type)
+    # Temporary variable for computed values
+    tmp_ir_type = value_ir_type
+    var_tmp = builder.alloca(tmp_ir_type, name=f"{var_name}_tmp")
+    local_sym_tab[f"{var_name}_tmp"] = LocalSymbol(var_tmp, tmp_ir_type)
+    logger.info(
+        f"Pre-allocated {var_name} and {var_name}_tmp for map method lookup of type {value_ir_type}"
+    )
+
+
+def _allocate_for_map_method_fallback(builder, var_name, local_sym_tab):
+    """Fallback allocation for map method variable (i64* and i64**)."""
+
    # Main variable (pointer to pointer)
    ir_type = ir.PointerType(ir.IntType(64))
    var = builder.alloca(ir_type, name=var_name)
@ -123,7 +213,9 @@ def _allocate_for_map_method(builder, var_name, local_sym_tab):
    var_tmp = builder.alloca(tmp_ir_type, name=f"{var_name}_tmp")
    local_sym_tab[f"{var_name}_tmp"] = LocalSymbol(var_tmp, tmp_ir_type)

-    logger.info(f"Pre-allocated {var_name} and {var_name}_tmp for map method")
+    logger.info(
+        f"Pre-allocated {var_name} and {var_name}_tmp for map method (fallback)"
+    )


 def _allocate_for_constant(builder, var_name, rval, local_sym_tab):
@ -165,14 +257,193 @@ def _allocate_for_binop(builder, var_name, local_sym_tab):
    logger.info(f"Pre-allocated {var_name} for binop result")


+def _get_type_name(ir_type):
+    """Get a string representation of an IR type."""
+    if isinstance(ir_type, ir.IntType):
+        return f"i{ir_type.width}"
+    elif isinstance(ir_type, ir.PointerType):
+        return "ptr"
+    elif isinstance(ir_type, ir.ArrayType):
+        return f"[{ir_type.count}x{_get_type_name(ir_type.element)}]"
+    else:
+        return str(ir_type).replace(" ", "")
+
+
 def allocate_temp_pool(builder, max_temps, local_sym_tab):
    """Allocate the temporary scratch space pool for helper arguments."""
-    if max_temps == 0:
+    if not max_temps:
+        logger.info("No temp pool allocation needed")
        return

-    logger.info(f"Allocating temp pool of {max_temps} variables")
-    for i in range(max_temps):
-        temp_name = f"__helper_temp_{i}"
-        temp_var = builder.alloca(ir.IntType(64), name=temp_name)
-        temp_var.align = 8
-        local_sym_tab[temp_name] = LocalSymbol(temp_var, ir.IntType(64))
+    for tmp_type, cnt in max_temps.items():
+        type_name = _get_type_name(tmp_type)
+        logger.info(f"Allocating temp pool of {cnt} variables of type {type_name}")
+        for i in range(cnt):
+            temp_name = f"__helper_temp_{type_name}_{i}"
+            temp_var = builder.alloca(tmp_type, name=temp_name)
+            temp_var.align = _get_alignment(tmp_type)
+            local_sym_tab[temp_name] = LocalSymbol(temp_var, tmp_type)
+            logger.debug(f"Allocated temp variable: {temp_name}")
+
+
+def _allocate_for_name(builder, var_name, rval, local_sym_tab):
+    """Allocate memory for variable-to-variable assignment (b = a)."""
+    source_var = rval.id
+
+    if source_var not in local_sym_tab:
+        logger.error(f"Source variable '{source_var}' not found in symbol table")
+        return
+
+    # Get type and metadata from source variable
+    source_symbol = local_sym_tab[source_var]
+
+    # Allocate with same type and alignment
+    var = _allocate_with_type(builder, var_name, source_symbol.ir_type)
+    local_sym_tab[var_name] = LocalSymbol(
+        var, source_symbol.ir_type, source_symbol.metadata
+    )
+
+    logger.info(
+        f"Pre-allocated {var_name} from {source_var} with type {source_symbol.ir_type}"
+    )
+
+
+def _allocate_for_attribute(builder, var_name, rval, local_sym_tab, structs_sym_tab):
+    """Allocate memory for struct field-to-variable assignment (a = dat.fld)."""
+    if not isinstance(rval.value, ast.Name):
+        logger.warning(f"Complex attribute access not supported for {var_name}")
+        return
+
+    struct_var = rval.value.id
+    field_name = rval.attr
+
+    # Validate struct and field
+    if struct_var not in local_sym_tab:
+        logger.error(f"Struct variable '{struct_var}' not found")
+        return
+
+    struct_type: type = local_sym_tab[struct_var].metadata
+    if not struct_type or struct_type not in structs_sym_tab:
+        if VmlinuxHandlerRegistry.is_vmlinux_struct(struct_type.__name__):
+            # Handle vmlinux struct field access
+            vmlinux_struct_name = struct_type.__name__
+            if not VmlinuxHandlerRegistry.has_field(vmlinux_struct_name, field_name):
+                logger.error(
+                    f"Field '{field_name}' not found in vmlinux struct '{vmlinux_struct_name}'"
+                )
+                return
+
+            field_type: tuple[ir.GlobalVariable, Field] = (
+                VmlinuxHandlerRegistry.get_field_type(vmlinux_struct_name, field_name)
+            )
+            field_ir, field = field_type
+
+            # Determine the actual IR type based on the field's type
+            actual_ir_type = None
+
+            # Check if it's a ctypes primitive
+            if field.type.__module__ == ctypes.__name__:
+                try:
+                    field_size_bytes = ctypes.sizeof(field.type)
+                    field_size_bits = field_size_bytes * 8
+
+                    if field_size_bits in [8, 16, 32, 64]:
+                        # Special case: struct_xdp_md i32 fields should allocate as i64
+                        # because load_ctx_field will zero-extend them to i64
+                        if (
+                            vmlinux_struct_name == "struct_xdp_md"
+                            and field_size_bits == 32
+                        ):
+                            actual_ir_type = ir.IntType(64)
+                            logger.info(
+                                f"Allocating {var_name} as i64 for i32 field from struct_xdp_md.{field_name} "
+                                "(will be zero-extended during load)"
+                            )
+                        else:
+                            actual_ir_type = ir.IntType(field_size_bits)
+                    else:
+                        logger.warning(
+                            f"Unusual field size {field_size_bits} bits for {field_name}"
+                        )
+                        actual_ir_type = ir.IntType(64)
+                except Exception as e:
+                    logger.warning(
+                        f"Could not determine size for ctypes field {field_name}: {e}"
+                    )
+                    actual_ir_type = ir.IntType(64)
+
+            # Check if it's a nested vmlinux struct or complex type
+            elif field.type.__module__ == "vmlinux":
+                # For pointers to structs, use pointer type (64-bit)
+                if field.ctype_complex_type is not None and issubclass(
+                    field.ctype_complex_type, ctypes._Pointer
+                ):
+                    actual_ir_type = ir.IntType(64)  # Pointer is always 64-bit
+                # For embedded structs, this is more complex - might need different handling
+                else:
+                    logger.warning(
+                        f"Field {field_name} is a nested vmlinux struct, using i64 for now"
+                    )
+                    actual_ir_type = ir.IntType(64)
+            else:
+                logger.warning(
+                    f"Unknown field type module {field.type.__module__} for {field_name}"
+                )
+                actual_ir_type = ir.IntType(64)
+
+            # Allocate with the actual IR type
+            var = _allocate_with_type(builder, var_name, actual_ir_type)
+            local_sym_tab[var_name] = LocalSymbol(
+                var, actual_ir_type, field
+            )  # <-- Store Field metadata
+
+            logger.info(
+                f"Pre-allocated {var_name} as {actual_ir_type} from vmlinux struct {vmlinux_struct_name}.{field_name}"
+            )
+            return
+        else:
+            logger.error(f"Struct type '{struct_type}' not found")
+        return
+
+    struct_info = structs_sym_tab[struct_type]
+    if field_name not in struct_info.fields:
+        logger.error(f"Field '{field_name}' not found in struct '{struct_type}'")
+        return
+
+    # Get field type
+    field_type = struct_info.field_type(field_name)
+
+    # Special case: char array -> allocate as i8* pointer instead
+    if (
+        isinstance(field_type, ir.ArrayType)
+        and isinstance(field_type.element, ir.IntType)
+        and field_type.element.width == 8
+    ):
+        alloc_type = ir.PointerType(ir.IntType(8))
+        logger.info(f"Allocating {var_name} as i8* (pointer to char array)")
+    else:
+        alloc_type = field_type
+
+    var = _allocate_with_type(builder, var_name, alloc_type)
+    local_sym_tab[var_name] = LocalSymbol(var, alloc_type)
+
+    logger.info(
+        f"Pre-allocated {var_name} from {struct_var}.{field_name} with type {alloc_type}"
+    )
+
+
+def _allocate_with_type(builder, var_name, ir_type):
+    """Allocate variable with appropriate alignment for type."""
+    var = builder.alloca(ir_type, name=var_name)
+    var.align = _get_alignment(ir_type)
+    return var
+
+
+def _get_alignment(ir_type):
+    """Get appropriate alignment for IR type."""
+    if isinstance(ir_type, ir.IntType):
+        return ir_type.width // 8
+    elif isinstance(ir_type, ir.ArrayType) and isinstance(ir_type.element, ir.IntType):
+        return ir_type.element.width // 8
+    else:
+        return 8  # Default: pointer size
--- a/pythonbpf/assign_pass.py
+++ b/pythonbpf/assign_pass.py
@ -1,7 +1,12 @@
 import ast
 import logging
+from inspect import isclass
+
 from llvmlite import ir
 from pythonbpf.expr import eval_expr
+from pythonbpf.helper import emit_probe_read_kernel_str_call
+from pythonbpf.type_deducer import ctypes_to_ir
+from pythonbpf.vmlinux_parser.dependency_node import Field

 logger = logging.getLogger(__name__)

@ -27,27 +32,82 @@ def handle_struct_field_assignment(

    # Get field pointer and evaluate value
    field_ptr = struct_info.gep(builder, local_sym_tab[var_name].var, field_name)
-    val = eval_expr(
+    field_type = struct_info.field_type(field_name)
+    val_result = eval_expr(
        func, module, builder, rval, local_sym_tab, map_sym_tab, structs_sym_tab
    )

-    if val is None:
+    if val_result is None:
        logger.error(f"Failed to evaluate value for {var_name}.{field_name}")
        return

-    # TODO: Handle string assignment to char array (not a priority)
-    field_type = struct_info.field_type(field_name)
-    if isinstance(field_type, ir.ArrayType) and val[1] == ir.PointerType(ir.IntType(8)):
-        logger.warning(
-            f"String to char array assignment not implemented for {var_name}.{field_name}"
+    val, val_type = val_result
+
+    # Special case: i8* string to [N x i8] char array
+    if _is_char_array(field_type) and _is_i8_ptr(val_type):
+        _copy_string_to_char_array(
+            func,
+            module,
+            builder,
+            val,
+            field_ptr,
+            field_type,
+            local_sym_tab,
+            map_sym_tab,
+            structs_sym_tab,
        )
+        logger.info(f"Copied string to char array {var_name}.{field_name}")
        return

-    # Store the value
-    builder.store(val[0], field_ptr)
+    # Regular assignment
+    builder.store(val, field_ptr)
    logger.info(f"Assigned to struct field {var_name}.{field_name}")


+def _copy_string_to_char_array(
+    func,
+    module,
+    builder,
+    src_ptr,
+    dst_ptr,
+    array_type,
+    local_sym_tab,
+    map_sym_tab,
+    struct_sym_tab,
+):
+    """Copy string (i8*) to char array ([N x i8]) using bpf_probe_read_kernel_str"""
+
+    array_size = array_type.count
+
+    # Get pointer to first element: [N x i8]* -> i8*
+    dst_i8_ptr = builder.gep(
+        dst_ptr,
+        [ir.Constant(ir.IntType(32), 0), ir.Constant(ir.IntType(32), 0)],
+        inbounds=True,
+    )
+
+    # Use the shared emitter function
+    emit_probe_read_kernel_str_call(builder, dst_i8_ptr, array_size, src_ptr)
+
+
+def _is_char_array(ir_type):
+    """Check if type is [N x i8]."""
+    return (
+        isinstance(ir_type, ir.ArrayType)
+        and isinstance(ir_type.element, ir.IntType)
+        and ir_type.element.width == 8
+    )
+
+
+def _is_i8_ptr(ir_type):
+    """Check if type is i8*."""
+    return (
+        isinstance(ir_type, ir.PointerType)
+        and isinstance(ir_type.pointee, ir.IntType)
+        and ir_type.pointee.width == 8
+    )
+
+
 def handle_variable_assignment(
    func, module, builder, var_name, rval, local_sym_tab, map_sym_tab, structs_sym_tab
 ):
@ -71,6 +131,17 @@ def handle_variable_assignment(
            logger.info(f"Initialized struct {struct_name} for variable {var_name}")
            return True

+    # Special case: struct field char array -> pointer
+    # Handle this before eval_expr to get the pointer, not the value
+    if isinstance(rval, ast.Attribute) and isinstance(rval.value, ast.Name):
+        converted_val = _try_convert_char_array_to_ptr(
+            rval, var_type, builder, local_sym_tab, structs_sym_tab
+        )
+        if converted_val is not None:
+            builder.store(converted_val, var_ptr)
+            logger.info(f"Assigned char array pointer to {var_name}")
+            return True
+
    val_result = eval_expr(
        func, module, builder, rval, local_sym_tab, map_sym_tab, structs_sym_tab
    )
@ -79,9 +150,57 @@ def handle_variable_assignment(
        return False

    val, val_type = val_result
-    logger.info(f"Evaluated value for {var_name}: {val} of type {val_type}, {var_type}")
+    logger.info(
+        f"Evaluated value for {var_name}: {val} of type {val_type}, expected {var_type}"
+    )
+
    if val_type != var_type:
-        if isinstance(val_type, ir.IntType) and isinstance(var_type, ir.IntType):
+        # Handle vmlinux struct pointers - they're represented as Python classes but are i64 pointers
+        if isclass(val_type) and (val_type.__module__ == "vmlinux"):
+            logger.info("Handling vmlinux struct pointer assignment")
+            # vmlinux struct pointers: val is a pointer, need to convert to i64
+            if isinstance(var_type, ir.IntType) and var_type.width == 64:
+                # Convert pointer to i64 using ptrtoint
+                if isinstance(val.type, ir.PointerType):
+                    val = builder.ptrtoint(val, ir.IntType(64))
+                    logger.info(
+                        "Converted vmlinux struct pointer to i64 using ptrtoint"
+                    )
+                builder.store(val, var_ptr)
+                logger.info(f"Assigned vmlinux struct pointer to {var_name} (i64)")
+                return True
+            else:
+                logger.error(
+                    f"Type mismatch: vmlinux struct pointer requires i64, got {var_type}"
+                )
+                return False
+        if isinstance(val_type, Field):
+            logger.info("Handling assignment to struct field")
+            # Special handling for struct_xdp_md i32 fields that are zero-extended to i64
+            # The load_ctx_field already extended them, so val is i64 but val_type.type shows c_uint
+            if (
+                hasattr(val_type, "type")
+                and val_type.type.__name__ == "c_uint"
+                and isinstance(var_type, ir.IntType)
+                and var_type.width == 64
+            ):
+                # This is the struct_xdp_md case - value is already i64
+                builder.store(val, var_ptr)
+                logger.info(
+                    f"Assigned zero-extended struct_xdp_md i32 field to {var_name} (i64)"
+                )
+                return True
+            # TODO: handling only ctype struct fields for now. Handle other stuff too later.
+            elif var_type == ctypes_to_ir(val_type.type.__name__):
+                builder.store(val, var_ptr)
+                logger.info(f"Assigned ctype struct field to {var_name}")
+                return True
+            else:
+                logger.error(
+                    f"Failed to assign ctype struct field to {var_name}: {val_type} != {var_type}"
+                )
+                return False
+        elif isinstance(val_type, ir.IntType) and isinstance(var_type, ir.IntType):
            # Allow implicit int widening
            if val_type.width < var_type.width:
                val = builder.sext(val, var_type)
@ -106,3 +225,52 @@ def handle_variable_assignment(
    builder.store(val, var_ptr)
    logger.info(f"Assigned value to variable {var_name}")
    return True
+
+
+def _try_convert_char_array_to_ptr(
+    rval, var_type, builder, local_sym_tab, structs_sym_tab
+):
+    """Try to convert char array field to i8* pointer"""
+    # Only convert if target is i8*
+    if not (
+        isinstance(var_type, ir.PointerType)
+        and isinstance(var_type.pointee, ir.IntType)
+        and var_type.pointee.width == 8
+    ):
+        return None
+
+    struct_var = rval.value.id
+    field_name = rval.attr
+
+    # Validate struct
+    if struct_var not in local_sym_tab:
+        return None
+
+    struct_type = local_sym_tab[struct_var].metadata
+    if not struct_type or struct_type not in structs_sym_tab:
+        return None
+
+    struct_info = structs_sym_tab[struct_type]
+    if field_name not in struct_info.fields:
+        return None
+
+    field_type = struct_info.field_type(field_name)
+
+    # Check if it's a char array
+    if not (
+        isinstance(field_type, ir.ArrayType)
+        and isinstance(field_type.element, ir.IntType)
+        and field_type.element.width == 8
+    ):
+        return None
+
+    # Get pointer to struct field
+    struct_ptr = local_sym_tab[struct_var].var
+    field_ptr = struct_info.gep(builder, struct_ptr, field_name)
+
+    # GEP to first element: [N x i8]* -> i8*
+    return builder.gep(
+        field_ptr,
+        [ir.Constant(ir.IntType(32), 0), ir.Constant(ir.IntType(32), 0)],
+        inbounds=True,
+    )
--- a/pythonbpf/codegen.py
+++ b/pythonbpf/codegen.py
@ -5,6 +5,8 @@ from .functions import func_proc
 from .maps import maps_proc
 from .structs import structs_proc
 from .vmlinux_parser import vmlinux_proc
+from pythonbpf.vmlinux_parser.vmlinux_exports_handler import VmlinuxHandler
+from .expr import VmlinuxHandlerRegistry
 from .globals_pass import (
    globals_list_creation,
    globals_processing,
@ -15,7 +17,7 @@ import os
 import subprocess
 import inspect
 from pathlib import Path
-from pylibbpf import BpfProgram
+from pylibbpf import BpfObject
 import tempfile
 from logging import Logger
 import logging
@ -23,7 +25,7 @@ import re

 logger: Logger = logging.getLogger(__name__)

-VERSION = "v0.1.5"
+VERSION = "v0.1.6"


 def finalize_module(original_str):
@ -35,6 +37,24 @@ def finalize_module(original_str):
    return re.sub(pattern, replacement, original_str)


+def bpf_passthrough_gen(module):
+    i32_ty = ir.IntType(32)
+    ptr_ty = ir.PointerType(ir.IntType(8))
+    fnty = ir.FunctionType(ptr_ty, [i32_ty, ptr_ty])
+
+    # Declare the intrinsic
+    passthrough = ir.Function(module, fnty, "llvm.bpf.passthrough.p0.p0")
+
+    # Set function attributes
+    # TODO: the ones commented are supposed to be there but cannot be added due to llvmlite limitations at the moment
+    # passthrough.attributes.add("nofree")
+    # passthrough.attributes.add("nosync")
+    passthrough.attributes.add("nounwind")
+    # passthrough.attributes.add("memory(none)")
+
+    return passthrough
+
+
 def find_bpf_chunks(tree):
    """Find all functions decorated with @bpf in the AST."""
    bpf_functions = []
@ -55,16 +75,22 @@ def processor(source_code, filename, module):
    for func_node in bpf_chunks:
        logger.info(f"Found BPF function/struct: {func_node.name}")

-    vmlinux_proc(tree, module)
+    bpf_passthrough_gen(module)
+
+    vmlinux_symtab = vmlinux_proc(tree, module)
+    if vmlinux_symtab:
+        handler = VmlinuxHandler.initialize(vmlinux_symtab)
+        VmlinuxHandlerRegistry.set_handler(handler)
+
    populate_global_symbol_table(tree, module)
    license_processing(tree, module)
    globals_processing(tree, module)
-
    structs_sym_tab = structs_proc(tree, module, bpf_chunks)
-    map_sym_tab = maps_proc(tree, module, bpf_chunks)
+    map_sym_tab = maps_proc(tree, module, bpf_chunks, structs_sym_tab)
    func_proc(tree, module, bpf_chunks, map_sym_tab, structs_sym_tab)

    globals_list_creation(tree, module)
+    return structs_sym_tab, map_sym_tab


 def compile_to_ir(filename: str, output: str, loglevel=logging.INFO):
@ -90,7 +116,7 @@ def compile_to_ir(filename: str, output: str, loglevel=logging.INFO):
            True,
        )

-    processor(source, filename, module)
+    structs_sym_tab, maps_sym_tab = processor(source, filename, module)

    wchar_size = module.add_metadata(
        [
@ -131,7 +157,7 @@ def compile_to_ir(filename: str, output: str, loglevel=logging.INFO):

    module.add_named_metadata("llvm.ident", [f"PythonBPF {VERSION}"])

-    module_string = finalize_module(str(module))
+    module_string: str = finalize_module(str(module))

    logger.info(f"IR written to {output}")
    with open(output, "w") as f:
@ -139,7 +165,7 @@ def compile_to_ir(filename: str, output: str, loglevel=logging.INFO):
        f.write(module_string)
        f.write("\n")

-    return output
+    return output, structs_sym_tab, maps_sym_tab


 def _run_llc(ll_file, obj_file):
@ -169,7 +195,7 @@ def _run_llc(ll_file, obj_file):
        return False


-def compile(loglevel=logging.INFO) -> bool:
+def compile(loglevel=logging.WARNING) -> bool:
    # Look one level up the stack to the caller of this function
    caller_frame = inspect.stack()[1]
    caller_file = Path(caller_frame.filename).resolve()
@ -177,31 +203,32 @@ def compile(loglevel=logging.INFO) -> bool:
    ll_file = Path("/tmp") / caller_file.with_suffix(".ll").name
    o_file = caller_file.with_suffix(".o")

-    success = True
-    success = (
-        compile_to_ir(str(caller_file), str(ll_file), loglevel=loglevel) and success
+    _, structs_sym_tab, maps_sym_tab = compile_to_ir(
+        str(caller_file), str(ll_file), loglevel=loglevel
    )

-    success = _run_llc(ll_file, o_file) and success
+    if not _run_llc(ll_file, o_file):
+        logger.error("Compilation to object file failed.")
+        return False

    logger.info(f"Object written to {o_file}")
-    return success
+    return True


-def BPF(loglevel=logging.INFO) -> BpfProgram:
+def BPF(loglevel=logging.WARNING) -> BpfObject:
    caller_frame = inspect.stack()[1]
    src = inspect.getsource(caller_frame.frame)
-    with tempfile.NamedTemporaryFile(
-        mode="w+", delete=True, suffix=".py"
-    ) as f, tempfile.NamedTemporaryFile(
-        mode="w+", delete=True, suffix=".ll"
-    ) as inter, tempfile.NamedTemporaryFile(
-        mode="w+", delete=False, suffix=".o"
-    ) as obj_file:
+    with (
+        tempfile.NamedTemporaryFile(mode="w+", delete=True, suffix=".py") as f,
+        tempfile.NamedTemporaryFile(mode="w+", delete=True, suffix=".ll") as inter,
+        tempfile.NamedTemporaryFile(mode="w+", delete=False, suffix=".o") as obj_file,
+    ):
        f.write(src)
        f.flush()
        source = f.name
-        compile_to_ir(source, str(inter.name), loglevel=loglevel)
+        _, structs_sym_tab, maps_sym_tab = compile_to_ir(
+            source, str(inter.name), loglevel=loglevel
+        )
        _run_llc(str(inter.name), str(obj_file.name))

-        return BpfProgram(str(obj_file.name))
+        return BpfObject(str(obj_file.name), structs=structs_sym_tab)
--- a/pythonbpf/debuginfo/debug_info_generator.py
+++ b/pythonbpf/debuginfo/debug_info_generator.py
@ -49,6 +49,10 @@ class DebugInfoGenerator:
            )
        return self._type_cache[key]

+    def get_uint8_type(self) -> Any:
+        """Get debug info for signed 8-bit integer"""
+        return self.get_basic_type("char", 8, dc.DW_ATE_unsigned)
+
    def get_int32_type(self) -> Any:
        """Get debug info for signed 32-bit integer"""
        return self.get_basic_type("int", 32, dc.DW_ATE_signed)
@ -81,6 +85,20 @@ class DebugInfoGenerator:
            },
        )

+    def create_array_type_vmlinux(self, type_info: Any, count: int) -> Any:
+        """Create an array type of the given base type with specified count"""
+        base_type, type_sizing = type_info
+        subrange = self.module.add_debug_info("DISubrange", {"count": count})
+        return self.module.add_debug_info(
+            "DICompositeType",
+            {
+                "tag": dc.DW_TAG_array_type,
+                "baseType": base_type,
+                "size": type_sizing,
+                "elements": [subrange],
+            },
+        )
+
    @staticmethod
    def _compute_array_size(base_type: Any, count: int) -> int:
        # Extract size from base_type if possible
@ -101,6 +119,23 @@ class DebugInfoGenerator:
            },
        )

+    def create_struct_member_vmlinux(
+        self, name: str, base_type_with_size: Any, offset: int
+    ) -> Any:
+        """Create a struct member with the given name, type, and offset"""
+        base_type, type_size = base_type_with_size
+        return self.module.add_debug_info(
+            "DIDerivedType",
+            {
+                "tag": dc.DW_TAG_member,
+                "name": name,
+                "file": self.module._file_metadata,
+                "baseType": base_type,
+                "size": type_size,
+                "offset": offset,
+            },
+        )
+
    def create_struct_type(
        self, members: List[Any], size: int, is_distinct: bool
    ) -> Any:
@ -116,6 +151,22 @@ class DebugInfoGenerator:
            is_distinct=is_distinct,
        )

+    def create_struct_type_with_name(
+        self, name: str, members: List[Any], size: int, is_distinct: bool
+    ) -> Any:
+        """Create a struct type with the given members and size"""
+        return self.module.add_debug_info(
+            "DICompositeType",
+            {
+                "name": name,
+                "tag": dc.DW_TAG_structure_type,
+                "file": self.module._file_metadata,
+                "size": size,
+                "elements": members,
+            },
+            is_distinct=is_distinct,
+        )
+
    def create_global_var_debug_info(
        self, name: str, var_type: Any, is_local: bool = False
    ) -> Any:
@ -137,3 +188,83 @@ class DebugInfoGenerator:
            "DIGlobalVariableExpression",
            {"var": global_var, "expr": self.module.add_debug_info("DIExpression", {})},
        )
+
+    def get_int64_type(self):
+        return self.get_basic_type("long", 64, dc.DW_ATE_signed)
+
+    def create_subroutine_type(self, return_type, param_types):
+        """
+        Create a DISubroutineType given return type and list of parameter types.
+        Equivalent to: !DISubroutineType(types: !{ret, args...})
+        """
+        type_array = [return_type]
+        if isinstance(param_types, (list, tuple)):
+            type_array.extend(param_types)
+        else:
+            type_array.append(param_types)
+        return self.module.add_debug_info("DISubroutineType", {"types": type_array})
+
+    def create_local_variable_debug_info(
+        self, name: str, arg: int, var_type: Any
+    ) -> Any:
+        """
+        Create debug info for a local variable (DILocalVariable) without scope.
+        Example:
+        !DILocalVariable(name: "ctx", arg: 1, file: !3, line: 20, type: !7)
+        """
+        return self.module.add_debug_info(
+            "DILocalVariable",
+            {
+                "name": name,
+                "arg": arg,
+                "file": self.module._file_metadata,
+                "type": var_type,
+            },
+        )
+
+    def add_scope_to_local_variable(self, local_variable_debug_info, scope_value):
+        """
+        Add scope information to an existing local variable debug info object.
+        """
+        # TODO: this is a workaround a flaw in the debug info generation. Fix this if possible in the future.
+        # We should not be touching llvmlite's internals like this.
+        if hasattr(local_variable_debug_info, "operands"):
+            # LLVM metadata operands is a tuple, so we need to rebuild it
+            existing_operands = local_variable_debug_info.operands
+
+            # Convert tuple to list, add scope, convert back to tuple
+            operands_list = list(existing_operands)
+            operands_list.append(("scope", scope_value))
+
+            # Reassign the new tuple
+            local_variable_debug_info.operands = tuple(operands_list)
+
+    def create_subprogram(
+        self, name: str, subroutine_type: Any, retained_nodes: List[Any]
+    ) -> Any:
+        """
+        Create a DISubprogram for a function.
+
+        Args:
+            name: Function name
+            subroutine_type: DISubroutineType for the function signature
+            retained_nodes: List of DILocalVariable nodes for function parameters/variables
+
+        Returns:
+            DISubprogram metadata
+        """
+        return self.module.add_debug_info(
+            "DISubprogram",
+            {
+                "name": name,
+                "scope": self.module._file_metadata,
+                "file": self.module._file_metadata,
+                "type": subroutine_type,
+                # TODO: the following flags do not exist at the moment in our dwarf constants file. We need to add them.
+                # "flags": dc.DW_FLAG_Prototyped | dc.DW_FLAG_AllCallsDescribed,
+                # "spFlags": dc.DW_SPFLAG_Definition | dc.DW_SPFLAG_Optimized,
+                "unit": self.module._debug_compile_unit,
+                "retainedNodes": retained_nodes,
+            },
+            is_distinct=True,
+        )
--- a/pythonbpf/expr/init.py
+++ b/pythonbpf/expr/init.py
@ -2,6 +2,7 @@ from .expr_pass import eval_expr, handle_expr, get_operand_value
 from .type_normalization import convert_to_bool, get_base_type_and_depth
 from .ir_ops import deref_to_depth
 from .call_registry import CallHandlerRegistry
+from .vmlinux_registry import VmlinuxHandlerRegistry

 __all__ = [
    "eval_expr",
@ -11,4 +12,5 @@ __all__ = [
    "deref_to_depth",
    "get_operand_value",
    "CallHandlerRegistry",
+    "VmlinuxHandlerRegistry",
 ]
--- a/pythonbpf/expr/expr_pass.py
+++ b/pythonbpf/expr/expr_pass.py
@ -12,6 +12,8 @@ from .type_normalization import (
    get_base_type_and_depth,
    deref_to_depth,
 )
+from .vmlinux_registry import VmlinuxHandlerRegistry
+from ..vmlinux_parser.dependency_node import Field

 logger: Logger = logging.getLogger(__name__)

@ -27,8 +29,12 @@ def _handle_name_expr(expr: ast.Name, local_sym_tab: Dict, builder: ir.IRBuilder
        val = builder.load(var)
        return val, local_sym_tab[expr.id].ir_type
    else:
-        logger.info(f"Undefined variable {expr.id}")
-        return None
+        # Check if it's a vmlinux enum/constant
+        vmlinux_result = VmlinuxHandlerRegistry.handle_name(expr.id)
+        if vmlinux_result is not None:
+            return vmlinux_result
+
+        raise SyntaxError(f"Undefined variable {expr.id}")


 def _handle_constant_expr(module, builder, expr: ast.Constant):
@ -67,9 +73,32 @@ def _handle_attribute_expr(
        if var_name in local_sym_tab:
            var_ptr, var_type, var_metadata = local_sym_tab[var_name]
            logger.info(f"Loading attribute {attr_name} from variable {var_name}")
-            logger.info(f"Variable type: {var_type}, Variable ptr: {var_ptr}")
-            metadata = structs_sym_tab[var_metadata]
-            if attr_name in metadata.fields:
+            logger.info(
+                f"Variable type: {var_type}, Variable ptr: {var_ptr}, Variable Metadata: {var_metadata}"
+            )
+            if (
+                hasattr(var_metadata, "__module__")
+                and var_metadata.__module__ == "vmlinux"
+            ):
+                # Try vmlinux handler when var_metadata is not a string, but has a module attribute.
+                # This has been done to keep everything separate in vmlinux struct handling.
+                vmlinux_result = VmlinuxHandlerRegistry.handle_attribute(
+                    expr, local_sym_tab, None, builder
+                )
+                if vmlinux_result is not None:
+                    return vmlinux_result
+                else:
+                    raise RuntimeError("Vmlinux struct did not process successfully")
+
+            elif isinstance(var_metadata, Field):
+                logger.error(
+                    f"Cannot access field '{attr_name}' on already-loaded field value '{var_name}'"
+                )
+                return None
+
+            # Regular user-defined struct
+            metadata = structs_sym_tab.get(var_metadata)
+            if metadata and attr_name in metadata.fields:
                gep = metadata.gep(builder, var_ptr, attr_name)
                val = builder.load(gep)
                field_type = metadata.field_type(attr_name)
@ -130,7 +159,12 @@ def get_operand_value(
            logger.info(f"var is {var}, base_type is {base_type}, depth is {depth}")
            val = deref_to_depth(func, builder, var, depth)
            return val
-        raise ValueError(f"Undefined variable: {operand.id}")
+        else:
+            # Check if it's a vmlinux enum/constant
+            vmlinux_result = VmlinuxHandlerRegistry.handle_name(operand.id)
+            if vmlinux_result is not None:
+                val, _ = vmlinux_result
+                return val
    elif isinstance(operand, ast.Constant):
        if isinstance(operand.value, int):
            cst = ir.Constant(ir.IntType(64), int(operand.value))
@ -254,16 +288,45 @@ def _handle_ctypes_call(
    call_type = expr.func.id
    expected_type = ctypes_to_ir(call_type)

-    if val[1] != expected_type:
+    # Extract the actual IR value and type
+    # val could be (value, ir_type) or (value, Field)
+    value, val_type = val
+
+    # If val_type is a Field object (from vmlinux struct), get the actual IR type of the value
+    if isinstance(val_type, Field):
+        # The value is already the correct IR value (potentially zero-extended)
+        # Get the IR type from the value itself
+        actual_ir_type = value.type
+        logger.info(
+            f"Converting vmlinux field {val_type.name} (IR type: {actual_ir_type}) to {call_type}"
+        )
+    else:
+        actual_ir_type = val_type
+
+    if actual_ir_type != expected_type:
        # NOTE: We are only considering casting to and from int types for now
-        if isinstance(val[1], ir.IntType) and isinstance(expected_type, ir.IntType):
-            if val[1].width < expected_type.width:
-                val = (builder.sext(val[0], expected_type), expected_type)
+        if isinstance(actual_ir_type, ir.IntType) and isinstance(
+            expected_type, ir.IntType
+        ):
+            if actual_ir_type.width < expected_type.width:
+                value = builder.sext(value, expected_type)
+                logger.info(
+                    f"Sign-extended from i{actual_ir_type.width} to i{expected_type.width}"
+                )
+            elif actual_ir_type.width > expected_type.width:
+                value = builder.trunc(value, expected_type)
+                logger.info(
+                    f"Truncated from i{actual_ir_type.width} to i{expected_type.width}"
+                )
            else:
-                val = (builder.trunc(val[0], expected_type), expected_type)
+                # Same width, just use as-is (e.g., both i64)
+                pass
        else:
-            raise ValueError(f"Type mismatch: expected {expected_type}, got {val[1]}")
-    return val
+            raise ValueError(
+                f"Type mismatch: expected {expected_type}, got {actual_ir_type} (original type: {val_type})"
+            )
+
+    return value, expected_type


 def _handle_compare(
@ -332,6 +395,7 @@ def _handle_unary_op(
        neg_one = ir.Constant(ir.IntType(64), -1)
        result = builder.mul(operand, neg_one)
        return result, ir.IntType(64)
+    return None


 # ============================================================================
@ -469,6 +533,66 @@ def _handle_boolean_op(
        return None


+# ============================================================================
+# VMLinux casting
+# ============================================================================
+
+
+def _handle_vmlinux_cast(
+    func,
+    module,
+    builder,
+    expr,
+    local_sym_tab,
+    map_sym_tab,
+    structs_sym_tab=None,
+):
+    # handle expressions such as struct_request(ctx.di) where struct_request is a vmlinux
+    # struct and ctx.di is a pointer to a struct but is actually represented as a c_uint64
+    # which needs to be cast to a pointer. This is also a field of another vmlinux struct
+    """Handle vmlinux struct cast expressions like struct_request(ctx.di)."""
+    if len(expr.args) != 1:
+        logger.info("vmlinux struct cast takes exactly one argument")
+        return None
+
+    # Get the struct name
+    struct_name = expr.func.id
+
+    # Evaluate the argument (e.g., ctx.di which is a c_uint64)
+    arg_result = eval_expr(
+        func,
+        module,
+        builder,
+        expr.args[0],
+        local_sym_tab,
+        map_sym_tab,
+        structs_sym_tab,
+    )
+
+    if arg_result is None:
+        logger.info("Failed to evaluate argument to vmlinux struct cast")
+        return None
+
+    arg_val, arg_type = arg_result
+    # Get the vmlinux struct type
+    vmlinux_struct_type = VmlinuxHandlerRegistry.get_struct_type(struct_name)
+    if vmlinux_struct_type is None:
+        logger.error(f"Failed to get vmlinux struct type for {struct_name}")
+        return None
+    # Cast the integer/value to a pointer to the struct
+    # If arg_val is an integer type, we need to inttoptr it
+    ptr_type = ir.PointerType()
+    # TODO: add a integer check here later
+    if ctypes_to_ir(arg_type.type.__name__):
+        # Cast integer to pointer
+        casted_ptr = builder.inttoptr(arg_val, ptr_type)
+    else:
+        logger.error(f"Unsupported type for vmlinux cast: {arg_type}")
+        return None
+
+    return casted_ptr, vmlinux_struct_type
+
+
 # ============================================================================
 # Expression Dispatcher
 # ============================================================================
@ -489,6 +613,18 @@ def eval_expr(
    elif isinstance(expr, ast.Constant):
        return _handle_constant_expr(module, builder, expr)
    elif isinstance(expr, ast.Call):
+        if isinstance(expr.func, ast.Name) and VmlinuxHandlerRegistry.is_vmlinux_struct(
+            expr.func.id
+        ):
+            return _handle_vmlinux_cast(
+                func,
+                module,
+                builder,
+                expr,
+                local_sym_tab,
+                map_sym_tab,
+                structs_sym_tab,
+            )
        if isinstance(expr.func, ast.Name) and expr.func.id == "deref":
            return _handle_deref_call(expr, local_sym_tab, builder)

--- a/pythonbpf/expr/vmlinux_registry.py
+++ b/pythonbpf/expr/vmlinux_registry.py
@ -0,0 +1,75 @@
+import ast
+
+from pythonbpf.vmlinux_parser.vmlinux_exports_handler import VmlinuxHandler
+
+
+class VmlinuxHandlerRegistry:
+    """Registry for vmlinux handler operations"""
+
+    _handler = None
+
+    @classmethod
+    def set_handler(cls, handler: VmlinuxHandler):
+        """Set the vmlinux handler"""
+        cls._handler = handler
+
+    @classmethod
+    def get_handler(cls):
+        """Get the vmlinux handler"""
+        return cls._handler
+
+    @classmethod
+    def handle_name(cls, name):
+        """Try to handle a name as vmlinux enum/constant"""
+        if cls._handler is None:
+            return None
+        return cls._handler.handle_vmlinux_enum(name)
+
+    @classmethod
+    def handle_attribute(cls, expr, local_sym_tab, module, builder):
+        """Try to handle an attribute access as vmlinux struct field"""
+        if cls._handler is None:
+            return None
+
+        if isinstance(expr.value, ast.Name):
+            var_name = expr.value.id
+            field_name = expr.attr
+            return cls._handler.handle_vmlinux_struct_field(
+                var_name, field_name, module, builder, local_sym_tab
+            )
+        return None
+
+    @classmethod
+    def get_struct_debug_info(cls, name):
+        if cls._handler is None:
+            return False
+        return cls._handler.get_struct_debug_info(name)
+
+    @classmethod
+    def is_vmlinux_struct(cls, name):
+        """Check if a name refers to a vmlinux struct"""
+        if cls._handler is None:
+            return False
+        return cls._handler.is_vmlinux_struct(name)
+
+    @classmethod
+    def get_struct_type(cls, name):
+        """Try to handle a struct name as vmlinux struct"""
+        if cls._handler is None:
+            return None
+        return cls._handler.get_vmlinux_struct_type(name)
+
+    @classmethod
+    def has_field(cls, vmlinux_struct_name, field_name):
+        """Check if a vmlinux struct has a specific field"""
+        if cls._handler is None:
+            return False
+        return cls._handler.has_field(vmlinux_struct_name, field_name)
+
+    @classmethod
+    def get_field_type(cls, vmlinux_struct_name, field_name):
+        """Get the type of a field in a vmlinux struct"""
+        if cls._handler is None:
+            return None
+        assert isinstance(cls._handler, VmlinuxHandler)
+        return cls._handler.get_field_type(vmlinux_struct_name, field_name)
--- a/pythonbpf/functions/function_debug_info.py
+++ b/pythonbpf/functions/function_debug_info.py
@ -0,0 +1,82 @@
+import ast
+
+import llvmlite.ir as ir
+import logging
+from pythonbpf.debuginfo import DebugInfoGenerator
+from pythonbpf.expr import VmlinuxHandlerRegistry
+import ctypes
+
+logger = logging.getLogger(__name__)
+
+
+def generate_function_debug_info(
+    func_node: ast.FunctionDef, module: ir.Module, func: ir.Function
+):
+    generator = DebugInfoGenerator(module)
+    leading_argument = func_node.args.args[0]
+    leading_argument_name = leading_argument.arg
+    annotation = leading_argument.annotation
+    if func_node.returns is None:
+        # TODO: should check if this logic is consistent with function return type handling elsewhere
+        return_type = ctypes.c_int64()
+    elif hasattr(func_node.returns, "id"):
+        return_type = func_node.returns.id
+        if return_type == "c_int32":
+            return_type = generator.get_int32_type()
+        elif return_type == "c_int64":
+            return_type = generator.get_int64_type()
+        elif return_type == "c_uint32":
+            return_type = generator.get_uint32_type()
+        elif return_type == "c_uint64":
+            return_type = generator.get_uint64_type()
+        else:
+            logger.warning(
+                "Return type should be int32, int64, uint32 or uint64 only. Falling back to int64"
+            )
+            return_type = generator.get_int64_type()
+    else:
+        return_type = ctypes.c_int64()
+    # context processing
+    if annotation is None:
+        logger.warning("Type of context of function not found.")
+        return
+    if hasattr(annotation, "id"):
+        ctype_name = annotation.id
+        if ctype_name == "c_void_p":
+            return
+        elif ctype_name.startswith("ctypes"):
+            raise SyntaxError(
+                "The first argument should always be a pointer to a struct or a void pointer"
+            )
+        context_debug_info = VmlinuxHandlerRegistry.get_struct_debug_info(annotation.id)
+
+        # Create pointer to context this must be created fresh for each function
+        # to avoid circular reference issues when the same struct is used in multiple functions
+        pointer_to_context_debug_info = generator.create_pointer_type(
+            context_debug_info, 64
+        )
+
+        # Create subroutine type - also fresh for each function
+        subroutine_type = generator.create_subroutine_type(
+            return_type, pointer_to_context_debug_info
+        )
+
+        # Create local variable - fresh for each function with unique name
+        context_local_variable = generator.create_local_variable_debug_info(
+            leading_argument_name, 1, pointer_to_context_debug_info
+        )
+
+        retained_nodes = [context_local_variable]
+        logger.info(f"Generating debug info for function {func_node.name}")
+
+        # Create subprogram with is_distinct=True to ensure each function gets unique debug info
+        subprogram_debug_info = generator.create_subprogram(
+            func_node.name, subroutine_type, retained_nodes
+        )
+        generator.add_scope_to_local_variable(
+            context_local_variable, subprogram_debug_info
+        )
+        func.set_metadata("dbg", subprogram_debug_info)
+
+    else:
+        logger.error(f"Invalid annotation type for argument '{leading_argument_name}'")
--- a/pythonbpf/functions/functions_pass.py
+++ b/pythonbpf/functions/functions_pass.py
@ -7,13 +7,23 @@ from pythonbpf.helper import (
    reset_scratch_pool,
 )
 from pythonbpf.type_deducer import ctypes_to_ir
-from pythonbpf.expr import eval_expr, handle_expr, convert_to_bool
+from pythonbpf.expr import (
+    eval_expr,
+    handle_expr,
+    convert_to_bool,
+    VmlinuxHandlerRegistry,
+)
 from pythonbpf.assign_pass import (
    handle_variable_assignment,
    handle_struct_field_assignment,
 )
-from pythonbpf.allocation_pass import handle_assign_allocation, allocate_temp_pool
-
+from pythonbpf.allocation_pass import (
+    handle_assign_allocation,
+    allocate_temp_pool,
+    create_targets_and_rvals,
+    LocalSymbol,
+)
+from .function_debug_info import generate_function_debug_info
 from .return_utils import handle_none_return, handle_xdp_return, is_xdp_name
 from .function_metadata import get_probe_string, is_global_function, infer_return_type

@ -29,7 +39,7 @@ logger = logging.getLogger(__name__)
 def count_temps_in_call(call_node, local_sym_tab):
    """Count the number of temporary variables needed for a function call."""

-    count = 0
+    count = {}
    is_helper = False

    # NOTE: We exclude print calls for now
@ -39,21 +49,28 @@ def count_temps_in_call(call_node, local_sym_tab):
            and call_node.func.id != "print"
        ):
            is_helper = True
+            func_name = call_node.func.id
    elif isinstance(call_node.func, ast.Attribute):
        if HelperHandlerRegistry.has_handler(call_node.func.attr):
            is_helper = True
+            func_name = call_node.func.attr

    if not is_helper:
-        return 0
+        return {}  # No temps needed

-    for arg in call_node.args:
+    for arg_idx in range(len(call_node.args)):
        # NOTE: Count all non-name arguments
        # For struct fields, if it is being passed as an argument,
        # The struct object should already exist in the local_sym_tab
-        if not isinstance(arg, ast.Name) and not (
+        arg = call_node.args[arg_idx]
+        if isinstance(arg, ast.Name) or (
            isinstance(arg, ast.Attribute) and arg.value.id in local_sym_tab
        ):
-            count += 1
+            continue
+        param_type = HelperHandlerRegistry.get_param_type(func_name, arg_idx)
+        if isinstance(param_type, ir.PointerType):
+            pointee_type = param_type.pointee
+            count[pointee_type] = count.get(pointee_type, 0) + 1

    return count

@ -89,11 +106,15 @@ def handle_if_allocation(
 def allocate_mem(
    module, builder, body, func, ret_type, map_sym_tab, local_sym_tab, structs_sym_tab
 ):
-    max_temps_needed = 0
+    max_temps_needed = {}
+
+    def merge_type_counts(count_dict):
+        nonlocal max_temps_needed
+        for typ, cnt in count_dict.items():
+            max_temps_needed[typ] = max(max_temps_needed.get(typ, 0), cnt)

    def update_max_temps_for_stmt(stmt):
        nonlocal max_temps_needed
-        temps_needed = 0

        if isinstance(stmt, ast.If):
            for s in stmt.body:
@ -102,10 +123,13 @@ def allocate_mem(
                update_max_temps_for_stmt(s)
            return

+        stmt_temps = {}
        for node in ast.walk(stmt):
            if isinstance(node, ast.Call):
-                temps_needed += count_temps_in_call(node, local_sym_tab)
-        max_temps_needed = max(max_temps_needed, temps_needed)
+                call_temps = count_temps_in_call(node, local_sym_tab)
+                for typ, cnt in call_temps.items():
+                    stmt_temps[typ] = stmt_temps.get(typ, 0) + cnt
+        merge_type_counts(stmt_temps)

    for stmt in body:
        update_max_temps_for_stmt(stmt)
@ -123,7 +147,9 @@ def allocate_mem(
                structs_sym_tab,
            )
        elif isinstance(stmt, ast.Assign):
-            handle_assign_allocation(builder, stmt, local_sym_tab, structs_sym_tab)
+            handle_assign_allocation(
+                builder, stmt, local_sym_tab, map_sym_tab, structs_sym_tab
+            )

    allocate_temp_pool(builder, max_temps_needed, local_sym_tab)

@ -140,48 +166,43 @@ def handle_assign(
 ):
    """Handle assignment statements in the function body."""

-    # TODO: Support this later
-    # GH #37
-    if len(stmt.targets) != 1:
-        logger.error("Multi-target assignment is not supported for now")
-        return
+    # NOTE: Support multi-target assignments (e.g.: a, b = 1, 2)
+    targets, rvals = create_targets_and_rvals(stmt)

-    target = stmt.targets[0]
-    rval = stmt.value
+    for target, rval in zip(targets, rvals):
+        if isinstance(target, ast.Name):
+            # NOTE: Simple variable assignment case: x = 5
+            var_name = target.id
+            result = handle_variable_assignment(
+                func,
+                module,
+                builder,
+                var_name,
+                rval,
+                local_sym_tab,
+                map_sym_tab,
+                structs_sym_tab,
+            )
+            if not result:
+                logger.error(f"Failed to handle assignment to {var_name}")
+            continue

-    if isinstance(target, ast.Name):
-        # NOTE: Simple variable assignment case: x = 5
-        var_name = target.id
-        result = handle_variable_assignment(
-            func,
-            module,
-            builder,
-            var_name,
-            rval,
-            local_sym_tab,
-            map_sym_tab,
-            structs_sym_tab,
-        )
-        if not result:
-            logger.error(f"Failed to handle assignment to {var_name}")
-        return
+        if isinstance(target, ast.Attribute):
+            # NOTE: Struct field assignment case: pkt.field = value
+            handle_struct_field_assignment(
+                func,
+                module,
+                builder,
+                target,
+                rval,
+                local_sym_tab,
+                map_sym_tab,
+                structs_sym_tab,
+            )
+            continue

-    if isinstance(target, ast.Attribute):
-        # NOTE: Struct field assignment case: pkt.field = value
-        handle_struct_field_assignment(
-            func,
-            module,
-            builder,
-            target,
-            rval,
-            local_sym_tab,
-            map_sym_tab,
-            structs_sym_tab,
-        )
-        return
-
-    # Unsupported target type
-    logger.error(f"Unsupported assignment target: {ast.dump(target)}")
+        # Unsupported target type
+        logger.error(f"Unsupported assignment target: {ast.dump(target)}")


 def handle_cond(
@ -311,7 +332,13 @@ def process_stmt(


 def process_func_body(
-    module, builder, func_node, func, ret_type, map_sym_tab, structs_sym_tab
+    module,
+    builder,
+    func_node,
+    func,
+    ret_type,
+    map_sym_tab,
+    structs_sym_tab,
 ):
    """Process the body of a bpf function"""
    # TODO: A lot.  We just have print -> bpf_trace_printk for now
@ -319,6 +346,28 @@ def process_func_body(

    local_sym_tab = {}

+    # Add the context parameter (first function argument) to the local symbol table
+    if func_node.args.args and len(func_node.args.args) > 0:
+        context_arg = func_node.args.args[0]
+        context_name = context_arg.arg
+
+        if hasattr(context_arg, "annotation") and context_arg.annotation:
+            if isinstance(context_arg.annotation, ast.Name):
+                context_type_name = context_arg.annotation.id
+            elif isinstance(context_arg.annotation, ast.Attribute):
+                context_type_name = context_arg.annotation.attr
+            else:
+                raise TypeError(
+                    f"Unsupported annotation type: {ast.dump(context_arg.annotation)}"
+                )
+            if VmlinuxHandlerRegistry.is_vmlinux_struct(context_type_name):
+                resolved_type = VmlinuxHandlerRegistry.get_struct_type(
+                    context_type_name
+                )
+                context_type = LocalSymbol(None, None, resolved_type)
+                local_sym_tab[context_name] = context_type
+                logger.info(f"Added argument '{context_name}' to local symbol table")
+
    # pre-allocate dynamic variables
    local_sym_tab = allocate_mem(
        module,
@ -369,7 +418,7 @@ def process_bpf_chunk(func_node, module, return_type, map_sym_tab, structs_sym_t
    func.linkage = "dso_local"
    func.attributes.add("nounwind")
    func.attributes.add("noinline")
-    func.attributes.add("optnone")
+    # func.attributes.add("optnone")

    if func_node.args.args:
        # Only look at the first argument for now
@ -384,7 +433,13 @@ def process_bpf_chunk(func_node, module, return_type, map_sym_tab, structs_sym_t
    builder = ir.IRBuilder(block)

    process_func_body(
-        module, builder, func_node, func, ret_type, map_sym_tab, structs_sym_tab
+        module,
+        builder,
+        func_node,
+        func,
+        ret_type,
+        map_sym_tab,
+        structs_sym_tab,
    )
    return func

@ -401,7 +456,7 @@ def func_proc(tree, module, chunks, map_sym_tab, structs_sym_tab):
        func_type = get_probe_string(func_node)
        logger.info(f"Found probe_string of {func_node.name}: {func_type}")

-        process_bpf_chunk(
+        func = process_bpf_chunk(
            func_node,
            module,
            ctypes_to_ir(infer_return_type(func_node)),
@ -409,6 +464,9 @@ def func_proc(tree, module, chunks, map_sym_tab, structs_sym_tab):
            structs_sym_tab,
        )

+        logger.info(f"Generating Debug Info for Function {func_node.name}")
+        generate_function_debug_info(func_node, module, func)
+

 # TODO: WIP, for string assignment to fixed-size arrays
 def assign_string_to_array(builder, target_array_ptr, source_string_ptr, array_length):
--- a/pythonbpf/helper/init.py
+++ b/pythonbpf/helper/init.py
@ -1,7 +1,25 @@
 from .helper_registry import HelperHandlerRegistry
 from .helper_utils import reset_scratch_pool
-from .bpf_helper_handler import handle_helper_call
-from .helpers import ktime, pid, deref, XDP_DROP, XDP_PASS
+from .bpf_helper_handler import (
+    handle_helper_call,
+    emit_probe_read_kernel_str_call,
+    emit_probe_read_kernel_call,
+)
+from .helpers import (
+    ktime,
+    pid,
+    deref,
+    comm,
+    probe_read_str,
+    random,
+    probe_read,
+    smp_processor_id,
+    uid,
+    skb_store_bytes,
+    get_stack,
+    XDP_DROP,
+    XDP_PASS,
+)


 # Register the helper handler with expr module
@ -59,9 +77,19 @@ __all__ = [
    "HelperHandlerRegistry",
    "reset_scratch_pool",
    "handle_helper_call",
+    "emit_probe_read_kernel_str_call",
+    "emit_probe_read_kernel_call",
    "ktime",
    "pid",
    "deref",
+    "comm",
+    "probe_read_str",
+    "random",
+    "probe_read",
+    "smp_processor_id",
+    "uid",
+    "skb_store_bytes",
+    "get_stack",
    "XDP_DROP",
    "XDP_PASS",
 ]
--- a/pythonbpf/helper/bpf_helper_handler.py
+++ b/pythonbpf/helper/bpf_helper_handler.py
@ -7,26 +7,45 @@ from .helper_utils import (
    get_or_create_ptr_from_arg,
    get_flags_val,
    get_data_ptr_and_size,
+    get_buffer_ptr_and_size,
+    get_ptr_from_arg,
+    get_int_value_from_arg,
 )
 from .printk_formatter import simple_string_print, handle_fstring_print
-
-from logging import Logger
+from pythonbpf.maps import BPFMapType
 import logging

-logger: Logger = logging.getLogger(__name__)
+logger = logging.getLogger(__name__)


 class BPFHelperID(Enum):
    BPF_MAP_LOOKUP_ELEM = 1
    BPF_MAP_UPDATE_ELEM = 2
    BPF_MAP_DELETE_ELEM = 3
+    BPF_PROBE_READ = 4
    BPF_KTIME_GET_NS = 5
    BPF_PRINTK = 6
+    BPF_GET_PRANDOM_U32 = 7
+    BPF_GET_SMP_PROCESSOR_ID = 8
+    BPF_SKB_STORE_BYTES = 9
    BPF_GET_CURRENT_PID_TGID = 14
+    BPF_GET_CURRENT_UID_GID = 15
+    BPF_GET_CURRENT_COMM = 16
    BPF_PERF_EVENT_OUTPUT = 25
+    BPF_GET_STACK = 67
+    BPF_PROBE_READ_KERNEL_STR = 115
+    BPF_PROBE_READ_KERNEL = 113
+    BPF_RINGBUF_OUTPUT = 130
+    BPF_RINGBUF_RESERVE = 131
+    BPF_RINGBUF_SUBMIT = 132
+    BPF_RINGBUF_DISCARD = 133


-@HelperHandlerRegistry.register("ktime")
+@HelperHandlerRegistry.register(
+    "ktime",
+    param_types=[],
+    return_type=ir.IntType(64),
+)
 def bpf_ktime_get_ns_emitter(
    call,
    map_ptr,
@ -49,7 +68,11 @@ def bpf_ktime_get_ns_emitter(
    return result, ir.IntType(64)


-@HelperHandlerRegistry.register("lookup")
+@HelperHandlerRegistry.register(
+    "lookup",
+    param_types=[ir.PointerType(ir.IntType(64))],
+    return_type=ir.PointerType(ir.IntType(64)),
+)
 def bpf_map_lookup_elem_emitter(
    call,
    map_ptr,
@ -73,9 +96,9 @@ def bpf_map_lookup_elem_emitter(
    map_void_ptr = builder.bitcast(map_ptr, ir.PointerType())

    # TODO: I have changed the return type to i64*, as we are
-    # allocating space for that type in allocate_mem. This is
-    # temporary, and we will honour other widths later. But this
-    # allows us to have cool binary ops on the returned value.
+    #   allocating space for that type in allocate_mem. This is
+    #   temporary, and we will honour other widths later. But this
+    #   allows us to have cool binary ops on the returned value.
    fn_type = ir.FunctionType(
        ir.PointerType(ir.IntType(64)),  # Return type: void*
        [ir.PointerType(), ir.PointerType()],  # Args: (void*, void*)
@ -91,6 +114,7 @@ def bpf_map_lookup_elem_emitter(
    return result, ir.PointerType()


+# NOTE: This has special handling so we won't reflect the signature here.
@HelperHandlerRegistry.register("print")
 def bpf_printk_emitter(
    call,
@ -139,7 +163,15 @@ def bpf_printk_emitter(
    return True


-@HelperHandlerRegistry.register("update")
+@HelperHandlerRegistry.register(
+    "update",
+    param_types=[
+        ir.PointerType(ir.IntType(64)),
+        ir.PointerType(ir.IntType(64)),
+        ir.IntType(64),
+    ],
+    return_type=ir.PointerType(ir.IntType(64)),
+)
 def bpf_map_update_elem_emitter(
    call,
    map_ptr,
@ -194,7 +226,11 @@ def bpf_map_update_elem_emitter(
    return result, None


-@HelperHandlerRegistry.register("delete")
+@HelperHandlerRegistry.register(
+    "delete",
+    param_types=[ir.PointerType(ir.IntType(64))],
+    return_type=ir.PointerType(ir.IntType(64)),
+)
 def bpf_map_delete_elem_emitter(
    call,
    map_ptr,
@ -234,7 +270,72 @@ def bpf_map_delete_elem_emitter(
    return result, None


-@HelperHandlerRegistry.register("pid")
+@HelperHandlerRegistry.register(
+    "comm",
+    param_types=[ir.PointerType(ir.IntType(8))],
+    return_type=ir.IntType(64),
+)
+def bpf_get_current_comm_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_get_current_comm helper function call.
+
+    Accepts: comm(dataobj.field) or comm(my_buffer)
+    """
+    if not call.args or len(call.args) != 1:
+        raise ValueError(
+            f"comm expects exactly one argument (buffer), got {len(call.args)}"
+        )
+
+    buf_arg = call.args[0]
+
+    # Extract buffer pointer and size
+    buf_ptr, buf_size = get_buffer_ptr_and_size(
+        buf_arg, builder, local_sym_tab, struct_sym_tab
+    )
+
+    # Validate it's a char array
+    if not isinstance(
+        buf_ptr.type.pointee, ir.ArrayType
+    ) or buf_ptr.type.pointee.element != ir.IntType(8):
+        raise ValueError(
+            f"comm expects a char array buffer, got {buf_ptr.type.pointee}"
+        )
+
+    # Cast to void* and call helper
+    buf_void_ptr = builder.bitcast(buf_ptr, ir.PointerType())
+
+    fn_type = ir.FunctionType(
+        ir.IntType(64),
+        [ir.PointerType(), ir.IntType(32)],
+        var_arg=False,
+    )
+    fn_ptr = builder.inttoptr(
+        ir.Constant(ir.IntType(64), BPFHelperID.BPF_GET_CURRENT_COMM.value),
+        ir.PointerType(fn_type),
+    )
+
+    result = builder.call(
+        fn_ptr, [buf_void_ptr, ir.Constant(ir.IntType(32), buf_size)], tail=False
+    )
+
+    logger.info(f"Emitted bpf_get_current_comm with {buf_size} byte buffer")
+    return result, None
+
+
+@HelperHandlerRegistry.register(
+    "pid",
+    param_types=[],
+    return_type=ir.IntType(64),
+)
 def bpf_get_current_pid_tgid_emitter(
    call,
    map_ptr,
@ -256,12 +357,12 @@ def bpf_get_current_pid_tgid_emitter(
    result = builder.call(fn_ptr, [], tail=False)

    # Extract the lower 32 bits (PID) using bitwise AND with 0xFFFFFFFF
+    # TODO: return both PID and TGID if we end up needing TGID somewhere
    mask = ir.Constant(ir.IntType(64), 0xFFFFFFFF)
    pid = builder.and_(result, mask)
    return pid, ir.IntType(64)


-@HelperHandlerRegistry.register("output")
 def bpf_perf_event_output_handler(
    call,
    map_ptr,
@ -272,6 +373,10 @@ def bpf_perf_event_output_handler(
    struct_sym_tab=None,
    map_sym_tab=None,
 ):
+    """
+    Emit LLVM IR for bpf_perf_event_output helper function call.
+    """
+
    if len(call.args) != 1:
        raise ValueError(
            f"Perf event output expects exactly one argument, got {len(call.args)}"
@ -309,6 +414,660 @@ def bpf_perf_event_output_handler(
    return result, None


+def bpf_ringbuf_output_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_ringbuf_output helper function call.
+    """
+
+    if len(call.args) != 1:
+        raise ValueError(
+            f"Ringbuf output expects exactly one argument, got {len(call.args)}"
+        )
+    data_arg = call.args[0]
+    data_ptr, size_val = get_data_ptr_and_size(data_arg, local_sym_tab, struct_sym_tab)
+    flags_val = ir.Constant(ir.IntType(64), 0)
+
+    map_void_ptr = builder.bitcast(map_ptr, ir.PointerType())
+    data_void_ptr = builder.bitcast(data_ptr, ir.PointerType())
+    fn_type = ir.FunctionType(
+        ir.IntType(64),
+        [
+            ir.PointerType(),
+            ir.PointerType(),
+            ir.IntType(64),
+            ir.IntType(64),
+        ],
+        var_arg=False,
+    )
+    fn_ptr_type = ir.PointerType(fn_type)
+
+    # helper id
+    fn_addr = ir.Constant(ir.IntType(64), BPFHelperID.BPF_RINGBUF_OUTPUT.value)
+    fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
+
+    result = builder.call(
+        fn_ptr, [map_void_ptr, data_void_ptr, size_val, flags_val], tail=False
+    )
+    return result, None
+
+
+@HelperHandlerRegistry.register(
+    "output",
+    param_types=[ir.PointerType(ir.IntType(8))],
+    return_type=ir.IntType(64),
+)
+def handle_output_helper(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Route output helper to the appropriate emitter based on map type.
+    """
+    match map_sym_tab[map_ptr.name].type:
+        case BPFMapType.PERF_EVENT_ARRAY:
+            return bpf_perf_event_output_handler(
+                call,
+                map_ptr,
+                module,
+                builder,
+                func,
+                local_sym_tab,
+                struct_sym_tab,
+                map_sym_tab,
+            )
+        case BPFMapType.RINGBUF:
+            return bpf_ringbuf_output_emitter(
+                call,
+                map_ptr,
+                module,
+                builder,
+                func,
+                local_sym_tab,
+                struct_sym_tab,
+                map_sym_tab,
+            )
+        case _:
+            logger.error("Unsupported map type for output helper.")
+    raise NotImplementedError("Output helper for this map type is not implemented.")
+
+
+def emit_probe_read_kernel_str_call(builder, dst_ptr, dst_size, src_ptr):
+    """Emit LLVM IR call to bpf_probe_read_kernel_str"""
+
+    fn_type = ir.FunctionType(
+        ir.IntType(64),
+        [ir.PointerType(), ir.IntType(32), ir.PointerType()],
+        var_arg=False,
+    )
+    fn_ptr = builder.inttoptr(
+        ir.Constant(ir.IntType(64), BPFHelperID.BPF_PROBE_READ_KERNEL_STR.value),
+        ir.PointerType(fn_type),
+    )
+
+    result = builder.call(
+        fn_ptr,
+        [
+            builder.bitcast(dst_ptr, ir.PointerType()),
+            ir.Constant(ir.IntType(32), dst_size),
+            builder.bitcast(src_ptr, ir.PointerType()),
+        ],
+        tail=False,
+    )
+
+    logger.info(f"Emitted bpf_probe_read_kernel_str (size={dst_size})")
+    return result
+
+
+@HelperHandlerRegistry.register(
+    "probe_read_str",
+    param_types=[
+        ir.PointerType(ir.IntType(8)),
+        ir.PointerType(ir.IntType(8)),
+    ],
+    return_type=ir.IntType(64),
+)
+def bpf_probe_read_kernel_str_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """Emit LLVM IR for bpf_probe_read_kernel_str helper."""
+
+    if len(call.args) != 2:
+        raise ValueError(
+            f"probe_read_str expects 2 args (dst, src), got {len(call.args)}"
+        )
+
+    # Get destination buffer (char array -> i8*)
+    dst_ptr, dst_size = get_or_create_ptr_from_arg(
+        func, module, call.args[0], builder, local_sym_tab, map_sym_tab, struct_sym_tab
+    )
+
+    # Get source pointer (evaluate expression)
+    src_ptr, src_type = get_ptr_from_arg(
+        call.args[1], func, module, builder, local_sym_tab, map_sym_tab, struct_sym_tab
+    )
+
+    # Emit the helper call
+    result = emit_probe_read_kernel_str_call(builder, dst_ptr, dst_size, src_ptr)
+
+    logger.info(f"Emitted bpf_probe_read_kernel_str (size={dst_size})")
+    return result, ir.IntType(64)
+
+
+def emit_probe_read_kernel_call(builder, dst_ptr, dst_size, src_ptr):
+    """Emit LLVM IR call to bpf_probe_read_kernel"""
+
+    fn_type = ir.FunctionType(
+        ir.IntType(64),
+        [ir.PointerType(), ir.IntType(32), ir.PointerType()],
+        var_arg=False,
+    )
+    fn_ptr = builder.inttoptr(
+        ir.Constant(ir.IntType(64), BPFHelperID.BPF_PROBE_READ_KERNEL.value),
+        ir.PointerType(fn_type),
+    )
+
+    result = builder.call(
+        fn_ptr,
+        [
+            builder.bitcast(dst_ptr, ir.PointerType()),
+            ir.Constant(ir.IntType(32), dst_size),
+            builder.bitcast(src_ptr, ir.PointerType()),
+        ],
+        tail=False,
+    )
+
+    logger.info(f"Emitted bpf_probe_read_kernel (size={dst_size})")
+    return result
+
+
+@HelperHandlerRegistry.register(
+    "probe_read_kernel",
+    param_types=[
+        ir.PointerType(ir.IntType(8)),
+        ir.PointerType(ir.IntType(8)),
+    ],
+    return_type=ir.IntType(64),
+)
+def bpf_probe_read_kernel_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """Emit LLVM IR for bpf_probe_read_kernel helper."""
+
+    if len(call.args) != 2:
+        raise ValueError(
+            f"probe_read_kernel expects 2 args (dst, src), got {len(call.args)}"
+        )
+
+    # Get destination buffer (char array -> i8*)
+    dst_ptr, dst_size = get_or_create_ptr_from_arg(
+        func, module, call.args[0], builder, local_sym_tab, map_sym_tab, struct_sym_tab
+    )
+
+    # Get source pointer (evaluate expression)
+    src_ptr, src_type = get_ptr_from_arg(
+        call.args[1], func, module, builder, local_sym_tab, map_sym_tab, struct_sym_tab
+    )
+
+    # Emit the helper call
+    result = emit_probe_read_kernel_call(builder, dst_ptr, dst_size, src_ptr)
+
+    logger.info(f"Emitted bpf_probe_read_kernel (size={dst_size})")
+    return result, ir.IntType(64)
+
+
+@HelperHandlerRegistry.register(
+    "random",
+    param_types=[],
+    return_type=ir.IntType(32),
+)
+def bpf_get_prandom_u32_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_get_prandom_u32 helper function call.
+    """
+    helper_id = ir.Constant(ir.IntType(64), BPFHelperID.BPF_GET_PRANDOM_U32.value)
+    fn_type = ir.FunctionType(ir.IntType(32), [], var_arg=False)
+    fn_ptr_type = ir.PointerType(fn_type)
+    fn_ptr = builder.inttoptr(helper_id, fn_ptr_type)
+    result = builder.call(fn_ptr, [], tail=False)
+    return result, ir.IntType(32)
+
+
+@HelperHandlerRegistry.register(
+    "probe_read",
+    param_types=[
+        ir.PointerType(ir.IntType(8)),
+        ir.IntType(32),
+        ir.PointerType(ir.IntType(8)),
+    ],
+    return_type=ir.IntType(64),
+)
+def bpf_probe_read_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_probe_read helper function
+    """
+
+    if len(call.args) != 3:
+        logger.warn("Expected 3 args for probe_read helper")
+        return
+    dst_ptr = get_or_create_ptr_from_arg(
+        func,
+        module,
+        call.args[0],
+        builder,
+        local_sym_tab,
+        map_sym_tab,
+        struct_sym_tab,
+        ir.IntType(8),
+    )
+    size_val = get_int_value_from_arg(
+        call.args[1],
+        func,
+        module,
+        builder,
+        local_sym_tab,
+        map_sym_tab,
+        struct_sym_tab,
+    )
+    src_ptr = get_or_create_ptr_from_arg(
+        func,
+        module,
+        call.args[2],
+        builder,
+        local_sym_tab,
+        map_sym_tab,
+        struct_sym_tab,
+        ir.IntType(8),
+    )
+    fn_type = ir.FunctionType(
+        ir.IntType(64),
+        [ir.PointerType(), ir.IntType(32), ir.PointerType()],
+        var_arg=False,
+    )
+    fn_ptr = builder.inttoptr(
+        ir.Constant(ir.IntType(64), BPFHelperID.BPF_PROBE_READ.value),
+        ir.PointerType(fn_type),
+    )
+    result = builder.call(
+        fn_ptr,
+        [
+            builder.bitcast(dst_ptr, ir.PointerType()),
+            builder.trunc(size_val, ir.IntType(32)),
+            builder.bitcast(src_ptr, ir.PointerType()),
+        ],
+        tail=False,
+    )
+    logger.info(f"Emitted bpf_probe_read (size={size_val})")
+    return result, ir.IntType(64)
+
+
+@HelperHandlerRegistry.register(
+    "smp_processor_id",
+    param_types=[],
+    return_type=ir.IntType(32),
+)
+def bpf_get_smp_processor_id_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_get_smp_processor_id helper function call.
+    """
+    helper_id = ir.Constant(ir.IntType(64), BPFHelperID.BPF_GET_SMP_PROCESSOR_ID.value)
+    fn_type = ir.FunctionType(ir.IntType(32), [], var_arg=False)
+    fn_ptr_type = ir.PointerType(fn_type)
+    fn_ptr = builder.inttoptr(helper_id, fn_ptr_type)
+    result = builder.call(fn_ptr, [], tail=False)
+    logger.info("Emitted bpf_get_smp_processor_id call")
+    return result, ir.IntType(32)
+
+
+@HelperHandlerRegistry.register(
+    "uid",
+    param_types=[],
+    return_type=ir.IntType(64),
+)
+def bpf_get_current_uid_gid_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_get_current_uid_gid helper function call.
+    """
+    helper_id = ir.Constant(ir.IntType(64), BPFHelperID.BPF_GET_CURRENT_UID_GID.value)
+    fn_type = ir.FunctionType(ir.IntType(64), [], var_arg=False)
+    fn_ptr_type = ir.PointerType(fn_type)
+    fn_ptr = builder.inttoptr(helper_id, fn_ptr_type)
+    result = builder.call(fn_ptr, [], tail=False)
+
+    # Extract the lower 32 bits (UID) using bitwise AND with 0xFFFFFFFF
+    # TODO: return both UID and GID if we end up needing GID somewhere
+    mask = ir.Constant(ir.IntType(64), 0xFFFFFFFF)
+    pid = builder.and_(result, mask)
+    return pid, ir.IntType(64)
+
+
+@HelperHandlerRegistry.register(
+    "skb_store_bytes",
+    param_types=[
+        ir.IntType(32),
+        ir.PointerType(ir.IntType(8)),
+        ir.IntType(32),
+        ir.IntType(64),
+    ],
+    return_type=ir.IntType(64),
+)
+def bpf_skb_store_bytes_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_skb_store_bytes helper function call.
+    Expected call signature: skb_store_bytes(skb, offset, from, len, flags)
+    """
+
+    args_signature = [
+        ir.PointerType(),  # skb pointer
+        ir.IntType(32),  # offset
+        ir.PointerType(),  # from
+        ir.IntType(32),  # len
+        ir.IntType(64),  # flags
+    ]
+
+    if len(call.args) not in (3, 4):
+        raise ValueError(
+            f"skb_store_bytes expects 3 or 4 args (offset, from, len, flags), got {len(call.args)}"
+        )
+
+    skb_ptr = func.args[0]  # First argument to the function is skb
+    offset_val = get_int_value_from_arg(
+        call.args[0],
+        func,
+        module,
+        builder,
+        local_sym_tab,
+        map_sym_tab,
+        struct_sym_tab,
+    )
+    from_ptr = get_or_create_ptr_from_arg(
+        func,
+        module,
+        call.args[1],
+        builder,
+        local_sym_tab,
+        map_sym_tab,
+        struct_sym_tab,
+        args_signature[2],
+    )
+    len_val = get_int_value_from_arg(
+        call.args[2],
+        func,
+        module,
+        builder,
+        local_sym_tab,
+        map_sym_tab,
+        struct_sym_tab,
+    )
+    if len(call.args) == 4:
+        flags_val = get_flags_val(call.args[3], builder, local_sym_tab)
+    else:
+        flags_val = 0
+    if isinstance(flags_val, int):
+        flags = ir.Constant(ir.IntType(64), flags_val)
+    else:
+        flags = flags_val
+    fn_type = ir.FunctionType(
+        ir.IntType(64),
+        args_signature,
+        var_arg=False,
+    )
+    fn_ptr = builder.inttoptr(
+        ir.Constant(ir.IntType(64), BPFHelperID.BPF_SKB_STORE_BYTES.value),
+        ir.PointerType(fn_type),
+    )
+    result = builder.call(
+        fn_ptr,
+        [
+            builder.bitcast(skb_ptr, ir.PointerType()),
+            builder.trunc(offset_val, ir.IntType(32)),
+            builder.bitcast(from_ptr, ir.PointerType()),
+            builder.trunc(len_val, ir.IntType(32)),
+            flags,
+        ],
+        tail=False,
+    )
+    logger.info("Emitted bpf_skb_store_bytes call")
+    return result, ir.IntType(64)
+
+
+@HelperHandlerRegistry.register(
+    "reserve",
+    param_types=[ir.IntType(64)],
+    return_type=ir.PointerType(ir.IntType(8)),
+)
+def bpf_ringbuf_reserve_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_ringbuf_reserve helper function call.
+    Expected call signature: ringbuf.reserve(size)
+    """
+
+    if len(call.args) != 1:
+        raise ValueError(
+            f"ringbuf.reserve expects exactly one argument (size), got {len(call.args)}"
+        )
+
+    size_val = get_int_value_from_arg(
+        call.args[0],
+        func,
+        module,
+        builder,
+        local_sym_tab,
+        map_sym_tab,
+        struct_sym_tab,
+    )
+
+    map_void_ptr = builder.bitcast(map_ptr, ir.PointerType())
+    fn_type = ir.FunctionType(
+        ir.PointerType(ir.IntType(8)),
+        [ir.PointerType(), ir.IntType(64)],
+        var_arg=False,
+    )
+    fn_ptr_type = ir.PointerType(fn_type)
+
+    fn_addr = ir.Constant(ir.IntType(64), BPFHelperID.BPF_RINGBUF_RESERVE.value)
+    fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
+
+    result = builder.call(fn_ptr, [map_void_ptr, size_val], tail=False)
+
+    return result, ir.PointerType(ir.IntType(8))
+
+
+@HelperHandlerRegistry.register(
+    "submit",
+    param_types=[ir.PointerType(ir.IntType(8)), ir.IntType(64)],
+    return_type=ir.VoidType(),
+)
+def bpf_ringbuf_submit_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_ringbuf_submit helper function call.
+    Expected call signature: ringbuf.submit(data, flags=0)
+    """
+
+    if len(call.args) not in (1, 2):
+        raise ValueError(
+            f"ringbuf.submit expects 1 or 2 args (data, flags), got {len(call.args)}"
+        )
+
+    data_arg = call.args[0]
+    flags_arg = call.args[1] if len(call.args) == 2 else None
+
+    data_ptr = get_or_create_ptr_from_arg(
+        func,
+        module,
+        data_arg,
+        builder,
+        local_sym_tab,
+        map_sym_tab,
+        struct_sym_tab,
+        ir.PointerType(ir.IntType(8)),
+    )
+
+    flags_const = get_flags_val(flags_arg, builder, local_sym_tab)
+    if isinstance(flags_const, int):
+        flags_const = ir.Constant(ir.IntType(64), flags_const)
+
+    map_void_ptr = builder.bitcast(map_ptr, ir.PointerType())
+    fn_type = ir.FunctionType(
+        ir.VoidType(),
+        [ir.PointerType(), ir.PointerType(), ir.IntType(64)],
+        var_arg=False,
+    )
+    fn_ptr_type = ir.PointerType(fn_type)
+
+    fn_addr = ir.Constant(ir.IntType(64), BPFHelperID.BPF_RINGBUF_SUBMIT.value)
+    fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
+
+    result = builder.call(fn_ptr, [map_void_ptr, data_ptr, flags_const], tail=False)
+
+    return result, None
+
+
+@HelperHandlerRegistry.register(
+    "get_stack",
+    param_types=[ir.PointerType(ir.IntType(8)), ir.IntType(64)],
+    return_type=ir.IntType(64),
+)
+def bpf_get_stack_emitter(
+    call,
+    map_ptr,
+    module,
+    builder,
+    func,
+    local_sym_tab=None,
+    struct_sym_tab=None,
+    map_sym_tab=None,
+):
+    """
+    Emit LLVM IR for bpf_get_stack helper function call.
+    """
+    if len(call.args) not in (1, 2):
+        raise ValueError(
+            f"get_stack expects atmost two arguments (buf, flags), got {len(call.args)}"
+        )
+    ctx_ptr = func.args[0]  # First argument to the function is ctx
+    buf_arg = call.args[0]
+    flags_arg = call.args[1] if len(call.args) == 2 else None
+    buf_ptr, buf_size = get_buffer_ptr_and_size(
+        buf_arg, builder, local_sym_tab, struct_sym_tab
+    )
+    flags_val = get_flags_val(flags_arg, builder, local_sym_tab)
+    if isinstance(flags_val, int):
+        flags_val = ir.Constant(ir.IntType(64), flags_val)
+
+    buf_void_ptr = builder.bitcast(buf_ptr, ir.PointerType())
+    fn_type = ir.FunctionType(
+        ir.IntType(64),
+        [
+            ir.PointerType(ir.IntType(8)),
+            ir.PointerType(),
+            ir.IntType(64),
+            ir.IntType(64),
+        ],
+        var_arg=False,
+    )
+    fn_ptr_type = ir.PointerType(fn_type)
+    fn_addr = ir.Constant(ir.IntType(64), BPFHelperID.BPF_GET_STACK.value)
+    fn_ptr = builder.inttoptr(fn_addr, fn_ptr_type)
+    result = builder.call(
+        fn_ptr,
+        [ctx_ptr, buf_void_ptr, ir.Constant(ir.IntType(64), buf_size), flags_val],
+        tail=False,
+    )
+    return result, ir.IntType(64)
+
+
 def handle_helper_call(
    call,
    module,
@ -363,6 +1122,6 @@ def handle_helper_call(
        if not map_sym_tab or map_name not in map_sym_tab:
            raise ValueError(f"Map '{map_name}' not found in symbol table")

-        return invoke_helper(method_name, map_sym_tab[map_name])
+        return invoke_helper(method_name, map_sym_tab[map_name].sym)

    return None
--- a/pythonbpf/helper/helper_registry.py
+++ b/pythonbpf/helper/helper_registry.py
@ -1,17 +1,31 @@
+from dataclasses import dataclass
+from llvmlite import ir
 from typing import Callable


+@dataclass
+class HelperSignature:
+    """Signature of a BPF helper function"""
+
+    arg_types: list[ir.Type]
+    return_type: ir.Type
+    func: Callable
+
+
 class HelperHandlerRegistry:
    """Registry for BPF helpers"""

-    _handlers: dict[str, Callable] = {}
+    _handlers: dict[str, HelperSignature] = {}

    @classmethod
-    def register(cls, helper_name):
+    def register(cls, helper_name, param_types=None, return_type=None):
        """Decorator to register a handler function for a helper"""

        def decorator(func):
-            cls._handlers[helper_name] = func
+            helper_sig = HelperSignature(
+                arg_types=param_types, return_type=return_type, func=func
+            )
+            cls._handlers[helper_name] = helper_sig
            return func

        return decorator
@ -19,9 +33,29 @@ class HelperHandlerRegistry:
    @classmethod
    def get_handler(cls, helper_name):
        """Get the handler function for a helper"""
-        return cls._handlers.get(helper_name)
+        handler = cls._handlers.get(helper_name)
+        return handler.func if handler else None

    @classmethod
    def has_handler(cls, helper_name):
        """Check if a handler function is registered for a helper"""
        return helper_name in cls._handlers
+
+    @classmethod
+    def get_signature(cls, helper_name):
+        """Get the signature of a helper function"""
+        return cls._handlers.get(helper_name)
+
+    @classmethod
+    def get_param_type(cls, helper_name, index):
+        """Get the type of a parameter of a helper function by the index"""
+        signature = cls.get_signature(helper_name)
+        if signature and signature.arg_types and 0 <= index < len(signature.arg_types):
+            return signature.arg_types[index]
+        return None
+
+    @classmethod
+    def get_return_type(cls, helper_name):
+        """Get the return type of a helper function"""
+        signature = cls.get_signature(helper_name)
+        return signature.return_type if signature else None
--- a/pythonbpf/helper/helper_utils.py
+++ b/pythonbpf/helper/helper_utils.py
@ -4,6 +4,7 @@ import logging
 from llvmlite import ir
 from pythonbpf.expr import (
    get_operand_value,
+    eval_expr,
 )

 logger = logging.getLogger(__name__)
@ -13,26 +14,43 @@ class ScratchPoolManager:
    """Manage the temporary helper variables in local_sym_tab"""

    def __init__(self):
-        self._counter = 0
+        self._counters = {}

    @property
    def counter(self):
-        return self._counter
+        return sum(self._counters.values())

    def reset(self):
-        self._counter = 0
+        self._counters.clear()
        logger.debug("Scratch pool counter reset to 0")

-    def get_next_temp(self, local_sym_tab):
-        temp_name = f"__helper_temp_{self._counter}"
-        self._counter += 1
+    def _get_type_name(self, ir_type):
+        if isinstance(ir_type, ir.PointerType):
+            return "ptr"
+        elif isinstance(ir_type, ir.IntType):
+            return f"i{ir_type.width}"
+        elif isinstance(ir_type, ir.ArrayType):
+            return f"[{ir_type.count}x{self._get_type_name(ir_type.element)}]"
+        else:
+            return str(ir_type).replace(" ", "")
+
+    def get_next_temp(self, local_sym_tab, expected_type=None):
+        # Default to i64 if no expected type provided
+        type_name = self._get_type_name(expected_type) if expected_type else "i64"
+        if type_name not in self._counters:
+            self._counters[type_name] = 0
+
+        counter = self._counters[type_name]
+        temp_name = f"__helper_temp_{type_name}_{counter}"
+        self._counters[type_name] += 1

        if temp_name not in local_sym_tab:
            raise ValueError(
                f"Scratch pool exhausted or inadequate: {temp_name}. "
-                f"Current counter: {self._counter}"
+                f"Type: {type_name} Counter: {counter}"
            )

+        logger.debug(f"Using {temp_name} for type {type_name}")
        return local_sym_tab[temp_name].var, temp_name


@ -59,24 +77,73 @@ def get_var_ptr_from_name(var_name, local_sym_tab):
 def create_int_constant_ptr(value, builder, local_sym_tab, int_width=64):
    """Create a pointer to an integer constant."""

-    # Default to 64-bit integer
-    ptr, temp_name = _temp_pool_manager.get_next_temp(local_sym_tab)
+    int_type = ir.IntType(int_width)
+    ptr, temp_name = _temp_pool_manager.get_next_temp(local_sym_tab, int_type)
    logger.info(f"Using temp variable '{temp_name}' for int constant {value}")
-    const_val = ir.Constant(ir.IntType(int_width), value)
+    const_val = ir.Constant(int_type, value)
    builder.store(const_val, ptr)
    return ptr


 def get_or_create_ptr_from_arg(
-    func, module, arg, builder, local_sym_tab, map_sym_tab, struct_sym_tab=None
+    func,
+    module,
+    arg,
+    builder,
+    local_sym_tab,
+    map_sym_tab,
+    struct_sym_tab=None,
+    expected_type=None,
 ):
    """Extract or create pointer from the call arguments."""

+    logger.info(f"Getting pointer from arg: {ast.dump(arg)}")
+    sz = None
    if isinstance(arg, ast.Name):
+        # Stack space is already allocated
        ptr = get_var_ptr_from_name(arg.id, local_sym_tab)
    elif isinstance(arg, ast.Constant) and isinstance(arg.value, int):
-        ptr = create_int_constant_ptr(arg.value, builder, local_sym_tab)
+        int_width = 64  # Default to i64
+        if expected_type and isinstance(expected_type, ir.IntType):
+            int_width = expected_type.width
+        ptr = create_int_constant_ptr(arg.value, builder, local_sym_tab, int_width)
+    elif isinstance(arg, ast.Attribute):
+        # A struct field
+        struct_name = arg.value.id
+        field_name = arg.attr
+
+        if not local_sym_tab or struct_name not in local_sym_tab:
+            raise ValueError(f"Struct '{struct_name}' not found")
+
+        struct_type = local_sym_tab[struct_name].metadata
+        if not struct_sym_tab or struct_type not in struct_sym_tab:
+            raise ValueError(f"Struct type '{struct_type}' not found")
+
+        struct_info = struct_sym_tab[struct_type]
+        if field_name not in struct_info.fields:
+            raise ValueError(
+                f"Field '{field_name}' not found in struct '{struct_name}'"
+            )
+
+        field_type = struct_info.field_type(field_name)
+        struct_ptr = local_sym_tab[struct_name].var
+
+        # Special handling for char arrays
+        if (
+            isinstance(field_type, ir.ArrayType)
+            and isinstance(field_type.element, ir.IntType)
+            and field_type.element.width == 8
+        ):
+            ptr, sz = get_char_array_ptr_and_size(
+                arg, builder, local_sym_tab, struct_sym_tab
+            )
+            if not ptr:
+                raise ValueError("Failed to get char array pointer from struct field")
+        else:
+            ptr = struct_info.gep(builder, struct_ptr, field_name)
+
    else:
+        # NOTE: For any integer expression reaching this branch, it is probably a struct field or a binop
        # Evaluate the expression and store the result in a temp variable
        val = get_operand_value(
            func, module, arg, builder, local_sym_tab, map_sym_tab, struct_sym_tab
@ -84,13 +151,20 @@ def get_or_create_ptr_from_arg(
        if val is None:
            raise ValueError("Failed to evaluate expression for helper arg.")

-        # NOTE: We assume the result is an int64 for now
-        # if isinstance(arg, ast.Attribute):
-        # return val
-        ptr, temp_name = _temp_pool_manager.get_next_temp(local_sym_tab)
+        ptr, temp_name = _temp_pool_manager.get_next_temp(local_sym_tab, expected_type)
        logger.info(f"Using temp variable '{temp_name}' for expression result")
+        if (
+            isinstance(val.type, ir.IntType)
+            and expected_type
+            and val.type.width > expected_type.width
+        ):
+            val = builder.trunc(val, expected_type)
        builder.store(val, ptr)

+    # NOTE: For char arrays, also return size
+    if sz:
+        return ptr, sz
+
    return ptr


@ -136,3 +210,163 @@ def get_data_ptr_and_size(data_arg, local_sym_tab, struct_sym_tab):
        raise NotImplementedError(
            "Only simple object names are supported as data in perf event output."
        )
+
+
+def get_buffer_ptr_and_size(buf_arg, builder, local_sym_tab, struct_sym_tab):
+    """Extract buffer pointer and size from either a struct field or variable."""
+
+    # Case 1: Struct field (obj.field)
+    if isinstance(buf_arg, ast.Attribute):
+        if not isinstance(buf_arg.value, ast.Name):
+            raise ValueError(
+                "Only simple struct field access supported (e.g., obj.field)"
+            )
+
+        struct_name = buf_arg.value.id
+        field_name = buf_arg.attr
+
+        # Lookup struct
+        if not local_sym_tab or struct_name not in local_sym_tab:
+            raise ValueError(f"Struct '{struct_name}' not found")
+
+        struct_type = local_sym_tab[struct_name].metadata
+        if not struct_sym_tab or struct_type not in struct_sym_tab:
+            raise ValueError(f"Struct type '{struct_type}' not found")
+
+        struct_info = struct_sym_tab[struct_type]
+
+        # Get field pointer and type
+        struct_ptr = local_sym_tab[struct_name].var
+        field_ptr = struct_info.gep(builder, struct_ptr, field_name)
+        field_type = struct_info.field_type(field_name)
+
+        if not isinstance(field_type, ir.ArrayType):
+            raise ValueError(f"Field '{field_name}' must be an array type")
+
+        return field_ptr, field_type.count
+
+    # Case 2: Variable name
+    elif isinstance(buf_arg, ast.Name):
+        var_name = buf_arg.id
+
+        if not local_sym_tab or var_name not in local_sym_tab:
+            raise ValueError(f"Variable '{var_name}' not found")
+
+        var_ptr = local_sym_tab[var_name].var
+        var_type = local_sym_tab[var_name].ir_type
+
+        if not isinstance(var_type, ir.ArrayType):
+            raise ValueError(f"Variable '{var_name}' must be an array type")
+
+        return var_ptr, var_type.count
+
+    else:
+        raise ValueError(
+            "comm expects either a struct field (obj.field) or variable name"
+        )
+
+
+def get_char_array_ptr_and_size(buf_arg, builder, local_sym_tab, struct_sym_tab):
+    """Get pointer to char array and its size."""
+
+    # Struct field: obj.field
+    if isinstance(buf_arg, ast.Attribute) and isinstance(buf_arg.value, ast.Name):
+        var_name = buf_arg.value.id
+        field_name = buf_arg.attr
+
+        if not (local_sym_tab and var_name in local_sym_tab):
+            raise ValueError(f"Variable '{var_name}' not found")
+
+        struct_type = local_sym_tab[var_name].metadata
+        if not (struct_sym_tab and struct_type in struct_sym_tab):
+            raise ValueError(f"Struct type '{struct_type}' not found")
+
+        struct_info = struct_sym_tab[struct_type]
+        if field_name not in struct_info.fields:
+            raise ValueError(f"Field '{field_name}' not found")
+
+        field_type = struct_info.field_type(field_name)
+        if not _is_char_array(field_type):
+            logger.info(
+                "Field is not a char array, falling back to int or ptr detection"
+            )
+            return None, 0
+
+        struct_ptr = local_sym_tab[var_name].var
+        field_ptr = struct_info.gep(builder, struct_ptr, field_name)
+
+        # GEP to first element: [N x i8]* -> i8*
+        buf_ptr = builder.gep(
+            field_ptr,
+            [ir.Constant(ir.IntType(32), 0), ir.Constant(ir.IntType(32), 0)],
+            inbounds=True,
+        )
+        return buf_ptr, field_type.count
+
+    elif isinstance(buf_arg, ast.Name):
+        # NOTE: We shouldn't be doing this as we can't get size info
+        var_name = buf_arg.id
+        if not (local_sym_tab and var_name in local_sym_tab):
+            raise ValueError(f"Variable '{var_name}' not found")
+
+        var_ptr = local_sym_tab[var_name].var
+        var_type = local_sym_tab[var_name].ir_type
+
+        if not isinstance(var_type, ir.PointerType) or not isinstance(
+            var_type.pointee, ir.IntType(8)
+        ):
+            raise ValueError("Expected str ptr variable")
+
+        return var_ptr, 256  # Size unknown for str ptr, using 256 as default
+
+    else:
+        raise ValueError("Expected struct field or variable name")
+
+
+def _is_char_array(ir_type):
+    """Check if IR type is [N x i8]."""
+    return (
+        isinstance(ir_type, ir.ArrayType)
+        and isinstance(ir_type.element, ir.IntType)
+        and ir_type.element.width == 8
+    )
+
+
+def get_ptr_from_arg(
+    arg, func, module, builder, local_sym_tab, map_sym_tab, struct_sym_tab
+):
+    """Evaluate argument and return pointer value"""
+
+    result = eval_expr(
+        func, module, builder, arg, local_sym_tab, map_sym_tab, struct_sym_tab
+    )
+
+    if not result:
+        raise ValueError("Failed to evaluate argument")
+
+    val, val_type = result
+
+    if not isinstance(val_type, ir.PointerType):
+        raise ValueError(f"Expected pointer type, got {val_type}")
+
+    return val, val_type
+
+
+def get_int_value_from_arg(
+    arg, func, module, builder, local_sym_tab, map_sym_tab, struct_sym_tab
+):
+    """Evaluate argument and return integer value"""
+
+    result = eval_expr(
+        func, module, builder, arg, local_sym_tab, map_sym_tab, struct_sym_tab
+    )
+
+    if not result:
+        raise ValueError("Failed to evaluate argument")
+
+    val, val_type = result
+
+    if not isinstance(val_type, ir.IntType):
+        raise ValueError(f"Expected integer type, got {val_type}")
+
+    return val
--- a/pythonbpf/helper/helpers.py
+++ b/pythonbpf/helper/helpers.py
@ -2,19 +2,61 @@ import ctypes


 def ktime():
+    """get current ktime"""
    return ctypes.c_int64(0)


 def pid():
+    """get current process id"""
    return ctypes.c_int32(0)


 def deref(ptr):
-    "dereference a pointer"
+    """dereference a pointer"""
    result = ctypes.cast(ptr, ctypes.POINTER(ctypes.c_void_p)).contents.value
    return result if result is not None else 0


+def comm(buf):
+    """get current process command name"""
+    return ctypes.c_int64(0)
+
+
+def probe_read_str(dst, src):
+    """Safely read a null-terminated string from kernel memory"""
+    return ctypes.c_int64(0)
+
+
+def random():
+    """get a pseudorandom u32 number"""
+    return ctypes.c_int32(0)
+
+
+def probe_read(dst, size, src):
+    """Safely read data from kernel memory"""
+    return ctypes.c_int64(0)
+
+
+def smp_processor_id():
+    """get the current CPU id"""
+    return ctypes.c_int32(0)
+
+
+def uid():
+    """get current user id"""
+    return ctypes.c_int32(0)
+
+
+def skb_store_bytes(offset, from_buf, size, flags=0):
+    """store bytes into a socket buffer"""
+    return ctypes.c_int64(0)
+
+
+def get_stack(buf, flags=0):
+    """get the current stack trace"""
+    return ctypes.c_int64(0)
+
+
 XDP_ABORTED = ctypes.c_int64(0)
 XDP_DROP = ctypes.c_int64(1)
 XDP_PASS = ctypes.c_int64(2)
--- a/pythonbpf/helper/printk_formatter.py
+++ b/pythonbpf/helper/printk_formatter.py
@ -3,6 +3,8 @@ import logging

 from llvmlite import ir
 from pythonbpf.expr import eval_expr, get_base_type_and_depth, deref_to_depth
+from pythonbpf.expr.vmlinux_registry import VmlinuxHandlerRegistry
+from pythonbpf.helper.helper_utils import get_char_array_ptr_and_size

 logger = logging.getLogger(__name__)

@ -108,6 +110,16 @@ def _process_name_in_fval(name_node, fmt_parts, exprs, local_sym_tab):
    if local_sym_tab and name_node.id in local_sym_tab:
        _, var_type, tmp = local_sym_tab[name_node.id]
        _populate_fval(var_type, name_node, fmt_parts, exprs)
+    else:
+        # Try to resolve through vmlinux registry if not in local symbol table
+        result = VmlinuxHandlerRegistry.handle_name(name_node.id)
+        if result:
+            val, var_type = result
+            _populate_fval(var_type, name_node, fmt_parts, exprs)
+        else:
+            raise ValueError(
+                f"Variable '{name_node.id}' not found in symbol table or vmlinux"
+            )


 def _process_attr_in_fval(attr_node, fmt_parts, exprs, local_sym_tab, struct_sym_tab):
@ -173,6 +185,15 @@ def _populate_fval(ftype, node, fmt_parts, exprs):
            raise NotImplementedError(
                f"Unsupported pointer target type in f-string: {target}"
            )
+    elif isinstance(ftype, ir.ArrayType):
+        if isinstance(ftype.element, ir.IntType) and ftype.element.width == 8:
+            # Char array
+            fmt_parts.append("%s")
+            exprs.append(node)
+        else:
+            raise NotImplementedError(
+                f"Unsupported array element type in f-string: {ftype.element}"
+            )
    else:
        raise NotImplementedError(f"Unsupported field type in f-string: {ftype}")

@ -197,44 +218,55 @@ def _create_format_string_global(fmt_str, func, module, builder):

 def _prepare_expr_args(expr, func, module, builder, local_sym_tab, struct_sym_tab):
    """Evaluate and prepare an expression to use as an arg for bpf_printk."""
-    val, _ = eval_expr(
-        func,
-        module,
-        builder,
-        expr,
-        local_sym_tab,
-        None,
-        struct_sym_tab,
-    )

-    if val:
-        if isinstance(val.type, ir.PointerType):
-            target, depth = get_base_type_and_depth(val.type)
-            if isinstance(target, ir.IntType):
-                if target.width >= 32:
-                    val = deref_to_depth(func, builder, val, depth)
-                    val = builder.sext(val, ir.IntType(64))
-                elif target.width == 8 and depth == 1:
-                    # NOTE: i8* is string, no need to deref
-                    pass
-
-            else:
-                logger.warning(
-                    "Only int and ptr supported in bpf_printk args. Others default to 0."
-                )
-                val = ir.Constant(ir.IntType(64), 0)
-        elif isinstance(val.type, ir.IntType):
-            if val.type.width < 64:
-                val = builder.sext(val, ir.IntType(64))
-        else:
-            logger.warning(
-                "Only int and ptr supported in bpf_printk args. Others default to 0."
-            )
-            val = ir.Constant(ir.IntType(64), 0)
-        return val
-    else:
-        logger.warning(
-            "Failed to evaluate expression for bpf_printk argument. "
-            "It will be converted to 0."
+    # Special case: struct field char array needs pointer to first element
+    if isinstance(expr, ast.Attribute):
+        char_array_ptr, _ = get_char_array_ptr_and_size(
+            expr, builder, local_sym_tab, struct_sym_tab
        )
+        if char_array_ptr:
+            return char_array_ptr
+
+    # Regular expression evaluation
+    val, _ = eval_expr(func, module, builder, expr, local_sym_tab, None, struct_sym_tab)
+
+    if not val:
+        logger.warning("Failed to evaluate expression for bpf_printk, defaulting to 0")
        return ir.Constant(ir.IntType(64), 0)
+
+    # Convert value to bpf_printk compatible type
+    if isinstance(val.type, ir.PointerType):
+        return _handle_pointer_arg(val, func, builder)
+    elif isinstance(val.type, ir.IntType):
+        return _handle_int_arg(val, builder)
+    else:
+        logger.warning(f"Unsupported type {val.type} in bpf_printk, defaulting to 0")
+        return ir.Constant(ir.IntType(64), 0)
+
+
+def _handle_pointer_arg(val, func, builder):
+    """Convert pointer type for bpf_printk."""
+    target, depth = get_base_type_and_depth(val.type)
+
+    if not isinstance(target, ir.IntType):
+        logger.warning("Only int pointers supported in bpf_printk, defaulting to 0")
+        return ir.Constant(ir.IntType(64), 0)
+
+    # i8* is string - use as-is
+    if target.width == 8 and depth == 1:
+        return val
+
+    # Integer pointers: dereference and sign-extend to i64
+    if target.width >= 32:
+        val = deref_to_depth(func, builder, val, depth)
+        return builder.sext(val, ir.IntType(64))
+
+    logger.warning("Unsupported pointer width in bpf_printk, defaulting to 0")
+    return ir.Constant(ir.IntType(64), 0)
+
+
+def _handle_int_arg(val, builder):
+    """Convert integer type for bpf_printk (sign-extend to i64)."""
+    if val.type.width < 64:
+        return builder.sext(val, ir.IntType(64))
+    return val
--- a/pythonbpf/local_symbol.py
+++ b/pythonbpf/local_symbol.py
@ -0,0 +1,15 @@
+import llvmlite.ir as ir
+from dataclasses import dataclass
+from typing import Any
+
+
+@dataclass
+class LocalSymbol:
+    var: ir.AllocaInstr
+    ir_type: ir.Type
+    metadata: Any = None
+
+    def __iter__(self):
+        yield self.var
+        yield self.ir_type
+        yield self.metadata
--- a/pythonbpf/maps/init.py
+++ b/pythonbpf/maps/init.py
@ -1,4 +1,5 @@
-from .maps import HashMap, PerfEventArray, RingBuf
+from .maps import HashMap, PerfEventArray, RingBuffer
 from .maps_pass import maps_proc
+from .map_types import BPFMapType

-__all__ = ["HashMap", "PerfEventArray", "maps_proc", "RingBuf"]
+__all__ = ["HashMap", "PerfEventArray", "maps_proc", "RingBuffer", "BPFMapType"]
--- a/pythonbpf/maps/map_debug_info.py
+++ b/pythonbpf/maps/map_debug_info.py
@ -1,22 +1,31 @@
+import logging
+from llvmlite import ir
 from pythonbpf.debuginfo import DebugInfoGenerator
 from .map_types import BPFMapType

+logger: logging.Logger = logging.getLogger(__name__)

-def create_map_debug_info(module, map_global, map_name, map_params):
+
+def create_map_debug_info(module, map_global, map_name, map_params, structs_sym_tab):
    """Generate debug info metadata for BPF maps HASH and PERF_EVENT_ARRAY"""
    generator = DebugInfoGenerator(module)
-
+    logger.info(f"Creating debug info for map {map_name} with params {map_params}")
    uint_type = generator.get_uint32_type()
-    ulong_type = generator.get_uint64_type()
    array_type = generator.create_array_type(
        uint_type, map_params.get("type", BPFMapType.UNSPEC).value
    )
    type_ptr = generator.create_pointer_type(array_type, 64)
    key_ptr = generator.create_pointer_type(
-        array_type if "key_size" in map_params else ulong_type, 64
+        array_type
+        if "key_size" in map_params
+        else _get_key_val_dbg_type(map_params.get("key"), generator, structs_sym_tab),
+        64,
    )
    value_ptr = generator.create_pointer_type(
-        array_type if "value_size" in map_params else ulong_type, 64
+        array_type
+        if "value_size" in map_params
+        else _get_key_val_dbg_type(map_params.get("value"), generator, structs_sym_tab),
+        64,
    )

    elements_arr = []
@ -64,7 +73,13 @@ def create_map_debug_info(module, map_global, map_name, map_params):
    return global_var


-def create_ringbuf_debug_info(module, map_global, map_name, map_params):
+# TODO: This should not be exposed outside of the module.
+# Ideally we should expose a single create_map_debug_info function that handles all map types.
+# We can probably use a registry pattern to register different map types and their debug info generators.
+# map_params["type"] will be used to determine which generator to use.
+def create_ringbuf_debug_info(
+    module, map_global, map_name, map_params, structs_sym_tab
+):
    """Generate debug information metadata for BPF RINGBUF map"""
    generator = DebugInfoGenerator(module)

@ -91,3 +106,65 @@ def create_ringbuf_debug_info(module, map_global, map_name, map_params):
    )
    map_global.set_metadata("dbg", global_var)
    return global_var
+
+
+def _get_key_val_dbg_type(name, generator, structs_sym_tab):
+    """Get the debug type for key/value based on type object"""
+
+    if not name:
+        logger.warn("No name provided for key/value type, defaulting to uint64")
+        return generator.get_uint64_type()
+
+    type_obj = structs_sym_tab.get(name)
+    if type_obj:
+        return _get_struct_debug_type(type_obj, generator, structs_sym_tab)
+
+    # Fallback to basic types
+    logger.info(f"No struct named {name}, falling back to basic type")
+
+    # NOTE: Only handling int and long for now
+    if name in ["c_int32", "c_uint32"]:
+        return generator.get_uint32_type()
+
+    # Default fallback for now
+    return generator.get_uint64_type()
+
+
+def _get_struct_debug_type(struct_obj, generator, structs_sym_tab):
+    """Recursively create debug type for struct"""
+    elements_arr = []
+    for fld in struct_obj.fields.keys():
+        fld_type = struct_obj.field_type(fld)
+        if isinstance(fld_type, ir.IntType):
+            if fld_type.width == 32:
+                fld_dbg_type = generator.get_uint32_type()
+            else:
+                # NOTE: Assuming 64-bit for all other int types
+                fld_dbg_type = generator.get_uint64_type()
+        elif isinstance(fld_type, ir.ArrayType):
+            # NOTE: Array types have u8 elements only for now
+            # Debug info generation should fail for other types
+            elem_type = fld_type.element
+            if isinstance(elem_type, ir.IntType) and elem_type.width == 8:
+                char_type = generator.get_uint8_type()
+                fld_dbg_type = generator.create_array_type(char_type, fld_type.count)
+            else:
+                logger.warning(
+                    f"Array element type {str(elem_type)} not supported for debug info, skipping"
+                )
+                continue
+        else:
+            # NOTE: Only handling int and char arrays for now
+            logger.warning(
+                f"Field type {str(fld_type)} not supported for debug info, skipping"
+            )
+            continue
+
+        member = generator.create_struct_member(
+            fld, fld_dbg_type, struct_obj.field_size(fld)
+        )
+        elements_arr.append(member)
+    struct_type = generator.create_struct_type(
+        elements_arr, struct_obj.size, is_distinct=True
+    )
+    return struct_type
--- a/pythonbpf/maps/maps.py
+++ b/pythonbpf/maps/maps.py
@ -36,11 +36,14 @@ class PerfEventArray:
        pass  # Placeholder for output method


-class RingBuf:
+class RingBuffer:
    def __init__(self, max_entries):
        self.max_entries = max_entries

-    def reserve(self, size: int, flags=0):
+    def output(self, data, flags=0):
+        pass
+
+    def reserve(self, size: int):
        if size > self.max_entries:
            raise ValueError("size cannot be greater than set maximum entries")
        return 0
@ -48,4 +51,7 @@ class RingBuf:
    def submit(self, data, flags=0):
        pass

+    def discard(self, data, flags=0):
+        pass
+
    # add discard, output and also give names to flags and stuff
--- a/pythonbpf/maps/maps_pass.py
+++ b/pythonbpf/maps/maps_pass.py
@ -3,20 +3,24 @@ import logging
 from logging import Logger
 from llvmlite import ir

-from .maps_utils import MapProcessorRegistry
+from .maps_utils import MapProcessorRegistry, MapSymbol
 from .map_types import BPFMapType
 from .map_debug_info import create_map_debug_info, create_ringbuf_debug_info
+from pythonbpf.expr.vmlinux_registry import VmlinuxHandlerRegistry
+

 logger: Logger = logging.getLogger(__name__)


-def maps_proc(tree, module, chunks):
+def maps_proc(tree, module, chunks, structs_sym_tab):
    """Process all functions decorated with @map to find BPF maps"""
    map_sym_tab = {}
    for func_node in chunks:
        if is_map(func_node):
            logger.info(f"Found BPF map: {func_node.name}")
-            map_sym_tab[func_node.name] = process_bpf_map(func_node, module)
+            map_sym_tab[func_node.name] = process_bpf_map(
+                func_node, module, structs_sym_tab
+            )
    return map_sym_tab


@ -44,50 +48,71 @@ def create_bpf_map(module, map_name, map_params):
    map_global.align = 8

    logger.info(f"Created BPF map: {map_name} with params {map_params}")
-    return map_global
+    return MapSymbol(type=map_params["type"], sym=map_global, params=map_params)


 def _parse_map_params(rval, expected_args=None):
    """Parse map parameters from call arguments and keywords."""

    params = {}
-
+    handler = VmlinuxHandlerRegistry.get_handler()
    # Parse positional arguments
    if expected_args:
        for i, arg_name in enumerate(expected_args):
            if i < len(rval.args):
                arg = rval.args[i]
                if isinstance(arg, ast.Name):
-                    params[arg_name] = arg.id
+                    result = _get_vmlinux_enum(handler, arg.id)
+                    params[arg_name] = result if result is not None else arg.id
                elif isinstance(arg, ast.Constant):
                    params[arg_name] = arg.value

    # Parse keyword arguments (override positional)
    for keyword in rval.keywords:
        if isinstance(keyword.value, ast.Name):
-            params[keyword.arg] = keyword.value.id
+            name = keyword.value.id
+            result = _get_vmlinux_enum(handler, name)
+            params[keyword.arg] = result if result is not None else name
        elif isinstance(keyword.value, ast.Constant):
            params[keyword.arg] = keyword.value.value

    return params


-@MapProcessorRegistry.register("RingBuf")
-def process_ringbuf_map(map_name, rval, module):
+def _get_vmlinux_enum(handler, name):
+    if handler and handler.is_vmlinux_enum(name):
+        return handler.get_vmlinux_enum_value(name)
+
+
+@MapProcessorRegistry.register("RingBuffer")
+def process_ringbuf_map(map_name, rval, module, structs_sym_tab):
    """Process a BPF_RINGBUF map declaration"""
    logger.info(f"Processing Ringbuf: {map_name}")
    map_params = _parse_map_params(rval, expected_args=["max_entries"])
    map_params["type"] = BPFMapType.RINGBUF

+    # NOTE: constraints borrowed from https://docs.ebpf.io/linux/map-type/BPF_MAP_TYPE_RINGBUF/
+    max_entries = map_params.get("max_entries")
+    if (
+        not isinstance(max_entries, int)
+        or max_entries < 4096
+        or (max_entries & (max_entries - 1)) != 0
+    ):
+        raise ValueError(
+            "Ringbuf max_entries must be a power of two greater than or equal to the page size (4096)"
+        )
+
    logger.info(f"Ringbuf map parameters: {map_params}")

    map_global = create_bpf_map(module, map_name, map_params)
-    create_ringbuf_debug_info(module, map_global, map_name, map_params)
+    create_ringbuf_debug_info(
+        module, map_global.sym, map_name, map_params, structs_sym_tab
+    )
    return map_global


@MapProcessorRegistry.register("HashMap")
-def process_hash_map(map_name, rval, module):
+def process_hash_map(map_name, rval, module, structs_sym_tab):
    """Process a BPF_HASH map declaration"""
    logger.info(f"Processing HashMap: {map_name}")
    map_params = _parse_map_params(rval, expected_args=["key", "value", "max_entries"])
@ -96,12 +121,12 @@ def process_hash_map(map_name, rval, module):
    logger.info(f"Map parameters: {map_params}")
    map_global = create_bpf_map(module, map_name, map_params)
    # Generate debug info for BTF
-    create_map_debug_info(module, map_global, map_name, map_params)
+    create_map_debug_info(module, map_global.sym, map_name, map_params, structs_sym_tab)
    return map_global


@MapProcessorRegistry.register("PerfEventArray")
-def process_perf_event_map(map_name, rval, module):
+def process_perf_event_map(map_name, rval, module, structs_sym_tab):
    """Process a BPF_PERF_EVENT_ARRAY map declaration"""
    logger.info(f"Processing PerfEventArray: {map_name}")
    map_params = _parse_map_params(rval, expected_args=["key_size", "value_size"])
@ -110,11 +135,11 @@ def process_perf_event_map(map_name, rval, module):
    logger.info(f"Map parameters: {map_params}")
    map_global = create_bpf_map(module, map_name, map_params)
    # Generate debug info for BTF
-    create_map_debug_info(module, map_global, map_name, map_params)
+    create_map_debug_info(module, map_global.sym, map_name, map_params)
    return map_global


-def process_bpf_map(func_node, module):
+def process_bpf_map(func_node, module, structs_sym_tab):
    """Process a BPF map (a function decorated with @map)"""
    map_name = func_node.name
    logger.info(f"Processing BPF map: {map_name}")
@ -133,7 +158,7 @@ def process_bpf_map(func_node, module):
    if isinstance(rval, ast.Call) and isinstance(rval.func, ast.Name):
        handler = MapProcessorRegistry.get_processor(rval.func.id)
        if handler:
-            return handler(map_name, rval, module)
+            return handler(map_name, rval, module, structs_sym_tab)
        else:
            logger.warning(f"Unknown map type {rval.func.id}, defaulting to HashMap")
            return process_hash_map(map_name, rval, module)
--- a/pythonbpf/maps/maps_utils.py
+++ b/pythonbpf/maps/maps_utils.py
@ -1,5 +1,17 @@
 from collections.abc import Callable
+from dataclasses import dataclass
+from llvmlite import ir
 from typing import Any
+from .map_types import BPFMapType
+
+
+@dataclass
+class MapSymbol:
+    """Class representing a symbol on the map"""
+
+    type: BPFMapType
+    sym: ir.GlobalVariable
+    params: dict[str, Any] | None = None


 class MapProcessorRegistry:
--- a/pythonbpf/type_deducer.py
+++ b/pythonbpf/type_deducer.py
@ -13,6 +13,11 @@ mapping = {
    "c_float": ir.FloatType(),
    "c_double": ir.DoubleType(),
    "c_void_p": ir.IntType(64),
+    "c_long": ir.IntType(64),
+    "c_ulong": ir.IntType(64),
+    "c_longlong": ir.IntType(64),
+    "c_uint": ir.IntType(32),
+    "c_int": ir.IntType(32),
    # Not so sure about this one
    "str": ir.PointerType(ir.IntType(8)),
 }
--- a/pythonbpf/utils.py
+++ b/pythonbpf/utils.py
@ -0,0 +1,58 @@
+import subprocess
+
+
+def trace_pipe():
+    """Util to read from the trace pipe."""
+    try:
+        subprocess.run(["cat", "/sys/kernel/tracing/trace_pipe"])
+    except KeyboardInterrupt:
+        print("Tracing stopped.")
+    except (FileNotFoundError, PermissionError) as e:
+        print(f"Error accessing trace_pipe: {e}. Try running as root.")
+
+
+def trace_fields():
+    """Parse one line from trace_pipe into fields."""
+    with open("/sys/kernel/tracing/trace_pipe", "rb", buffering=0) as f:
+        while True:
+            line = f.readline().rstrip()
+
+            if not line:
+                continue
+
+            # Skip lost event lines
+            if line.startswith(b"CPU:"):
+                continue
+
+            # Parse BCC-style: first 16 bytes = task
+            task = line[:16].lstrip().decode("utf-8")
+            line = line[17:]  # Skip past task field and space
+
+            # Find the colon that ends "pid cpu flags timestamp"
+            ts_end = line.find(b":")
+            if ts_end == -1:
+                raise ValueError("Cannot parse trace line")
+
+            # Split "pid [cpu] flags timestamp"
+            try:
+                parts = line[:ts_end].split()
+                if len(parts) < 4:
+                    raise ValueError("Not enough fields")
+
+                pid = int(parts[0])
+                cpu = parts[1][1:-1]  # Remove brackets from [cpu]
+                cpu = int(cpu)
+                flags = parts[2]
+                ts = float(parts[3])
+            except (ValueError, IndexError):
+                raise ValueError("Cannot parse trace line")
+
+            # Get message: skip ": symbol:" part
+            line = line[ts_end + 1 :]  # Skip first ":"
+            sym_end = line.find(b":")
+            if sym_end != -1:
+                msg = line[sym_end + 2 :].decode("utf-8")  # Skip ": " after symbol
+            else:
+                msg = line.lstrip().decode("utf-8")
+
+            return (task, pid, cpu, flags, ts, msg)
--- a/pythonbpf/vmlinux_parser/assignment_info.py
+++ b/pythonbpf/vmlinux_parser/assignment_info.py
@ -0,0 +1,36 @@
+from enum import Enum, auto
+from typing import Any, Dict, List, Optional
+from dataclasses import dataclass
+import llvmlite.ir as ir
+
+from pythonbpf.vmlinux_parser.dependency_node import Field
+
+
+class AssignmentType(Enum):
+    CONSTANT = auto()
+    STRUCT = auto()
+    ARRAY = auto()  # probably won't be used
+    FUNCTION_POINTER = auto()
+    POINTER = auto()  # again, probably won't be used
+
+
+@dataclass
+class FunctionSignature:
+    return_type: str
+    param_types: List[str]
+    varargs: bool
+
+
+# Thew name of the assignment will be in the dict that uses this class
+@dataclass
+class AssignmentInfo:
+    value_type: AssignmentType
+    python_type: type
+    value: Optional[Any]
+    pointer_level: Optional[int]
+    signature: Optional[FunctionSignature]  # For function pointers
+    # The key of the dict is the name of the field.
+    #   Value is a tuple that contains the global variable representing that field
+    #   along with all the information about that field as a Field type.
+    members: Optional[Dict[str, tuple[ir.GlobalVariable, Field]]]  # For structs.
+    debug_info: Any
--- a/pythonbpf/vmlinux_parser/class_handler.py
+++ b/pythonbpf/vmlinux_parser/class_handler.py
@ -1,6 +1,7 @@
 import logging
 from functools import lru_cache
 import importlib
+
 from .dependency_handler import DependencyHandler
 from .dependency_node import DependencyNode
 import ctypes
@ -15,7 +16,38 @@ def get_module_symbols(module_name: str):
    return [name for name in dir(imported_module)], imported_module


-def process_vmlinux_class(node, llvm_module, handler: DependencyHandler):
+def unwrap_pointer_type(type_obj: Any) -> Any:
+    """
+    Recursively unwrap all pointer layers to get the base type.
+
+    This handles multiply nested pointers like LP_LP_struct_attribute_group
+    and returns the base type (struct_attribute_group).
+
+    Stops unwrapping when reaching a non-pointer type (one without _type_ attribute).
+
+    Args:
+        type_obj: The type object to unwrap
+
+    Returns:
+        The base type after unwrapping all pointer layers
+    """
+    current_type = type_obj
+    # Keep unwrapping while it's a pointer/array type (has _type_)
+    # But stop if _type_ is just a string or basic type marker
+    while hasattr(current_type, "_type_"):
+        next_type = current_type._type_
+        # Stop if _type_ is a string (like 'c' for c_char)
+        if isinstance(next_type, str):
+            break
+        current_type = next_type
+    return current_type
+
+
+def process_vmlinux_class(
+    node,
+    llvm_module,
+    handler: DependencyHandler,
+):
    symbols_in_module, imported_module = get_module_symbols("vmlinux")
    if node.name in symbols_in_module:
        vmlinux_type = getattr(imported_module, node.name)
@ -25,7 +57,10 @@ def process_vmlinux_class(node, llvm_module, handler: DependencyHandler):


 def process_vmlinux_post_ast(
-    elem_type_class, llvm_handler, handler: DependencyHandler, processing_stack=None
+    elem_type_class,
+    llvm_handler,
+    handler: DependencyHandler,
+    processing_stack=None,
 ):
    # Initialize processing stack on first call
    if processing_stack is None:
@ -46,7 +81,7 @@ def process_vmlinux_post_ast(
        logger.debug(f"Node {current_symbol_name} already processed and ready")
        return True

-    # XXX:Check it's use. It's probably not being used.
+    # XXX:Check its use. It's probably not being used.
    if current_symbol_name in processing_stack:
        logger.debug(
            f"Dependency already in processing stack for {current_symbol_name}, skipping"
@ -98,12 +133,47 @@ def process_vmlinux_post_ast(
                [elem_type, elem_bitfield_size] = elem_temp_list
                local_module_name = getattr(elem_type, "__module__", None)
                new_dep_node.add_field(elem_name, elem_type, ready=False)
+
                if local_module_name == ctypes.__name__:
+                    # TODO: need to process pointer to ctype and also CFUNCTYPES here recursively. Current processing is a single dereference
                    new_dep_node.set_field_bitfield_size(elem_name, elem_bitfield_size)
-                    new_dep_node.set_field_ready(elem_name, is_ready=True)
-                    logger.debug(
-                        f"Field {elem_name} is direct ctypes type: {elem_type}"
-                    )
+
+                    # Process pointer to ctype
+                    if isinstance(elem_type, type) and issubclass(
+                        elem_type, ctypes._Pointer
+                    ):
+                        # Get the pointed-to type
+                        pointed_type = elem_type._type_
+                        logger.debug(f"Found pointer to type: {pointed_type}")
+                        new_dep_node.set_field_containing_type(elem_name, pointed_type)
+                        new_dep_node.set_field_ctype_complex_type(
+                            elem_name, ctypes._Pointer
+                        )
+                        new_dep_node.set_field_ready(elem_name, is_ready=True)
+
+                    # Process function pointers (CFUNCTYPE)
+                    elif hasattr(elem_type, "_restype_") and hasattr(
+                        elem_type, "_argtypes_"
+                    ):
+                        # This is a CFUNCTYPE or similar
+                        logger.info(
+                            f"Function pointer detected for {elem_name} with return type {elem_type._restype_} and arguments {elem_type._argtypes_}"
+                        )
+                        # Set the field as ready but mark it with special handling
+                        new_dep_node.set_field_ctype_complex_type(
+                            elem_name, ctypes.CFUNCTYPE
+                        )
+                        new_dep_node.set_field_ready(elem_name, is_ready=True)
+                        logger.warning(
+                            "Blindly processing CFUNCTYPE ctypes to ensure compilation. Unsupported"
+                        )
+
+                    else:
+                        # Regular ctype
+                        new_dep_node.set_field_ready(elem_name, is_ready=True)
+                        logger.debug(
+                            f"Field {elem_name} is direct ctypes type: {elem_type}"
+                        )
                elif local_module_name == "vmlinux":
                    new_dep_node.set_field_bitfield_size(elem_name, elem_bitfield_size)
                    logger.debug(
@ -115,71 +185,115 @@ def process_vmlinux_post_ast(
                        if hasattr(elem_type, "_length_") and is_complex_type:
                            type_length = elem_type._length_

-                        if containing_type.__module__ == "vmlinux":
-                            new_dep_node.add_dependent(
-                                elem_type._type_.__name__
-                                if hasattr(elem_type._type_, "__name__")
-                                else str(elem_type._type_)
+                        # Unwrap all pointer layers to get the base type for dependency tracking
+                        base_type = unwrap_pointer_type(elem_type)
+                        base_type_module = getattr(base_type, "__module__", None)
+
+                        if base_type_module == "vmlinux":
+                            base_type_name = (
+                                base_type.__name__
+                                if hasattr(base_type, "__name__")
+                                else str(base_type)
+                            )
+                            # ONLY add vmlinux types as dependencies
+                            new_dep_node.add_dependent(base_type_name)
+
+                            logger.debug(
+                                f"{containing_type} containing type of parent {elem_name} with {elem_type} and ctype {ctype_complex_type} and length {type_length}"
+                            )
+                            new_dep_node.set_field_containing_type(
+                                elem_name, containing_type
+                            )
+                            new_dep_node.set_field_type_size(elem_name, type_length)
+                            new_dep_node.set_field_ctype_complex_type(
+                                elem_name, ctype_complex_type
+                            )
+                            new_dep_node.set_field_type(elem_name, elem_type)
+
+                            # Check the containing_type module to decide whether to recurse
+                            containing_type_module = getattr(
+                                containing_type, "__module__", None
+                            )
+                            if containing_type_module == "vmlinux":
+                                # Also unwrap containing_type to get base type name
+                                base_containing_type = unwrap_pointer_type(
+                                    containing_type
+                                )
+                                containing_type_name = (
+                                    base_containing_type.__name__
+                                    if hasattr(base_containing_type, "__name__")
+                                    else str(base_containing_type)
+                                )
+
+                                # Check for self-reference or already processed
+                                if containing_type_name == current_symbol_name:
+                                    # Self-referential pointer
+                                    logger.debug(
+                                        f"Self-referential pointer in {current_symbol_name}.{elem_name}"
+                                    )
+                                    new_dep_node.set_field_ready(elem_name, True)
+                                elif handler.has_node(containing_type_name):
+                                    # Already processed
+                                    logger.debug(
+                                        f"Reusing already processed {containing_type_name}"
+                                    )
+                                    new_dep_node.set_field_ready(elem_name, True)
+                                else:
+                                    # Process recursively - use base containing type, not the pointer wrapper
+                                    new_dep_node.add_dependent(containing_type_name)
+                                    process_vmlinux_post_ast(
+                                        base_containing_type,
+                                        llvm_handler,
+                                        handler,
+                                        processing_stack,
+                                    )
+                                    new_dep_node.set_field_ready(elem_name, True)
+                            elif (
+                                containing_type_module == ctypes.__name__
+                                or containing_type_module is None
+                            ):
+                                logger.debug(
+                                    f"Processing ctype internal{containing_type}"
+                                )
+                                new_dep_node.set_field_ready(elem_name, True)
+                            else:
+                                raise TypeError(
+                                    f"Module not supported in recursive resolution: {containing_type_module}"
+                                )
+                        elif (
+                            base_type_module == ctypes.__name__
+                            or base_type_module is None
+                        ):
+                            # Handle ctypes or types with no module (like some internal ctypes types)
+                            # DO NOT add ctypes as dependencies - just set field metadata and mark ready
+                            logger.debug(
+                                f"Base type {base_type} is ctypes - NOT adding as dependency, just processing field"
                            )
-                        elif containing_type.__module__ == ctypes.__name__:
                            if isinstance(elem_type, type):
                                if issubclass(elem_type, ctypes.Array):
                                    ctype_complex_type = ctypes.Array
                                elif issubclass(elem_type, ctypes._Pointer):
                                    ctype_complex_type = ctypes._Pointer
+                                else:
+                                    raise ImportError(
+                                        "Non Array and Pointer type ctype imports not supported in current version"
+                                    )
                            else:
                                raise TypeError("Unsupported ctypes subclass")
-                        else:
-                            raise ImportError(
-                                f"Unsupported module of {containing_type}"
-                            )
-                        logger.debug(
-                            f"{containing_type} containing type of parent {elem_name} with {elem_type} and ctype {ctype_complex_type} and length {type_length}"
-                        )
-                        new_dep_node.set_field_containing_type(
-                            elem_name, containing_type
-                        )
-                        new_dep_node.set_field_type_size(elem_name, type_length)
-                        new_dep_node.set_field_ctype_complex_type(
-                            elem_name, ctype_complex_type
-                        )
-                        new_dep_node.set_field_type(elem_name, elem_type)
-                        if containing_type.__module__ == "vmlinux":
-                            containing_type_name = (
-                                containing_type.__name__
-                                if hasattr(containing_type, "__name__")
-                                else str(containing_type)
-                            )

-                            # Check for self-reference or already processed
-                            if containing_type_name == current_symbol_name:
-                                # Self-referential pointer
-                                logger.debug(
-                                    f"Self-referential pointer in {current_symbol_name}.{elem_name}"
-                                )
-                                new_dep_node.set_field_ready(elem_name, True)
-                            elif handler.has_node(containing_type_name):
-                                # Already processed
-                                logger.debug(
-                                    f"Reusing already processed {containing_type_name}"
-                                )
-                                new_dep_node.set_field_ready(elem_name, True)
-                            else:
-                                # Process recursively - THIS WAS MISSING
-                                new_dep_node.add_dependent(containing_type_name)
-                                process_vmlinux_post_ast(
-                                    containing_type,
-                                    llvm_handler,
-                                    handler,
-                                    processing_stack,
-                                )
-                                new_dep_node.set_field_ready(elem_name, True)
-                        elif containing_type.__module__ == ctypes.__name__:
-                            logger.debug(f"Processing ctype internal{containing_type}")
+                            # Set field metadata but DO NOT add dependency or recurse
+                            new_dep_node.set_field_containing_type(
+                                elem_name, containing_type
+                            )
+                            new_dep_node.set_field_type_size(elem_name, type_length)
+                            new_dep_node.set_field_ctype_complex_type(
+                                elem_name, ctype_complex_type
+                            )
+                            new_dep_node.set_field_type(elem_name, elem_type)
                            new_dep_node.set_field_ready(elem_name, True)
                        else:
-                            raise TypeError(
-                                "Module not supported in recursive resolution"
+                            raise ImportError(
+                                f"Unsupported module of {base_type}: {base_type_module}"
                            )
                    else:
                        new_dep_node.add_dependent(
@ -188,18 +302,24 @@ def process_vmlinux_post_ast(
                            else str(elem_type)
                        )
                        process_vmlinux_post_ast(
-                            elem_type, llvm_handler, handler, processing_stack
+                            elem_type,
+                            llvm_handler,
+                            handler,
+                            processing_stack,
                        )
                        new_dep_node.set_field_ready(elem_name, True)
                else:
                    raise ValueError(
                        f"{elem_name} with type {elem_type} from module {module_name} not supported in recursive resolver"
                    )
-
+    elif module_name == ctypes.__name__ or module_name is None:
+        # Handle ctypes types - these don't need processing, just return
+        logger.debug(f"Skipping ctypes type {current_symbol_name}")
+        return True
    else:
-        raise ImportError("UNSUPPORTED Module")
+        raise ImportError(f"UNSUPPORTED Module {module_name}")

-    logging.info(
+    logger.info(
        f"{current_symbol_name} processed and handler readiness {handler.is_ready}"
    )
    return True
--- a/pythonbpf/vmlinux_parser/dependency_node.py
+++ b/pythonbpf/vmlinux_parser/dependency_node.py
@ -18,6 +18,31 @@ class Field:
    value: Any = None
    ready: bool = False

+    def __hash__(self):
+        """
+        Create a hash based on the immutable attributes that define this field's identity.
+        This allows Field objects to be used as dictionary keys.
+        """
+        # Use a tuple of the fields that uniquely identify this field
+        identity = (
+            self.name,
+            id(self.type),  # Use id for non-hashable types
+            id(self.ctype_complex_type) if self.ctype_complex_type else None,
+            id(self.containing_type) if self.containing_type else None,
+            self.type_size,
+            self.bitfield_size,
+            self.offset,
+            self.value if self.value else None,
+        )
+        return hash(identity)
+
+    def __eq__(self, other):
+        """
+        Define equality consistent with the hash function.
+        Two fields are equal if they have they are the same
+        """
+        return self is other
+
    def set_ready(self, is_ready: bool = True) -> None:
        """Set the readiness state of this field."""
        self.ready = is_ready
--- a/pythonbpf/vmlinux_parser/import_detector.py
+++ b/pythonbpf/vmlinux_parser/import_detector.py
@ -1,9 +1,9 @@
 import ast
 import logging
-from typing import List, Tuple, Any
 import importlib
 import inspect

+from .assignment_info import AssignmentInfo, AssignmentType
 from .dependency_handler import DependencyHandler
 from .ir_gen import IRGenerator
 from .class_handler import process_vmlinux_class
@ -11,7 +11,9 @@ from .class_handler import process_vmlinux_class
 logger = logging.getLogger(__name__)


-def detect_import_statement(tree: ast.AST) -> List[Tuple[str, ast.ImportFrom]]:
+def detect_import_statement(
+    tree: ast.AST,
+) -> list[tuple[str, ast.ImportFrom, str, str]]:
    """
    Parse AST and detect import statements from vmlinux.

@ -25,7 +27,7 @@ def detect_import_statement(tree: ast.AST) -> List[Tuple[str, ast.ImportFrom]]:
        List of tuples containing (module_name, imported_item) for each vmlinux import

    Raises:
-        SyntaxError: If multiple imports from vmlinux are attempted or import * is used
+        SyntaxError: If import * is used
    """
    vmlinux_imports = []

@ -40,28 +42,19 @@ def detect_import_statement(tree: ast.AST) -> List[Tuple[str, ast.ImportFrom]]:
                        "Please import specific types explicitly."
                    )

-                # Check for multiple imports: from vmlinux import A, B, C
-                if len(node.names) > 1:
-                    imported_names = [alias.name for alias in node.names]
-                    raise SyntaxError(
-                        f"Multiple imports from vmlinux are not supported. "
-                        f"Found: {', '.join(imported_names)}. "
-                        f"Please use separate import statements for each type."
-                    )
-
                # Check if no specific import is specified (should not happen with valid Python)
                if len(node.names) == 0:
                    raise SyntaxError(
                        "Import from vmlinux must specify at least one type."
                    )

-                # Valid single import
+                # Support multiple imports: from vmlinux import A, B, C
                for alias in node.names:
                    import_name = alias.name
-                    # Use alias if provided, otherwise use the original name (commented)
-                    # as_name = alias.asname if alias.asname else alias.name
-                    vmlinux_imports.append(("vmlinux", node))
-                    logger.info(f"Found vmlinux import: {import_name}")
+                    # Use alias if provided, otherwise use the original name
+                    as_name = alias.asname if alias.asname else alias.name
+                    vmlinux_imports.append(("vmlinux", node, import_name, as_name))
+                    logger.info(f"Found vmlinux import: {import_name} as {as_name}")

        # Handle "import vmlinux" statements (not typical but should be rejected)
        elif isinstance(node, ast.Import):
@ -82,66 +75,79 @@ def vmlinux_proc(tree: ast.AST, module):
    # initialise dependency handler
    handler = DependencyHandler()
    # initialise assignment dictionary of name to type
-    assignments: dict[str, tuple[type, Any]] = {}
+    assignments: dict[str, AssignmentInfo] = {}

    if not import_statements:
        logger.info("No vmlinux imports found")
-        return
+        return None

    # Import vmlinux module directly
    try:
        vmlinux_mod = importlib.import_module("vmlinux")
    except ImportError:
        logger.warning("Could not import vmlinux module")
-        return
+        return None

    source_file = inspect.getsourcefile(vmlinux_mod)
    if source_file is None:
        logger.warning("Cannot find source for vmlinux module")
-        return
+        return None

    with open(source_file, "r") as f:
        mod_ast = ast.parse(f.read(), filename=source_file)

-    for import_mod, import_node in import_statements:
-        for alias in import_node.names:
-            imported_name = alias.name
-            found = False
-            for mod_node in mod_ast.body:
-                if (
-                    isinstance(mod_node, ast.ClassDef)
-                    and mod_node.name == imported_name
-                ):
-                    process_vmlinux_class(mod_node, module, handler)
-                    found = True
-                    break
-                if isinstance(mod_node, ast.Assign):
-                    for target in mod_node.targets:
-                        if isinstance(target, ast.Name) and target.id == imported_name:
-                            process_vmlinux_assign(mod_node, module, assignments)
-                            found = True
-                            break
-                if found:
-                    break
-            if not found:
-                logger.info(
-                    f"{imported_name} not found as ClassDef or Assign in vmlinux"
-                )
+    for import_mod, import_node, imported_name, as_name in import_statements:
+        found = False
+        for mod_node in mod_ast.body:
+            if isinstance(mod_node, ast.ClassDef) and mod_node.name == imported_name:
+                process_vmlinux_class(mod_node, module, handler)
+                found = True
+                break
+            if isinstance(mod_node, ast.Assign):
+                for target in mod_node.targets:
+                    if isinstance(target, ast.Name) and target.id == imported_name:
+                        process_vmlinux_assign(mod_node, module, assignments, as_name)
+                        found = True
+                        break
+            if found:
+                break
+        if not found:
+            logger.info(f"{imported_name} not found as ClassDef or Assign in vmlinux")

-    IRGenerator(module, handler)
+    IRGenerator(module, handler, assignments)
    return assignments


-def process_vmlinux_assign(node, module, assignments: dict[str, tuple[type, Any]]):
-    # Check if this is a simple assignment with a constant value
+def process_vmlinux_assign(
+    node, module, assignments: dict[str, AssignmentInfo], target_name=None
+):
+    """Process assignments from vmlinux module."""
+    # Only handle single-target assignments
    if len(node.targets) == 1 and isinstance(node.targets[0], ast.Name):
-        target_name = node.targets[0].id
+        # Use provided target_name (for aliased imports) or fall back to original name
+        if target_name is None:
+            target_name = node.targets[0].id
+
+        # Handle constant value assignments
        if isinstance(node.value, ast.Constant):
-            assignments[target_name] = (type(node.value.value), node.value.value)
+            # Fixed: using proper TypedDict creation syntax with named arguments
+            assignments[target_name] = AssignmentInfo(
+                value_type=AssignmentType.CONSTANT,
+                python_type=type(node.value.value),
+                value=node.value.value,
+                pointer_level=None,
+                signature=None,
+                members=None,
+                debug_info=None,
+            )
            logger.info(
                f"Added assignment: {target_name} = {node.value.value!r} of type {type(node.value.value)}"
            )
+
+        # Handle other assignment types that we may need to support
        else:
-            raise ValueError(f"Unsupported assignment type for {target_name}")
+            logger.warning(
+                f"Unsupported assignment type for {target_name}: {ast.dump(node.value)}"
+            )
    else:
        raise ValueError("Not a simple assignment")
--- a/pythonbpf/vmlinux_parser/ir_gen/debug_info_gen.py
+++ b/pythonbpf/vmlinux_parser/ir_gen/debug_info_gen.py
@ -1,15 +1,190 @@
-from pythonbpf.debuginfo import DebugInfoGenerator
+from pythonbpf.debuginfo import DebugInfoGenerator, dwarf_constants as dc
+from ..dependency_node import DependencyNode
+import ctypes
+import logging
+from typing import List, Any, Tuple
+
+logger = logging.getLogger(__name__)


-def debug_info_generation(struct, llvm_module):
+def debug_info_generation(
+    struct: DependencyNode,
+    llvm_module,
+    generated_debug_info: List[Tuple[DependencyNode, Any]],
+) -> Any:
+    """
+    Generate DWARF debug information for a struct defined in a DependencyNode.
+
+    Args:
+        struct: The dependency node containing struct information
+        llvm_module: The LLVM module to add debug info to
+        generated_debug_info: List of tuples (struct, debug_info) to track generated debug info
+
+    Returns:
+        The generated global variable debug info, or None for unsupported types
+    """
+    # Set up debug info generator
    generator = DebugInfoGenerator(llvm_module)
-    # this is sample debug info generation
-    # i64type = generator.get_uint64_type()

-    struct_type = generator.create_struct_type([], 64 * 4, is_distinct=True)
+    # Check if debug info for this struct has already been generated
+    for existing_struct, debug_info in generated_debug_info:
+        if existing_struct.name == struct.name:
+            return debug_info

-    global_var = generator.create_global_var_debug_info(
-        struct.name, struct_type, is_local=False
+    # Check if this is a union (not supported yet)
+    if not struct.name.startswith("struct_"):
+        logger.warning(f"Skipping debug info generation for union: {struct.name}")
+        # Create a minimal forward declaration for unions
+        union_type = generator.create_struct_type(
+            [], struct.__sizeof__() * 8, is_distinct=True
+        )
+        return union_type
+
+    # Process all fields and create members for the struct
+    members = []
+
+    sorted_fields = sorted(struct.fields.items(), key=lambda item: item[1].offset)
+
+    for field_name, field in sorted_fields:
+        try:
+            # Get appropriate debug type for this field
+            field_type = _get_field_debug_type(
+                field_name, field, generator, struct, generated_debug_info
+            )
+
+            # Ensure field_type is a tuple
+            if not isinstance(field_type, tuple) or len(field_type) != 2:
+                logger.error(f"Invalid field_type for {field_name}: {field_type}")
+                continue
+
+            # Create struct member with proper offset
+            member = generator.create_struct_member_vmlinux(
+                field_name, field_type, field.offset * 8
+            )
+            members.append(member)
+        except Exception as e:
+            logger.error(f"Failed to process field {field_name} in {struct.name}: {e}")
+            continue
+
+    struct_name = struct.name.removeprefix("struct_")
+    # Create struct type with all members
+    struct_type = generator.create_struct_type_with_name(
+        struct_name, members, struct.__sizeof__() * 8, is_distinct=True
    )

-    return global_var
+    return struct_type
+
+
+def _get_field_debug_type(
+    field_name: str,
+    field,
+    generator: DebugInfoGenerator,
+    parent_struct: DependencyNode,
+    generated_debug_info: List[Tuple[DependencyNode, Any]],
+) -> tuple[Any, int]:
+    """
+    Determine the appropriate debug type for a field based on its Python/ctypes type.
+
+    Args:
+        field_name: Name of the field
+        field: Field object containing type information
+        generator: DebugInfoGenerator instance
+        parent_struct: The parent struct containing this field
+        generated_debug_info: List of already generated debug info
+
+    Returns:
+        A tuple of (debug_type, size_in_bits)
+    """
+    # Handle complex types (arrays, pointers, function pointers)
+    if field.ctype_complex_type is not None:
+        # Handle function pointer types (CFUNCTYPE)
+        if callable(field.ctype_complex_type):
+            # Function pointers are represented as void pointers
+            logger.warning(
+                f"Field {field_name} is a function pointer, using void pointer"
+            )
+            void_ptr = generator.create_pointer_type(None, 64)
+            return void_ptr, 64
+        elif issubclass(field.ctype_complex_type, ctypes.Array):
+            # Handle array types
+            element_type, base_type_size = _get_basic_debug_type(
+                field.containing_type, generator
+            )
+            return generator.create_array_type_vmlinux(
+                (element_type, base_type_size * field.type_size), field.type_size
+            ), field.type_size * base_type_size
+        elif issubclass(field.ctype_complex_type, ctypes._Pointer):
+            # Handle pointer types
+            pointee_type, _ = _get_basic_debug_type(field.containing_type, generator)
+            return generator.create_pointer_type(pointee_type), 64
+
+    # Handle other vmlinux types (nested structs)
+    if field.type.__module__ == "vmlinux":
+        # If it's a struct from vmlinux, check if we've already generated debug info for it
+        struct_name = field.type.__name__
+
+        # Look for existing debug info in the list
+        for existing_struct, debug_info in generated_debug_info:
+            if existing_struct.name == struct_name:
+                # Use existing debug info
+                return debug_info, existing_struct.__sizeof__() * 8
+
+        # If not found, create a forward declaration
+        # This will be completed when the actual struct is processed
+        logger.info(
+            f"Forward declaration created for {struct_name} in {parent_struct.name}"
+        )
+        forward_type = generator.create_struct_type([], 0, is_distinct=True)
+        return forward_type, 0
+
+    # Handle basic C types
+    return _get_basic_debug_type(field.type, generator)
+
+
+def _get_basic_debug_type(ctype, generator: DebugInfoGenerator) -> Any:
+    """
+    Map a ctypes type to a DWARF debug type.
+
+    Args:
+        ctype: A ctypes type or Python type
+        generator: DebugInfoGenerator instance
+
+    Returns:
+        The corresponding debug type
+    """
+    # Map ctypes to debug info types
+    if ctype == ctypes.c_char or ctype == ctypes.c_byte:
+        return generator.get_basic_type("char", 8, dc.DW_ATE_signed_char), 8
+    elif ctype == ctypes.c_ubyte or ctype == ctypes.c_uint8:
+        return generator.get_basic_type("unsigned char", 8, dc.DW_ATE_unsigned_char), 8
+    elif ctype == ctypes.c_short or ctype == ctypes.c_int16:
+        return generator.get_basic_type("short", 16, dc.DW_ATE_signed), 16
+    elif ctype == ctypes.c_ushort or ctype == ctypes.c_uint16:
+        return generator.get_basic_type("unsigned short", 16, dc.DW_ATE_unsigned), 16
+    elif ctype == ctypes.c_int or ctype == ctypes.c_int32:
+        return generator.get_basic_type("int", 32, dc.DW_ATE_signed), 32
+    elif ctype == ctypes.c_uint or ctype == ctypes.c_uint32:
+        return generator.get_basic_type("unsigned int", 32, dc.DW_ATE_unsigned), 32
+    elif ctype == ctypes.c_long:
+        return generator.get_basic_type("long", 64, dc.DW_ATE_signed), 64
+    elif ctype == ctypes.c_ulong:
+        return generator.get_basic_type("unsigned long", 64, dc.DW_ATE_unsigned), 64
+    elif ctype == ctypes.c_longlong or ctype == ctypes.c_int64:
+        return generator.get_basic_type("long long", 64, dc.DW_ATE_signed), 64
+    elif ctype == ctypes.c_ulonglong or ctype == ctypes.c_uint64:
+        return generator.get_basic_type(
+            "unsigned long long", 64, dc.DW_ATE_unsigned
+        ), 64
+    elif ctype == ctypes.c_float:
+        return generator.get_basic_type("float", 32, dc.DW_ATE_float), 32
+    elif ctype == ctypes.c_double:
+        return generator.get_basic_type("double", 64, dc.DW_ATE_float), 64
+    elif ctype == ctypes.c_bool:
+        return generator.get_basic_type("bool", 8, dc.DW_ATE_boolean), 8
+    elif ctype == ctypes.c_char_p:
+        char_type = generator.get_basic_type("char", 8, dc.DW_ATE_signed_char), 8
+        return generator.create_pointer_type(char_type)
+    elif ctype == ctypes.c_void_p:
+        return generator.create_pointer_type(None), 64
+    else:
+        return generator.get_uint64_type(), 64
--- a/pythonbpf/vmlinux_parser/ir_gen/ir_generation.py
+++ b/pythonbpf/vmlinux_parser/ir_gen/ir_generation.py
@ -1,5 +1,7 @@
 import ctypes
 import logging
+
+from ..assignment_info import AssignmentInfo, AssignmentType
 from ..dependency_handler import DependencyHandler
 from .debug_info_gen import debug_info_generation
 from ..dependency_node import DependencyNode
@ -9,11 +11,19 @@ logger = logging.getLogger(__name__)


 class IRGenerator:
+    # This field keeps track of the non_struct names to avoid duplicate name errors.
+    type_number = 0
+    unprocessed_store: list[str] = []
+
    # get the assignments dict and add this stuff to it.
-    def __init__(self, llvm_module, handler: DependencyHandler, assignment=None):
+    def __init__(self, llvm_module, handler: DependencyHandler, assignments):
        self.llvm_module = llvm_module
        self.handler: DependencyHandler = handler
        self.generated: list[str] = []
+        self.generated_debug_info: list = []
+        # Use struct_name and field_name as key instead of Field object
+        self.generated_field_names: dict[str, dict[str, ir.GlobalVariable]] = {}
+        self.assignments: dict[str, AssignmentInfo] = assignments
        if not handler.is_ready:
            raise ImportError(
                "Semantic analysis of vmlinux imports failed. Cannot generate IR"
@ -66,58 +76,66 @@ class IRGenerator:
                                f"Warning: Dependency {dependency} not found in handler"
                            )

-            # Actual processor logic here after dependencies are resolved
-            self.gen_ir(struct)
+            # Generate IR first to populate field names
+            struct_debug_info = self.gen_ir(struct, self.generated_debug_info)
+            self.generated_debug_info.append((struct, struct_debug_info))
+
+            # Fill the assignments dictionary with struct information
+            if struct.name not in self.assignments:
+                # Create a members dictionary for AssignmentInfo
+                members_dict = {}
+                for field_name, field in struct.fields.items():
+                    # Get the generated field name from our dictionary, or use field_name if not found
+                    if (
+                        struct.name in self.generated_field_names
+                        and field_name in self.generated_field_names[struct.name]
+                    ):
+                        field_global_variable = self.generated_field_names[struct.name][
+                            field_name
+                        ]
+                        members_dict[field_name] = (field_global_variable, field)
+                    else:
+                        raise ValueError(
+                            f"llvm global name not found for struct field {field_name}"
+                        )
+                        # members_dict[field_name] = (field_name, field)
+
+                # Add struct to assignments dictionary
+                self.assignments[struct.name] = AssignmentInfo(
+                    value_type=AssignmentType.STRUCT,
+                    python_type=struct.ctype_struct,
+                    value=None,
+                    pointer_level=None,
+                    signature=None,
+                    members=members_dict,
+                    debug_info=struct_debug_info,
+                )
+                logger.info(f"Added struct assignment info for {struct.name}")
+
            self.generated.append(struct.name)

        finally:
            # Remove from processing stack after we're done
            processing_stack.discard(struct.name)

-    def gen_ir(self, struct):
+    def gen_ir(self, struct, generated_debug_info):
        # TODO: we add the btf_ama attribute by monkey patching in the end of compilation, but once llvmlite
        #  accepts our issue, we will resort to normal accessed attribute based attribute addition
        # currently we generate all possible field accesses for CO-RE and put into the assignment table
-        debug_info = debug_info_generation(struct, self.llvm_module)
+        debug_info = debug_info_generation(
+            struct, self.llvm_module, generated_debug_info
+        )
        field_index = 0
+
+        # Make sure the struct has an entry in our field names dictionary
+        if struct.name not in self.generated_field_names:
+            self.generated_field_names[struct.name] = {}
+
        for field_name, field in struct.fields.items():
            # does not take arrays and similar types into consideration yet.
-            if field.ctype_complex_type is not None and issubclass(
-                field.ctype_complex_type, ctypes.Array
-            ):
-                array_size = field.type_size
-                containing_type = field.containing_type
-                if containing_type.__module__ == ctypes.__name__:
-                    containing_type_size = ctypes.sizeof(containing_type)
-                    for i in range(0, array_size):
-                        field_co_re_name = self._struct_name_generator(
-                            struct, field, field_index, True, i, containing_type_size
-                        )
-                        globvar = ir.GlobalVariable(
-                            self.llvm_module, ir.IntType(64), name=field_co_re_name
-                        )
-                        globvar.linkage = "external"
-                        globvar.set_metadata("llvm.preserve.access.index", debug_info)
-                    field_index += 1
-            elif field.type_size is not None:
-                array_size = field.type_size
-                containing_type = field.containing_type
-                if containing_type.__module__ == "vmlinux":
-                    containing_type_size = self.handler[
-                        containing_type.__name__
-                    ].current_offset
-                    for i in range(0, array_size):
-                        field_co_re_name = self._struct_name_generator(
-                            struct, field, field_index, True, i, containing_type_size
-                        )
-                        globvar = ir.GlobalVariable(
-                            self.llvm_module, ir.IntType(64), name=field_co_re_name
-                        )
-                        globvar.linkage = "external"
-                        globvar.set_metadata("llvm.preserve.access.index", debug_info)
-                    field_index += 1
-            else:
-                field_co_re_name = self._struct_name_generator(
+            if callable(field.ctype_complex_type):
+                # Function pointer case - generate a simple field accessor
+                field_co_re_name, returned = self._struct_name_generator(
                    struct, field, field_index
                )
                field_index += 1
@ -126,6 +144,104 @@ class IRGenerator:
                )
                globvar.linkage = "external"
                globvar.set_metadata("llvm.preserve.access.index", debug_info)
+                self.generated_field_names[struct.name][field_name] = globvar
+            elif field.ctype_complex_type is not None and issubclass(
+                field.ctype_complex_type, ctypes.Array
+            ):
+                array_size = field.type_size
+                containing_type = field.containing_type
+                if containing_type.__module__ == ctypes.__name__:
+                    containing_type_size = ctypes.sizeof(containing_type)
+                    if array_size == 0:
+                        field_co_re_name, returned = self._struct_name_generator(
+                            struct, field, field_index, True, 0, containing_type_size
+                        )
+                        globvar = ir.GlobalVariable(
+                            self.llvm_module, ir.IntType(64), name=field_co_re_name
+                        )
+                        globvar.linkage = "external"
+                        globvar.set_metadata("llvm.preserve.access.index", debug_info)
+                        self.generated_field_names[struct.name][field_name] = globvar
+                        field_index += 1
+                        continue
+                    for i in range(0, array_size):
+                        field_co_re_name, returned = self._struct_name_generator(
+                            struct, field, field_index, True, i, containing_type_size
+                        )
+                        globvar = ir.GlobalVariable(
+                            self.llvm_module, ir.IntType(64), name=field_co_re_name
+                        )
+                        globvar.linkage = "external"
+                        globvar.set_metadata("llvm.preserve.access.index", debug_info)
+                        self.generated_field_names[struct.name][field_name] = globvar
+                    field_index += 1
+            elif field.type_size is not None:
+                array_size = field.type_size
+                containing_type = field.containing_type
+                if containing_type.__module__ == "vmlinux":
+                    # Unwrap all pointer layers to get the base struct type
+                    base_containing_type = containing_type
+                    while hasattr(base_containing_type, "_type_"):
+                        next_type = base_containing_type._type_
+                        # Stop if _type_ is a string (like 'c' for c_char)
+                        # TODO: stacked pointers not handl;ing ctypes check here as well
+                        if isinstance(next_type, str):
+                            break
+                        base_containing_type = next_type
+
+                    # Get the base struct name
+                    base_struct_name = (
+                        base_containing_type.__name__
+                        if hasattr(base_containing_type, "__name__")
+                        else str(base_containing_type)
+                    )
+
+                    # Look up the size using the base struct name
+                    containing_type_size = self.handler[base_struct_name].current_offset
+                    if array_size == 0:
+                        field_co_re_name, returned = self._struct_name_generator(
+                            struct, field, field_index, True, 0, containing_type_size
+                        )
+                        globvar = ir.GlobalVariable(
+                            self.llvm_module, ir.IntType(64), name=field_co_re_name
+                        )
+                        globvar.linkage = "external"
+                        globvar.set_metadata("llvm.preserve.access.index", debug_info)
+                        self.generated_field_names[struct.name][field_name] = globvar
+                        field_index += 1
+                    else:
+                        for i in range(0, array_size):
+                            field_co_re_name, returned = self._struct_name_generator(
+                                struct,
+                                field,
+                                field_index,
+                                True,
+                                i,
+                                containing_type_size,
+                            )
+                            globvar = ir.GlobalVariable(
+                                self.llvm_module, ir.IntType(64), name=field_co_re_name
+                            )
+                            globvar.linkage = "external"
+                            globvar.set_metadata(
+                                "llvm.preserve.access.index", debug_info
+                            )
+                            self.generated_field_names[struct.name][field_name] = (
+                                globvar
+                            )
+                        field_index += 1
+            else:
+                field_co_re_name, returned = self._struct_name_generator(
+                    struct, field, field_index
+                )
+                field_index += 1
+                globvar = ir.GlobalVariable(
+                    self.llvm_module, ir.IntType(64), name=field_co_re_name
+                )
+                globvar.linkage = "external"
+                globvar.set_metadata("llvm.preserve.access.index", debug_info)
+                self.generated_field_names[struct.name][field_name] = globvar
+        return debug_info

    def _struct_name_generator(
        self,
@ -135,7 +251,8 @@ class IRGenerator:
        is_indexed: bool = False,
        index: int = 0,
        containing_type_size: int = 0,
-    ) -> str:
+    ) -> tuple[str, bool]:
+        # TODO: Does not support Unions as well as recursive pointer and array type naming
        if is_indexed:
            name = (
                "llvm."
@ -144,7 +261,7 @@ class IRGenerator:
                + "$"
                + f"0:{field_index}:{index}"
            )
-            return name
+            return name, True
        elif struct.name.startswith("struct_"):
            name = (
                "llvm."
@ -153,9 +270,18 @@ class IRGenerator:
                + "$"
                + f"0:{field_index}"
            )
-            return name
+            return name, True
        else:
-            print(self.handler[struct.name])
-            raise TypeError(
-                "Name generation cannot occur due to type name not starting with struct"
+            logger.warning(
+                "Blindly handling non-struct type to avoid type errors in vmlinux IR generation. Possibly a union."
            )
+            self.type_number += 1
+            unprocessed_type = "unprocessed_type_" + str(self.handler[struct.name].name)
+            if self.unprocessed_store.__contains__(unprocessed_type):
+                return unprocessed_type + "_" + str(self.type_number), False
+            else:
+                self.unprocessed_store.append(unprocessed_type)
+                return unprocessed_type, False
+            # raise TypeError(
+            #     "Name generation cannot occur due to type name not starting with struct"
+            # )
--- a/pythonbpf/vmlinux_parser/vmlinux_exports_handler.py
+++ b/pythonbpf/vmlinux_parser/vmlinux_exports_handler.py
@ -0,0 +1,378 @@
+import logging
+from typing import Any
+import ctypes
+from llvmlite import ir
+
+from pythonbpf.local_symbol import LocalSymbol
+from pythonbpf.vmlinux_parser.assignment_info import AssignmentType
+
+logger = logging.getLogger(__name__)
+
+
+class VmlinuxHandler:
+    """Handler for vmlinux-related operations"""
+
+    _instance = None
+
+    @classmethod
+    def get_instance(cls):
+        """Get the singleton instance"""
+        if cls._instance is None:
+            logger.warning("VmlinuxHandler used before initialization")
+            return None
+        return cls._instance
+
+    @classmethod
+    def initialize(cls, vmlinux_symtab):
+        """Initialize the handler with vmlinux symbol table"""
+        cls._instance = cls(vmlinux_symtab)
+        return cls._instance
+
+    def __init__(self, vmlinux_symtab):
+        """Initialize with vmlinux symbol table"""
+        self.vmlinux_symtab = vmlinux_symtab
+        logger.info(
+            f"VmlinuxHandler initialized with {len(vmlinux_symtab) if vmlinux_symtab else 0} symbols"
+        )
+
+    def is_vmlinux_enum(self, name):
+        """Check if name is a vmlinux enum constant"""
+        return (
+            name in self.vmlinux_symtab
+            and self.vmlinux_symtab[name].value_type == AssignmentType.CONSTANT
+        )
+
+    def get_struct_debug_info(self, name: str) -> Any:
+        if (
+            name in self.vmlinux_symtab
+            and self.vmlinux_symtab[name].value_type == AssignmentType.STRUCT
+        ):
+            return self.vmlinux_symtab[name].debug_info
+        else:
+            raise ValueError(f"{name} is not a vmlinux struct type")
+
+    def get_vmlinux_struct_type(self, name):
+        """Check if name is a vmlinux struct type"""
+        if (
+            name in self.vmlinux_symtab
+            and self.vmlinux_symtab[name].value_type == AssignmentType.STRUCT
+        ):
+            return self.vmlinux_symtab[name].python_type
+        else:
+            raise ValueError(f"{name} is not a vmlinux struct type")
+
+    def is_vmlinux_struct(self, name):
+        """Check if name is a vmlinux struct"""
+        return (
+            name in self.vmlinux_symtab
+            and self.vmlinux_symtab[name].value_type == AssignmentType.STRUCT
+        )
+
+    def handle_vmlinux_enum(self, name):
+        """Handle vmlinux enum constants by returning LLVM IR constants"""
+        if self.is_vmlinux_enum(name):
+            value = self.vmlinux_symtab[name].value
+            logger.info(f"Resolving vmlinux enum {name} = {value}")
+            return ir.Constant(ir.IntType(64), value), ir.IntType(64)
+        return None
+
+    def get_vmlinux_enum_value(self, name):
+        """Handle vmlinux enum constants by returning LLVM IR constants"""
+        if self.is_vmlinux_enum(name):
+            value = self.vmlinux_symtab[name].value
+            logger.info(f"The value of vmlinux enum {name} = {value}")
+            return value
+        return None
+
+    def handle_vmlinux_struct_field(
+        self, struct_var_name, field_name, module, builder, local_sym_tab
+    ):
+        """Handle access to vmlinux struct fields"""
+        if struct_var_name in local_sym_tab:
+            var_info: LocalSymbol = local_sym_tab[struct_var_name]
+            logger.info(
+                f"Attempting to access field {field_name} of possible vmlinux struct {struct_var_name}"
+            )
+            python_type: type = var_info.metadata
+            # Check if this is a context field (ctx) or a cast struct
+            is_context_field = var_info.var is None
+
+            if is_context_field:
+                # Handle context field access (original behavior)
+                struct_name = python_type.__name__
+                globvar_ir, field_data = self.get_field_type(struct_name, field_name)
+                builder.function.args[0].type = ir.PointerType(ir.IntType(8))
+                field_ptr = self.load_ctx_field(
+                    builder,
+                    builder.function.args[0],
+                    globvar_ir,
+                    field_data,
+                    struct_name,
+                )
+                return field_ptr, field_data
+            else:
+                # Handle cast struct field access
+                struct_name = python_type.__name__
+                globvar_ir, field_data = self.get_field_type(struct_name, field_name)
+
+                # Handle cast struct field access (use bpf_probe_read_kernel)
+                # Load the struct pointer from the local variable
+                struct_ptr = builder.load(var_info.var)
+
+                # Use bpf_probe_read_kernel for non-context struct field access
+                field_value = self.load_struct_field(
+                    builder, struct_ptr, globvar_ir, field_data, struct_name
+                )
+                # Return field value and field type
+                return field_value, field_data
+        else:
+            raise RuntimeError("Variable accessed not found in symbol table")
+
+    @staticmethod
+    def load_struct_field(
+        builder, struct_ptr_int, offset_global, field_data, struct_name=None
+    ):
+        """
+        Generate LLVM IR to load a field from a regular (non-context) struct using bpf_probe_read_kernel.
+
+        Args:
+            builder: llvmlite IRBuilder instance
+            struct_ptr_int: The struct pointer as an i64 value (already loaded from alloca)
+            offset_global: Global variable containing the field offset (i64)
+            field_data: contains data about the field
+            struct_name: Name of the struct being accessed (optional)
+        Returns:
+            The loaded value
+        """
+
+        # Load the offset value
+        offset = builder.load(offset_global)
+
+        # Convert i64 to pointer type (BPF stores pointers as i64)
+        i8_ptr_type = ir.PointerType(ir.IntType(8))
+        struct_ptr = builder.inttoptr(struct_ptr_int, i8_ptr_type)
+
+        # GEP with offset to get field pointer
+        field_ptr = builder.gep(
+            struct_ptr,
+            [offset],
+            inbounds=False,
+        )
+
+        # Determine the appropriate field size based on field information
+        field_size_bytes = 8  # Default to 8 bytes (64-bit)
+        int_width = 64  # Default to 64-bit
+        needs_zext = False
+
+        if field_data is not None:
+            # Try to determine the size from field metadata
+            if field_data.type.__module__ == ctypes.__name__:
+                try:
+                    field_size_bytes = ctypes.sizeof(field_data.type)
+                    field_size_bits = field_size_bytes * 8
+
+                    if field_size_bits in [8, 16, 32, 64]:
+                        int_width = field_size_bits
+                        logger.info(
+                            f"Determined field size: {int_width} bits ({field_size_bytes} bytes)"
+                        )
+
+                        # Special handling for struct_xdp_md i32 fields
+                        if struct_name == "struct_xdp_md" and int_width == 32:
+                            needs_zext = True
+                            logger.info(
+                                "struct_xdp_md i32 field detected, will zero-extend to i64"
+                            )
+                    else:
+                        logger.warning(
+                            f"Unusual field size {field_size_bits} bits, using default 64"
+                        )
+                except Exception as e:
+                    logger.warning(
+                        f"Could not determine field size: {e}, using default 64"
+                    )
+
+            elif field_data.type.__module__ == "vmlinux":
+                # For pointers to structs or complex vmlinux types
+                if field_data.ctype_complex_type is not None and issubclass(
+                    field_data.ctype_complex_type, ctypes._Pointer
+                ):
+                    int_width = 64  # Pointers are always 64-bit
+                    field_size_bytes = 8
+                    logger.info("Field is a pointer type, using 64 bits")
+                else:
+                    logger.warning("Complex vmlinux field type, using default 64 bits")
+
+        # Allocate local storage for the field value
+        local_storage = builder.alloca(ir.IntType(int_width))
+        local_storage_i8_ptr = builder.bitcast(local_storage, i8_ptr_type)
+
+        # Use bpf_probe_read_kernel to safely read the field
+        # This generates:
+        #   %gep = getelementptr i8, ptr %struct_ptr, i64 %offset (already done above as field_ptr)
+        #   %passed = tail call ptr @llvm.bpf.passthrough.p0.p0(i32 2, ptr %gep)
+        #   %result = call i64 inttoptr (i64 113 to ptr)(ptr %local_storage, i32 %size, ptr %passed)
+        from pythonbpf.helper import emit_probe_read_kernel_call
+
+        emit_probe_read_kernel_call(
+            builder, local_storage_i8_ptr, field_size_bytes, field_ptr
+        )
+
+        # Load the value from local storage
+        value = builder.load(local_storage)
+
+        # Zero-extend i32 to i64 if needed
+        if needs_zext:
+            value = builder.zext(value, ir.IntType(64))
+            logger.info("Zero-extended i32 value to i64")
+
+        return value
+
+    @staticmethod
+    def load_ctx_field(builder, ctx_arg, offset_global, field_data, struct_name=None):
+        """
+        Generate LLVM IR to load a field from BPF context using offset.
+
+        Args:
+            builder: llvmlite IRBuilder instance
+            ctx_arg: The context pointer argument (ptr/i8*)
+            offset_global: Global variable containing the field offset (i64)
+            field_data: contains data about the field
+            struct_name: Name of the struct being accessed (optional)
+        Returns:
+            The loaded value (i64 register or appropriately sized)
+        """
+
+        # Load the offset value
+        offset = builder.load(offset_global)
+
+        # Ensure ctx_arg is treated as i8* (byte pointer)
+        i8_ptr_type = ir.PointerType()
+
+        # Cast ctx_arg to i8* if it isn't already
+        if str(ctx_arg.type) != str(i8_ptr_type):
+            ctx_i8_ptr = builder.bitcast(ctx_arg, i8_ptr_type)
+        else:
+            ctx_i8_ptr = ctx_arg
+
+        # GEP with explicit type - this is the key fix
+        field_ptr = builder.gep(
+            ctx_i8_ptr,
+            [offset],
+            inbounds=False,
+        )
+
+        # Get or declare the BPF passthrough intrinsic
+        module = builder.function.module
+
+        try:
+            passthrough_fn = module.globals.get("llvm.bpf.passthrough.p0.p0")
+            if passthrough_fn is None:
+                raise KeyError
+        except (KeyError, AttributeError):
+            passthrough_type = ir.FunctionType(
+                i8_ptr_type,
+                [ir.IntType(32), i8_ptr_type],
+            )
+            passthrough_fn = ir.Function(
+                module,
+                passthrough_type,
+                name="llvm.bpf.passthrough.p0.p0",
+            )
+
+        # Call passthrough to satisfy BPF verifier
+        verified_ptr = builder.call(
+            passthrough_fn, [ir.Constant(ir.IntType(32), 0), field_ptr], tail=True
+        )
+
+        # Determine the appropriate IR type based on field information
+        int_width = 64  # Default to 64-bit
+        needs_zext = False  # Track if we need zero-extension for xdp_md
+
+        if field_data is not None:
+            # Try to determine the size from field metadata
+            if field_data.type.__module__ == ctypes.__name__:
+                try:
+                    field_size_bytes = ctypes.sizeof(field_data.type)
+                    field_size_bits = field_size_bytes * 8
+
+                    if field_size_bits in [8, 16, 32, 64]:
+                        int_width = field_size_bits
+                        logger.info(f"Determined field size: {int_width} bits")
+
+                        # Special handling for struct_xdp_md i32 fields
+                        # Load as i32 but extend to i64 before storing
+                        if struct_name == "struct_xdp_md" and int_width == 32:
+                            needs_zext = True
+                            logger.info(
+                                "struct_xdp_md i32 field detected, will zero-extend to i64"
+                            )
+                    else:
+                        logger.warning(
+                            f"Unusual field size {field_size_bits} bits, using default 64"
+                        )
+                except Exception as e:
+                    logger.warning(
+                        f"Could not determine field size: {e}, using default 64"
+                    )
+
+            elif field_data.type.__module__ == "vmlinux":
+                # For pointers to structs or complex vmlinux types
+                if field_data.ctype_complex_type is not None and issubclass(
+                    field_data.ctype_complex_type, ctypes._Pointer
+                ):
+                    int_width = 64  # Pointers are always 64-bit
+                    logger.info("Field is a pointer type, using 64 bits")
+                # TODO: Add handling for other complex types (arrays, embedded structs, etc.)
+                else:
+                    logger.warning("Complex vmlinux field type, using default 64 bits")
+
+        # Bitcast to appropriate pointer type based on determined width
+        ptr_type = ir.PointerType(ir.IntType(int_width))
+
+        typed_ptr = builder.bitcast(verified_ptr, ptr_type)
+
+        # Load and return the value
+        value = builder.load(typed_ptr)
+
+        # Zero-extend i32 to i64 for struct_xdp_md fields
+        if needs_zext:
+            value = builder.zext(value, ir.IntType(64))
+            logger.info("Zero-extended i32 value to i64 for struct_xdp_md field")
+
+        return value
+
+    def has_field(self, struct_name, field_name):
+        """Check if a vmlinux struct has a specific field"""
+        if self.is_vmlinux_struct(struct_name):
+            python_type = self.vmlinux_symtab[struct_name].python_type
+            return hasattr(python_type, field_name)
+        return False
+
+    def get_field_type(self, vmlinux_struct_name, field_name):
+        """Get the type of a field in a vmlinux struct"""
+        if self.is_vmlinux_struct(vmlinux_struct_name):
+            python_type = self.vmlinux_symtab[vmlinux_struct_name].python_type
+            if hasattr(python_type, field_name):
+                return self.vmlinux_symtab[vmlinux_struct_name].members[field_name]
+            else:
+                raise ValueError(
+                    f"Field {field_name} not found in vmlinux struct {vmlinux_struct_name}"
+                )
+        else:
+            raise ValueError(f"{vmlinux_struct_name} is not a vmlinux struct")
+
+    def get_field_index(self, vmlinux_struct_name, field_name):
+        """Get the type of a field in a vmlinux struct"""
+        if self.is_vmlinux_struct(vmlinux_struct_name):
+            python_type = self.vmlinux_symtab[vmlinux_struct_name].python_type
+            if hasattr(python_type, field_name):
+                return list(
+                    self.vmlinux_symtab[vmlinux_struct_name].members.keys()
+                ).index(field_name)
+            else:
+                raise ValueError(
+                    f"Field {field_name} not found in vmlinux struct {vmlinux_struct_name}"
+                )
+        else:
+            raise ValueError(f"{vmlinux_struct_name} is not a vmlinux struct")
--- a/tests/c-form/Makefile
+++ b/tests/c-form/Makefile
@ -1,19 +1,22 @@
 BPF_CLANG := clang
-CFLAGS := -O2 -emit-llvm -target bpf -c
+CFLAGS := -emit-llvm -target bpf -c

 SRC := $(wildcard *.bpf.c)
 LL := $(SRC:.bpf.c=.bpf.ll)
 OBJ := $(SRC:.bpf.c=.bpf.o)
-
+LL0 := $(SRC:.bpf.c=.bpf.o0.ll)
 .PHONY: all clean

-all: $(LL) $(OBJ)
+all: $(LL) $(OBJ) $(LL0)

 %.bpf.o: %.bpf.c
 	$(BPF_CLANG) -O2 -g -target bpf -c $< -o $@

 %.bpf.ll: %.bpf.c
-	$(BPF_CLANG) $(CFLAGS) -g -S $< -o $@
+	$(BPF_CLANG) $(CFLAGS) -O2 -g -S $< -o $@
+
+%.bpf.o0.ll: %.bpf.c
+	$(BPF_CLANG) $(CFLAGS) -O0 -g -S $< -o $@

 clean:
-	rm -f $(LL) $(OBJ)
+	rm -f $(LL) $(OBJ) $(LL0)
--- a/tests/c-form/ex5.bpf.c
+++ b/tests/c-form/ex5.bpf.c
@ -1,25 +0,0 @@
-#define __TARGET_ARCH_arm64
-
-#include "vmlinux.h"
-#include <bpf/bpf_helpers.h>
-#include <bpf/bpf_tracing.h>
-#include <bpf/bpf_core_read.h>
-
-// Map: key = struct request*, value = u64 timestamp
-struct {
-    __uint(type, BPF_MAP_TYPE_HASH);
-    __type(key, struct request *);
-    __type(value, u64);
-    __uint(max_entries, 1024);
-} start SEC(".maps");
-
-// Attach to kprobe for blk_start_request
-SEC("kprobe/blk_start_request")
-int BPF_KPROBE(trace_start, struct request *req)
-{
-    u64 ts = bpf_ktime_get_ns();
-    bpf_map_update_elem(&start, &req, &ts, BPF_ANY);
-    return 0;
-}
-
-char LICENSE[] SEC("license") = "GPL";
--- a/tests/c-form/ex7.bpf.c
+++ b/tests/c-form/ex7.bpf.c
@ -19,7 +19,7 @@ struct {
 SEC("tp/syscalls/sys_enter_setuid")
 int handle_setuid_entry(struct trace_event_raw_sys_enter *ctx) {
  struct event data = {};
-
+  struct blk_integrity_iter it = {};
  // Extract UID from the syscall arguments
  data.uid = (unsigned int)ctx->args[0];
  data.ts = bpf_ktime_get_ns();
--- a/tests/c-form/i32test.bpf.c
+++ b/tests/c-form/i32test.bpf.c
@ -0,0 +1,15 @@
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+
+SEC("xdp")
+int print_xdp_data(struct xdp_md *ctx)
+{
+    // 'data' is a pointer to the start of packet data
+    long data = (long)ctx->data;
+
+    bpf_printk("ctx->data = %lld\n", data);
+
+    return XDP_PASS;
+}
+
+char LICENSE[] SEC("license") = "GPL";
--- a/tests/c-form/kprobe.bpf.c
+++ b/tests/c-form/kprobe.bpf.c
@ -2,18 +2,75 @@
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>

-char LICENSE[] SEC("license") = "Dual BSD/GPL";
+char LICENSE[] SEC("license") = "GPL";

 SEC("kprobe/do_unlinkat")
 int kprobe_execve(struct pt_regs *ctx)
 {
    bpf_printk("unlinkat created");
-    return 0;
-}

-SEC("kretprobe/do_unlinkat")
-int kretprobe_execve(struct pt_regs *ctx)
-{
-    bpf_printk("unlinkat returned\n");
+    unsigned long r15 = ctx->r15;
+    bpf_printk("r15: %lld", r15);
+
+    unsigned long r14 = ctx->r14;
+    bpf_printk("r14: %lld", r14);
+
+    unsigned long r13 = ctx->r13;
+    bpf_printk("r13: %lld", r13);
+
+    unsigned long r12 = ctx->r12;
+    bpf_printk("r12: %lld", r12);
+
+    unsigned long bp = ctx->bp;
+    bpf_printk("rbp: %lld", bp);
+
+    unsigned long bx = ctx->bx;
+    bpf_printk("rbx: %lld", bx);
+
+    unsigned long r11 = ctx->r11;
+    bpf_printk("r11: %lld", r11);
+
+    unsigned long r10 = ctx->r10;
+    bpf_printk("r10: %lld", r10);
+
+    unsigned long r9 = ctx->r9;
+    bpf_printk("r9: %lld", r9);
+
+    unsigned long r8 = ctx->r8;
+    bpf_printk("r8: %lld", r8);
+
+    unsigned long ax = ctx->ax;
+    bpf_printk("rax: %lld", ax);
+
+    unsigned long cx = ctx->cx;
+    bpf_printk("rcx: %lld", cx);
+
+    unsigned long dx = ctx->dx;
+    bpf_printk("rdx: %lld", dx);
+
+    unsigned long si = ctx->si;
+    bpf_printk("rsi: %lld", si);
+
+    unsigned long di = ctx->di;
+    bpf_printk("rdi: %lld", di);
+
+    unsigned long orig_ax = ctx->orig_ax;
+    bpf_printk("orig_rax: %lld", orig_ax);
+
+    unsigned long ip = ctx->ip;
+    bpf_printk("rip: %lld", ip);
+
+    unsigned long cs = ctx->cs;
+    bpf_printk("cs: %lld", cs);
+
+    unsigned long flags = ctx->flags;
+    bpf_printk("eflags: %lld", flags);
+
+    unsigned long sp = ctx->sp;
+    bpf_printk("rsp: %lld", sp);
+
+    unsigned long ss = ctx->ss;
+    bpf_printk("ss: %lld", ss);
+
    return 0;
 }
--- a/tests/c-form/requests.bpf.c
+++ b/tests/c-form/requests.bpf.c
@ -0,0 +1,18 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+
+char LICENSE[] SEC("license") = "GPL";
+
+SEC("kprobe/blk_mq_start_request")
+int example(struct pt_regs *ctx)
+{
+    u64 a = ctx->r15;
+    struct request *req = (struct request *)(ctx->di);
+    unsigned int something_ns = BPF_CORE_READ(req, timeout);
+    unsigned int data_len = BPF_CORE_READ(req, __data_len);
+    bpf_printk("data length %lld %ld %ld\n", data_len,  something_ns, a);
+
+    return 0;
+}
--- a/tests/c-form/requests2.bpf.c
+++ b/tests/c-form/requests2.bpf.c
@ -0,0 +1,18 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+
+char LICENSE[] SEC("license") = "GPL";
+
+SEC("kprobe/blk_mq_start_request")
+int example(struct pt_regs *ctx)
+{
+    u64 a = ctx->r15;
+    struct request *req = (struct request *)(ctx->di);
+    unsigned int something_ns = req->timeout;
+    unsigned int data_len = req->__data_len;
+    bpf_printk("data length %lld %ld %ld\n", data_len,  something_ns, a);
+
+    return 0;
+}
--- a/tests/c-form/struct_field_tests.bpf.c
+++ b/tests/c-form/struct_field_tests.bpf.c
@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+/*
+Information gained from reversing this (multiple kernel versions):
+There is no point of
+```llvm
+ tail call void @llvm.dbg.value(metadata ptr %0, metadata !60, metadata !DIExpression()), !dbg !70
+ ```
+ and the first argument of passthrough is fucking useless. It just needs to be a distinct integer:
+ ```llvm
+   %9 = tail call ptr @llvm.bpf.passthrough.p0.p0(i32 3, ptr %8)
+ ```
+*/
+
+SEC("tp/syscalls/sys_enter_execve")
+int handle_setuid_entry(struct trace_event_raw_sys_enter *ctx) {
+  // Access each argument separately with clear variable assignments
+  long int id = ctx->id;
+  bpf_printk("This is context field %d", id);
+  /*
+   * the IR to aim for is
+   * %2 = alloca ptr, align 8
+   * store ptr %0, ptr %2, align 8
+   * Above, %0 is the arg pointer
+   * %5 = load ptr, ptr %2, align 8
+   * %6 = getelementptr inbounds %struct.trace_event_raw_sys_enter, ptr %5, i32 0, i32 2
+   * %7 = load i64, ptr @"llvm.trace_event_raw_sys_enter:0:16$0:2:0", align 8
+   * %8 = bitcast ptr %5 to ptr
+   * %9 = getelementptr i8, ptr %8, i64 %7
+   * %10 = bitcast ptr %9 to ptr
+   * %11 = call ptr @llvm.bpf.passthrough.p0.p0(i32 0, ptr %10)
+   * %12 = load i64, ptr %11, align 8, !dbg !101
+   *
+   */
+  return 0;
+}
+
+char LICENSE[] SEC("license") = "GPL";
--- a/tests/c-form/vmlinux.h
+++ b/tests/c-form/vmlinux.h
--- a/tests/c-form/xdp_modify.bpf.c
+++ b/tests/c-form/xdp_modify.bpf.c
@ -0,0 +1,21 @@
+// xdp_rewrite.c
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <linux/if_ether.h>
+
+SEC("xdp")
+int xdp_rewrite_mac(struct xdp_md *ctx)
+{
+    void *data_end = (void *)(long)ctx->data_end;
+    void *data     = (void *)(long)ctx->data;
+
+    struct ethhdr *eth = data;
+    if ((void*)(eth + 1) > data_end)
+        return XDP_PASS;
+    __u8 new_src[ETH_ALEN] = {0x02,0x00,0x00,0x00,0x00,0x02};
+    for (int i = 0; i < ETH_ALEN; i++) eth->h_source[i] = new_src[i];
+
+    return XDP_PASS;
+}
+
+char _license[] SEC("license") = "GPL";
--- a/tests/failing_tests/vmlinux/args_test.py
+++ b/tests/failing_tests/vmlinux/args_test.py
@ -0,0 +1,30 @@
+import logging
+
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir
+from pythonbpf import compile  # noqa: F401
+from vmlinux import TASK_COMM_LEN  # noqa: F401
+from vmlinux import struct_trace_event_raw_sys_enter  # noqa: F401
+from ctypes import c_int64, c_int32, c_void_p  # noqa: F401
+
+
+# from vmlinux import struct_uinput_device
+# from vmlinux import struct_blk_integrity_iter
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: struct_trace_event_raw_sys_enter) -> c_int64:
+    b = ctx.args
+    c = b[0]
+    print(f"This is context args field {c}")
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("args_test.py", "args_test.ll", loglevel=logging.INFO)
+compile()
--- a/tests/failing_tests/vmlinux/assignment_handling.py
+++ b/tests/failing_tests/vmlinux/assignment_handling.py
@ -0,0 +1,22 @@
+from vmlinux import XDP_PASS
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir
+import logging
+from ctypes import c_int64, c_void_p
+
+
+@bpf
+@section("kprobe/blk_mq_start_request")
+def example(ctx: c_void_p) -> c_int64:
+    d = XDP_PASS  # This gives an error, but
+    e = XDP_PASS + 0  # this does not
+    print(f"test1 {e} test2 {d}")
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("assignment_handling.py", "assignment_handling.ll", loglevel=logging.INFO)
--- a/tests/passing_tests/assign/comprehensive.py
+++ b/tests/passing_tests/assign/comprehensive.py
@ -1,4 +1,4 @@
-from pythonbpf import bpf, map, section, bpfglobal, compile, struct
+from pythonbpf import bpf, map, section, bpfglobal, compile, struct, compile_to_ir
 from ctypes import c_void_p, c_int64, c_int32, c_uint64
 from pythonbpf.maps import HashMap
 from pythonbpf.helper import ktime
@ -71,4 +71,5 @@ def LICENSE() -> str:
    return "GPL"


+compile_to_ir("comprehensive.py", "comprehensive.ll")
 compile()
--- a/tests/passing_tests/assign/ptr_to_char_array.py
+++ b/tests/passing_tests/assign/ptr_to_char_array.py
@ -0,0 +1,28 @@
+from pythonbpf import bpf, struct, section, bpfglobal
+from pythonbpf.helper import comm
+
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@struct
+class data_t:
+    comm: str(16)  # type: ignore [valid-type]
+    copp: str(16)  # type: ignore [valid-type]
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_clone")
+def hello(ctx: c_void_p) -> c_int64:
+    dataobj = data_t()
+    comm(dataobj.comm)
+    strobj = dataobj.comm
+    dataobj.copp = strobj
+    print(f"clone called by comm {dataobj.copp}")
+    return 0
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
--- a/tests/passing_tests/assign/struct_field_to_var_str.py
+++ b/tests/passing_tests/assign/struct_field_to_var_str.py
@ -0,0 +1,26 @@
+from pythonbpf import bpf, struct, section, bpfglobal
+from pythonbpf.helper import comm
+
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@struct
+class data_t:
+    comm: str(16)  # type: ignore [valid-type]
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_clone")
+def hello(ctx: c_void_p) -> c_int64:
+    dataobj = data_t()
+    comm(dataobj.comm)
+    strobj = dataobj.comm
+    print(f"clone called by comm {strobj}")
+    return 0
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
--- a/tests/passing_tests/hash_map_struct.py
+++ b/tests/passing_tests/hash_map_struct.py
@ -0,0 +1,42 @@
+from pythonbpf import bpf, section, struct, bpfglobal, compile, map
+from pythonbpf.maps import HashMap
+from pythonbpf.helper import pid
+from ctypes import c_void_p, c_int64
+
+
+@bpf
+@struct
+class val_type:
+    counter: c_int64
+    shizzle: c_int64
+
+
+@bpf
+@map
+def last() -> HashMap:
+    return HashMap(key=val_type, value=c_int64, max_entries=16)
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_clone")
+def hello_world(ctx: c_void_p) -> c_int64:
+    obj = val_type()
+    obj.counter, obj.shizzle = 42, 96
+    t = last.lookup(obj)
+    if t:
+        print(f"Found existing entry: counter={obj.counter}, pid={t}")
+        last.delete(obj)
+        return 0  # type: ignore [return-value]
+    val = pid()
+    last.update(obj, val)
+    print(f"Map updated!, {obj.counter}, {obj.shizzle}, {val}")
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()
--- a/tests/passing_tests/helpers/bpf_probe_read.py
+++ b/tests/passing_tests/helpers/bpf_probe_read.py
@ -0,0 +1,29 @@
+from pythonbpf import bpf, section, bpfglobal, compile, struct
+from ctypes import c_void_p, c_int64, c_uint64, c_uint32
+from pythonbpf.helper import probe_read
+
+
+@bpf
+@struct
+class data_t:
+    pid: c_uint32
+    value: c_uint64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def test_probe_read(ctx: c_void_p) -> c_int64:
+    """Test bpf_probe_read helper function"""
+    data = data_t()
+    probe_read(data.value, 8, ctx)
+    probe_read(data.pid, 4, ctx)
+    return 0
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()
--- a/tests/passing_tests/helpers/prandom.py
+++ b/tests/passing_tests/helpers/prandom.py
@ -0,0 +1,25 @@
+from pythonbpf import bpf, bpfglobal, section, BPF, trace_pipe
+from ctypes import c_void_p, c_int64
+from pythonbpf.helper import random
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_clone")
+def hello_world(ctx: c_void_p) -> c_int64:
+    r = random()
+    print(f"Hello, World!, {r}")
+    return 0  # type: ignore [return-value]
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+# Compile and load
+b = BPF()
+b.load()
+b.attach_all()
+
+trace_pipe()
--- a/tests/passing_tests/helpers/smp_processor_id.py
+++ b/tests/passing_tests/helpers/smp_processor_id.py
@ -0,0 +1,40 @@
+from pythonbpf import bpf, section, bpfglobal, compile, struct
+from ctypes import c_void_p, c_int64, c_uint32, c_uint64
+from pythonbpf.helper import smp_processor_id, ktime
+
+
+@bpf
+@struct
+class cpu_event_t:
+    cpu_id: c_uint32
+    timestamp: c_uint64
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def trace_with_cpu(ctx: c_void_p) -> c_int64:
+    """Test bpf_get_smp_processor_id helper function"""
+
+    # Get the current CPU ID
+    cpu = smp_processor_id()
+
+    # Print it
+    print(f"Running on CPU {cpu}")
+
+    # Use it in a struct
+    event = cpu_event_t()
+    event.cpu_id = smp_processor_id()
+    event.timestamp = ktime()
+
+    print(f"Event on CPU {event.cpu_id} at time {event.timestamp}")
+
+    return 0
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()
--- a/tests/passing_tests/helpers/uid_gid.py
+++ b/tests/passing_tests/helpers/uid_gid.py
@ -0,0 +1,31 @@
+from pythonbpf import bpf, section, bpfglobal, compile
+from ctypes import c_void_p, c_int64
+from pythonbpf.helper import uid, pid
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def filter_by_user(ctx: c_void_p) -> c_int64:
+    """Filter events by specific user ID"""
+
+    current_uid = uid()
+
+    # Only trace root user (UID 0)
+    if current_uid == 0:
+        process_id = pid()
+        print(f"Root process {process_id} executed")
+
+    # Or trace specific user (e.g., UID 1000)
+    if current_uid == 1002:
+        print("User 1002 executed something")
+
+    return 0
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile()
--- a/tests/passing_tests/vmlinux/i32_test.py
+++ b/tests/passing_tests/vmlinux/i32_test.py
@ -0,0 +1,31 @@
+from ctypes import c_int64, c_void_p
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir, compile
+from vmlinux import struct_xdp_md
+from vmlinux import XDP_PASS
+
+
+@bpf
+@section("xdp")
+def print_xdp_dat2a(ct2x: struct_xdp_md) -> c_int64:
+    data = ct2x.data  # 32-bit field: packet start pointer
+    print(f"ct2x->data = {data}")
+    return c_int64(XDP_PASS)
+
+
+@bpf
+@section("xdp")
+def print_xdp_data(ctx: struct_xdp_md) -> c_int64:
+    data = ctx.data  # 32-bit field: packet start pointer
+    something = c_void_p(data)
+    print(f"ctx->data = {something}")
+    return c_int64(XDP_PASS)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("i32_test.py", "i32_test.ll")
+compile()
--- a/tests/passing_tests/vmlinux/i32_test_fail_1.py
+++ b/tests/passing_tests/vmlinux/i32_test_fail_1.py
@ -0,0 +1,24 @@
+from ctypes import c_int64
+from pythonbpf import bpf, section, bpfglobal, compile
+from vmlinux import struct_xdp_md
+from vmlinux import XDP_PASS
+import logging
+
+
+@bpf
+@section("xdp")
+def print_xdp_data(ctx: struct_xdp_md) -> c_int64:
+    data = 0
+    data = ctx.data  # 32-bit field: packet start pointer
+    something = 2 + data
+    print(f"ctx->data = {something}")
+    return c_int64(XDP_PASS)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile(logging.INFO)
--- a/tests/passing_tests/vmlinux/i32_test_fail_2.py
+++ b/tests/passing_tests/vmlinux/i32_test_fail_2.py
@ -0,0 +1,24 @@
+from ctypes import c_int64
+from pythonbpf import bpf, section, bpfglobal, compile, compile_to_ir
+from vmlinux import struct_xdp_md
+from vmlinux import XDP_PASS
+import logging
+
+
+@bpf
+@section("xdp")
+def print_xdp_data(ctx: struct_xdp_md) -> c_int64:
+    data = c_int64(ctx.data)  # 32-bit field: packet start pointer
+    something = 2 + data
+    print(f"ctx->data = {something}")
+    return c_int64(XDP_PASS)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("i32_test_fail_2.py", "i32_test_fail_2.ll")
+compile(logging.INFO)
--- a/tests/passing_tests/vmlinux/register_state_dump.py
+++ b/tests/passing_tests/vmlinux/register_state_dump.py
@ -0,0 +1,53 @@
+from pythonbpf import bpf, section, bpfglobal, BPF, trace_pipe
+from pythonbpf import compile  # noqa: F401
+from vmlinux import struct_pt_regs
+from ctypes import c_int64, c_int32, c_void_p  # noqa: F401
+
+
+@bpf
+@section("kprobe/do_unlinkat")
+def kprobe_execve(ctx: struct_pt_regs) -> c_int64:
+    r15 = ctx.r15
+    r14 = ctx.r14
+    r13 = ctx.r13
+    r12 = ctx.r12
+    bp = ctx.bp
+    bx = ctx.bx
+    r11 = ctx.r11
+    r10 = ctx.r10
+    r9 = ctx.r9
+    r8 = ctx.r8
+    ax = ctx.ax
+    cx = ctx.cx
+    dx = ctx.dx
+    si = ctx.si
+    di = ctx.di
+    orig_ax = ctx.orig_ax
+    ip = ctx.ip
+    cs = ctx.cs
+    flags = ctx.flags
+    sp = ctx.sp
+    ss = ctx.ss
+
+    print(f"r15={r15} r14={r14} r13={r13}")
+    print(f"r12={r12} rbp={bp} rbx={bx}")
+    print(f"r11={r11} r10={r10} r9={r9}")
+    print(f"r8={r8} rax={ax} rcx={cx}")
+    print(f"rdx={dx} rsi={si} rdi={di}")
+    print(f"orig_rax={orig_ax} rip={ip} cs={cs}")
+    print(f"eflags={flags} rsp={sp} ss={ss}")
+
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+b = BPF()
+b.load()
+b.attach_all()
+
+trace_pipe()
--- a/tests/passing_tests/vmlinux/requests.py
+++ b/tests/passing_tests/vmlinux/requests.py
@ -0,0 +1,27 @@
+from vmlinux import struct_request, struct_pt_regs
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir, compile
+import logging
+from ctypes import c_int64
+
+
+@bpf
+@section("kprobe/blk_mq_start_request")
+def example(ctx: struct_pt_regs) -> c_int64:
+    a = ctx.r15
+    req = struct_request(ctx.di)
+    d = req.__data_len
+    b = ctx.r12
+    c = req.timeout
+    print(f"data length {d} and {c} and {a}")
+    print(f"ctx arg {b}")
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("requests.py", "requests.ll", loglevel=logging.INFO)
+compile()
--- a/tests/passing_tests/vmlinux/requests2.py
+++ b/tests/passing_tests/vmlinux/requests2.py
@ -0,0 +1,21 @@
+from vmlinux import struct_pt_regs
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir
+import logging
+from ctypes import c_int64
+
+
+@bpf
+@section("kprobe/blk_mq_start_request")
+def example(ctx: struct_pt_regs) -> c_int64:
+    req = ctx.di
+    print(f"data length {req}")
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("requests2.py", "requests2.ll", loglevel=logging.INFO)
--- a/tests/passing_tests/vmlinux/simple_struct_test.py
+++ b/tests/passing_tests/vmlinux/simple_struct_test.py
@ -0,0 +1,47 @@
+import logging
+
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir, map
+from pythonbpf import compile  # noqa: F401
+from vmlinux import TASK_COMM_LEN  # noqa: F401
+from vmlinux import struct_trace_event_raw_sys_enter  # noqa: F401
+from ctypes import c_uint64, c_int32, c_int64
+from pythonbpf.maps import HashMap
+
+# from vmlinux import struct_uinput_device
+# from vmlinux import struct_blk_integrity_iter
+
+
+@bpf
+@map
+def mymap() -> HashMap:
+    return HashMap(key=c_int32, value=c_uint64, max_entries=TASK_COMM_LEN)
+
+
+@bpf
+@map
+def mymap2() -> HashMap:
+    return HashMap(key=c_int32, value=c_uint64, max_entries=18)
+
+
+# Instructions to how to run this program
+# 1. Install PythonBPF: pip install pythonbpf
+# 2. Run the program: python examples/simple_struct_test.py
+# 3. Run the program with sudo: sudo tools/check.sh run examples/simple_struct_test.o
+# 4. Attach object file to any network device with something like ./check.sh run examples/simple_struct_test.o tailscale0
+# 5. send traffic through the device and observe effects
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: struct_trace_event_raw_sys_enter) -> c_int64:
+    a = 2 + TASK_COMM_LEN + TASK_COMM_LEN
+    print(f"Hello, World{TASK_COMM_LEN} and {a}")
+    return c_int64(TASK_COMM_LEN + 2)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("simple_struct_test.py", "simple_struct_test.ll", loglevel=logging.DEBUG)
+compile()
--- a/tests/passing_tests/vmlinux/struct_field_access.py
+++ b/tests/passing_tests/vmlinux/struct_field_access.py
@ -0,0 +1,29 @@
+import logging
+
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir
+from pythonbpf import compile  # noqa: F401
+from vmlinux import TASK_COMM_LEN  # noqa: F401
+from vmlinux import struct_trace_event_raw_sys_enter  # noqa: F401
+from ctypes import c_int64, c_int32, c_void_p  # noqa: F401
+
+
+# from vmlinux import struct_uinput_device
+# from vmlinux import struct_blk_integrity_iter
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: struct_trace_event_raw_sys_enter) -> c_int64:
+    b = ctx.id
+    print(f"This is context field {b}")
+    return c_int64(0)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("struct_field_access.py", "struct_field_access.ll", loglevel=logging.INFO)
+compile()
--- a/tools/setup.sh
+++ b/tools/setup.sh
@ -0,0 +1,209 @@
+#!/bin/bash
+
+print_warning() {
+  echo -e "\033[1;33m$1\033[0m"
+}
+print_info() {
+  echo -e "\033[1;32m$1\033[0m"
+}
+
+if [ "$EUID" -ne 0 ]; then
+    echo "Please run this script with sudo."
+    exit 1
+fi
+
+print_warning "===================================================================="
+print_warning "                         WARNING                                     "
+print_warning "   This script will run kernel-level BPF programs.                   "
+print_warning "   BPF programs run with kernel privileges and could potentially     "
+print_warning "   affect system stability if not used properly.                     "
+print_warning "                                                                     "
+print_warning "   This is a non-interactive version for curl piping.                "
+print_warning "   The script will proceed automatically with installation.          "
+print_warning "===================================================================="
+echo
+
+print_info "This script will:"
+echo "1. Check and install required dependencies (libelf, clang, python, bpftool)"
+echo "2. Download example programs from the Python-BPF GitHub repository"
+echo "3. Create a Python virtual environment with necessary packages"
+echo "4. Set up a Jupyter notebook server"
+echo "Starting in 5 seconds. Press Ctrl+C to cancel..."
+sleep 5
+
+WORK_DIR="/tmp/python_bpf_setup"
+REAL_USER=$(logname || echo "$SUDO_USER")
+
+echo "Creating temporary directory: $WORK_DIR"
+mkdir -p "$WORK_DIR"
+cd "$WORK_DIR" || exit 1
+
+if [ -f /etc/os-release ]; then
+    . /etc/os-release
+    DISTRO=$ID
+else
+    echo "Cannot determine Linux distribution. Exiting."
+    exit 1
+fi
+
+install_dependencies() {
+    case $DISTRO in
+        ubuntu|debian|pop|mint|elementary|zorin)
+            echo "Detected Ubuntu/Debian-based system"
+            apt update
+
+            # Check and install libelf
+            if ! dpkg -l libelf-dev >/dev/null 2>&1; then
+                echo "Installing libelf-dev..."
+                apt install -y libelf-dev
+            else
+                echo "libelf-dev is already installed."
+            fi
+
+            # Check and install clang
+            if ! command -v clang >/dev/null 2>&1; then
+                echo "Installing clang..."
+                apt install -y clang
+            else
+                echo "clang is already installed."
+            fi
+
+            # Check and install python
+            if ! command -v python3 >/dev/null 2>&1; then
+                echo "Installing python3..."
+                apt install -y python3 python3-pip python3-venv
+            else
+                echo "python3 is already installed."
+            fi
+
+            # Check and install bpftool
+            if ! command -v bpftool >/dev/null 2>&1; then
+                echo "Installing bpftool..."
+                apt install -y linux-tools-common linux-tools-generic
+
+                # If bpftool still not found, try installing linux-tools-$(uname -r)
+                if ! command -v bpftool >/dev/null 2>&1; then
+                    KERNEL_VERSION=$(uname -r)
+                    apt install -y linux-tools-$KERNEL_VERSION
+                fi
+            else
+                echo "bpftool is already installed."
+            fi
+            ;;
+
+        arch|manjaro|endeavouros)
+            echo "Detected Arch-based Linux system"
+
+            # Check and install libelf
+            if ! pacman -Q libelf >/dev/null 2>&1; then
+                echo "Installing libelf..."
+                pacman -S --noconfirm libelf
+            else
+                echo "libelf is already installed."
+            fi
+
+            # Check and install clang
+            if ! command -v clang >/dev/null 2>&1; then
+                echo "Installing clang..."
+                pacman -S --noconfirm clang
+            else
+                echo "clang is already installed."
+            fi
+
+            # Check and install python
+            if ! command -v python3 >/dev/null 2>&1; then
+                echo "Installing python3..."
+                pacman -S --noconfirm python python-pip
+            else
+                echo "python3 is already installed."
+            fi
+
+            # Check and install bpftool
+            if ! command -v bpftool >/dev/null 2>&1; then
+                echo "Installing bpftool..."
+                pacman -S --noconfirm bpf linux-headers
+            else
+                echo "bpftool is already installed."
+            fi
+            ;;
+
+        *)
+            echo "Unsupported distribution: $DISTRO"
+            echo "This script only supports Ubuntu/Debian and Arch Linux derivatives."
+            exit 1
+            ;;
+    esac
+}
+
+echo "Checking and installing dependencies..."
+install_dependencies
+
+# Download example programs
+echo "Downloading example programs from Python-BPF GitHub repository..."
+mkdir -p examples
+cd examples || exit 1
+
+echo "Fetching example files list..."
+FILES=$(curl -s "https://api.github.com/repos/pythonbpf/Python-BPF/contents/examples" | grep -E -o '"path": "examples/[^"]*(\.md|\.ipynb|\.py)"' | awk -F'"' '{print $4}')
+BCC_EXAMPLES=$(curl -s "https://api.github.com/repos/pythonbpf/Python-BPF/contents/BCC-Examples" | grep -E -o '"path": "BCC-Examples/[^"]*(\.md|\.ipynb|\.py)"' | awk -F'"' '{print $4}')
+
+if [ -z "$FILES" ]; then
+    echo "Failed to fetch file list from repository. Using fallback method..."
+    # Fallback to downloading common example files
+    EXAMPLES=(
+        "binops_demo.py"
+        "blk_request.py"
+        "clone-matplotlib.ipynb"
+        "clone_plot.py"
+        "hello_world.py"
+        "kprobes.py"
+        "struct_and_perf.py"
+        "sys_sync.py"
+        "xdp_pass.py"
+    )
+
+    for example in "${EXAMPLES[@]}"; do
+        echo "Downloading: $example"
+        curl -s -O "https://raw.githubusercontent.com/pythonbpf/Python-BPF/master/examples/$example"
+    done
+else
+    mkdir examples && cd examples
+    for file in $FILES; do
+        filename=$(basename "$file")
+        echo "Downloading: $filename"
+        curl -s -o "$filename" "https://raw.githubusercontent.com/pythonbpf/Python-BPF/master/$file"
+    done
+    cd ..
+    mkdir BCC-Examples && cd BCC-Examples
+    for file in $BCC_EXAMPLES; do
+        filename=$(basename "$file")
+        echo "Downloading: $filename"
+        curl -s -o "$filename" "https://raw.githubusercontent.com/pythonbpf/Python-BPF/master/$file"
+    done
+    cd ..
+fi
+
+cd "$WORK_DIR" || exit 1
+chown -R "$REAL_USER:$(id -gn "$REAL_USER")" .
+
+echo "Creating Python virtual environment..."
+su - "$REAL_USER" -c "cd \"$WORK_DIR\" && python3 -m venv venv"
+
+echo "Installing Python packages..."
+su - "$REAL_USER" -c "cd \"$WORK_DIR\" && source venv/bin/activate && pip install --upgrade pip && pip install jupyter pythonbpf pylibbpf matplotlib"
+
+cat > "$WORK_DIR/start_jupyter.sh" << EOF
+#!/bin/bash
+cd "$WORK_DIR"
+source venv/bin/activate
+cd examples
+sudo ../venv/bin/python -m notebook --ip=0.0.0.0 --allow-root
+EOF
+
+chmod +x "$WORK_DIR/start_jupyter.sh"
+chown "$REAL_USER:$(id -gn "$REAL_USER")" "$WORK_DIR/start_jupyter.sh"
+
+print_info "========================================================"
+print_info "Setup complete! To start Jupyter Notebook, run:"
+print_info "$ sudo $WORK_DIR/start_jupyter.sh"
+print_info "========================================================"