Merge branch 'master' into feature_fix_libbpf_examples

.github/workflows/test-examples.yml

@@ -31,11 +31,22 @@ jobs:
       - name: Build and install runtime (with llvm-jit)
         if: ${{matrix.enable_jit}}
         run: |
-          make release-with-llvm-jit -j
+          cmake -Bbuild  -DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo \
+            -DBPFTIME_LLVM_JIT=1 \
+            -DBUILD_BPFTIME_DAEMON=1 \
+            -DCMAKE_CXX_FLAGS="-DDEFAULT_LOGGER_OUTPUT_PATH='\"console\"'"
+          cmake --build build --config RelWithDebInfo --target install -j
       - name: Build and install runtime (without llvm-jit)
         if: ${{!matrix.enable_jit}}
         run: |
-          make release -j
+          cmake -Bbuild  -DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo \
+            -DBPFTIME_LLVM_JIT=0 \
+            -DBUILD_BPFTIME_DAEMON=1 \
+            -DCMAKE_CXX_FLAGS="-DDEFAULT_LOGGER_OUTPUT_PATH='\"console\"'"
+          cmake --build build --config RelWithDebInfo --target install -j
+      - name: Build basic examples
+        run: |
+            make -C example -j
       - name: Upload build results (without jit)
         uses: actions/upload-artifact@v3
         if: ${{!matrix.enable_jit}}
@@ -55,10 +66,24 @@ jobs:
     needs: [build-runtime]
     container: 
       image: "manjusakalza/bpftime-base-image:${{matrix.container.image}}"
-      options: --privileged -v /sys/kernel/debug/:/sys/kernel/debug:rw -v /sys/kernel/tracing:/sys/kernel/tracing:rw
+      options: " ${{matrix.privilege_options.options}}"
     strategy:
       fail-fast: true
       matrix:
+        exclude:
+          - privilege_options:
+              enable: false
+            examples:
+              syscall_trace: true
+          - privilege_options:
+              enable: false
+            examples:
+              path: tailcall_minimal
+        privilege_options:
+          - options: "--privileged -v /sys/kernel/debug/:/sys/kernel/debug:rw -v /sys/kernel/tracing:/sys/kernel/tracing:rw"
+            enable: true
+          - options: ""
+            enable: false
         container:
           - image: ubuntu-2204
             name: ubuntu

.github/workflows/test-aot-cli.yml → .github/workflows/test-tools.yml

@@ -1,4 +1,4 @@
-name: Build and test AOT cli
+name: Build and test bpftime tools
 
 on:
   push:
@@ -27,20 +27,10 @@ jobs:
     - name: Build and install everything
       run: |
         make release-with-llvm-jit -j
-    - name: Do compilation & run
-      run: |
-        export PATH=$PATH:~/.bpftime
-        cd .github/assets
-        bpftime-vm build sum.bpf.o
-        echo "AwAAAAEAAAACAAAAAwAAAA==" | base64 -d > test.bin
-        program_output=$(bpftime-vm run test.o test.bin)
-        echo $program_output
-        if echo $program_output | grep "Output: 6"; then
-          echo "Successful!"
-          exit 0
-        else
-          echo "Not found!"
-          exit 1
-        fi
+    # TODO: add test for the tools
+    # - name: Run the test scripts
+    #   run: |
+    #     export PATH=$PATH:~/.bpftime
+
 
 

.github/workflows/test-vm.yml

@@ -36,11 +36,3 @@ jobs:
         python-version: '3.8'
     - name: build
       run: make build-vm
-    - name: run tests x86
-      shell: bash
-      run: |
-        python3.8 -m venv vm/test
-        source vm/test/bin/activate
-        pip install -r vm/test/requirements.txt
-        # make build # or build-arm32 build-arm64
-        make -C vm test-vm -j

.gitmodules

@@ -16,3 +16,6 @@
 [submodule "third_party/ubpf"]
 	path = third_party/ubpf
 	url = https://github.com/iovisor/ubpf
+[submodule "vm/llvm-jit"]
+	path = vm/llvm-jit
+	url = https://github.com/eunomia-bpf/llvmbpf

CMakeLists.txt

@@ -46,13 +46,15 @@ function(bpftime_add_static_lib_component_command target)
     )
     set(BPFTIME_STATIC_LIB_AR_CMDS ${BPFTIME_STATIC_LIB_AR_CMDS} ${CMDS} PARENT_SCOPE)
   endif()
+
   set(BPFTIME_STATIC_LIB_DEPS ${BPFTIME_STATIC_LIB_DEPS} ${target} PARENT_SCOPE)
 endfunction()
 
 function(bpftime_add_libs_component_command target_path)
   get_filename_component(target_name ${target_path} NAME)
   string(REGEX REPLACE "^lib" "" target_name ${target_name})
   string(REGEX REPLACE "\.a$" "" target_name ${target_name})
+
   if(APPLE)
     if(CMAKE_AR_NAME STREQUAL "ar")
       list(APPEND CMDS
@@ -86,7 +88,7 @@ message(STATUS "Started CMake for ${PROJECT_NAME} v${PROJECT_VERSION}...\n")
 
 # if option to build without libbpf is set
 if(${BPFTIME_BUILD_WITH_LIBBPF})
-  add_definitions(-DUSE_LIBBPF)
+  add_definitions(-DBPFTIME_BUILD_WITH_LIBBPF=1)
 endif()
 
 if(UNIX)
@@ -117,32 +119,35 @@ endif()
 if(${BPFTIME_BUILD_WITH_LIBBPF})
   include(cmake/libbpf.cmake)
 endif()
+
 # install frida
 include(cmake/frida.cmake)
 
-
 set(CMAKE_POSITION_INDEPENDENT_CODE YES)
 
 if(${ENABLE_EBPF_VERIFIER})
   add_subdirectory(bpftime-verifier)
 else()
   message(STATUS "Skipping ebpf verifier")
+
   # Catch2
-  add_subdirectory(third_party/Catch2)
+  if(NOT DEFINED Catch2_INCLUDE)
+    message(STATUS "Adding Catch2 by subdirectory")
+    add_subdirectory(third_party/Catch2)
+  endif()
 endif()
 
 # spdlog
 add_subdirectory(third_party/spdlog)
+
 if(NOT DEFINED SPDLOG_ACTIVE_LEVEL)
   if(CMAKE_BUILD_TYPE STREQUAL "Debug")
-    add_compile_definitions(SPDLOG_ACTIVE_LEVEL=SPDLOG_LEVEL_DEBUG)
+    add_compile_definitions(SPDLOG_ACTIVE_LEVEL=SPDLOG_LEVEL_TRACE)
   else()
     add_compile_definitions(SPDLOG_ACTIVE_LEVEL=SPDLOG_LEVEL_INFO)
   endif()
 endif()
 
-
-
 set(SPDLOG_INCLUDE ${CMAKE_CURRENT_SOURCE_DIR}/third_party/spdlog/include)
 
 # argparse
@@ -155,52 +160,55 @@ add_subdirectory(attach)
 
 add_subdirectory(runtime)
 
-
 # add to single archive if option is enabled
-if (${BPFTIME_BUILD_STATIC_LIB})
-set(UBPF_BUILD_DIR ${CMAKE_CURRENT_BINARY_DIR}/vm/ubpf-vm/ubpf)
-message(STATUS " Adding libraries to single static archive file")
-bpftime_add_static_lib_component_command(bpftime_vm)
-if(${BPFTIME_LLVM_JIT})
-bpftime_add_static_lib_component_command(bpftime_llvm_jit_vm)
-else()
-bpftime_add_static_lib_component_command(bpftime_ubpf_vm)
-bpftime_add_libs_component_command(${UBPF_BUILD_DIR}/lib/libubpf.a)
-endif()
-bpftime_add_libs_component_command(${FRIDA_GUM_INSTALL_DIR}/libfrida-gum.a)
-bpftime_add_static_lib_component_command(bpftime_frida_uprobe_attach_impl)
-if(${BPFTIME_BUILD_WITH_LIBBPF})
-bpftime_add_libs_component_command(${CMAKE_CURRENT_BUILD_DIR}/libbpf/libbpf/libbpf.a)
-bpftime_add_static_lib_component_command(bpftime_syscall_trace_attach_impl)
-endif()
-bpftime_add_static_lib_component_command(runtime)
-bpftime_add_static_lib_component_command(spdlog)
-add_custom_command(OUTPUT "libbpftime.a"
+if(${BPFTIME_BUILD_STATIC_LIB})
+  set(UBPF_BUILD_DIR ${CMAKE_CURRENT_BINARY_DIR}/vm/ubpf-vm/ubpf)
+  message(STATUS " Adding libraries to single static archive file")
+  bpftime_add_static_lib_component_command(bpftime_vm)
+
+  if(${BPFTIME_LLVM_JIT})
+    bpftime_add_static_lib_component_command(bpftime_llvm_vm)
+  else()
+    bpftime_add_static_lib_component_command(bpftime_ubpf_vm)
+    bpftime_add_libs_component_command(${UBPF_BUILD_DIR}/lib/libubpf.a)
+  endif()
+
+  bpftime_add_libs_component_command(${FRIDA_GUM_INSTALL_DIR}/libfrida-gum.a)
+  bpftime_add_static_lib_component_command(bpftime_frida_uprobe_attach_impl)
+
+  if(${BPFTIME_BUILD_WITH_LIBBPF})
+    bpftime_add_libs_component_command(${CMAKE_CURRENT_BUILD_DIR}/libbpf/libbpf/libbpf.a)
+    bpftime_add_static_lib_component_command(bpftime_syscall_trace_attach_impl)
+  endif()
+
+  bpftime_add_static_lib_component_command(runtime)
+  bpftime_add_static_lib_component_command(spdlog)
+  add_custom_command(OUTPUT "libbpftime.a"
     ${BPFTIME_STATIC_LIB_AR_CMDS}
     ${BPFTIME_STATIC_LLVM_LIB_AR_CMDS}
     COMMAND ${CMAKE_AR} -qcs libbpftime.a objs/*/*.o
     COMMAND ${CMAKE_COMMAND} -E remove_directory objs
     WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
     DEPENDS ${BPFTIME_STATIC_LIB_DEPS}
-    )
-add_custom_target(bpftime_static_target ALL DEPENDS "libbpftime.a")
-add_library(bpftime_static STATIC IMPORTED GLOBAL)
-add_dependencies(bpftime_static bpftime_static_target)
-
-set_target_properties(bpftime_static
-PROPERTIES
-IMPORTED_LOCATION "${CMAKE_CURRENT_BINARY_DIR}/libbpftime.a"
-)
+  )
+  add_custom_target(bpftime_static_target ALL DEPENDS "libbpftime.a")
+  add_library(bpftime_static STATIC IMPORTED GLOBAL)
+  add_dependencies(bpftime_static bpftime_static_target)
 
-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libbpftime.a
-DESTINATION ~/.bpftime 
-)
+  set_target_properties(bpftime_static
+    PROPERTIES
+    IMPORTED_LOCATION "${CMAKE_CURRENT_BINARY_DIR}/libbpftime.a"
+  )
 
+  install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libbpftime.a
+    DESTINATION ~/.bpftime
+  )
 endif()
 
-if (${BUILD_BPFTIME_DAEMON} AND ${BPFTIME_BUILD_WITH_LIBBPF})
+if(${BUILD_BPFTIME_DAEMON} AND ${BPFTIME_BUILD_WITH_LIBBPF})
   add_subdirectory(daemon)
 endif()
+
 add_subdirectory(tools)
 
 if(${BUILD_ATTACH_IMPL_EXAMPLE})
@@ -209,16 +217,16 @@ endif()
 
 # benchmark that requires bpftime libraries
 if(${BPFTIME_BUILD_WITH_LIBBPF})
-# Currently benchmark is using libbpf
-add_subdirectory(benchmark)
+  # Currently benchmark is using libbpf
+  add_subdirectory(benchmark)
 endif()
 
-
 set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>DLL")
 
 set(DEST_DIR "$ENV{HOME}/.bpftime")
+
 if(${BPFTIME_BUILD_WITH_LIBBPF})
-    install(TARGETS bpftime-agent bpftime_text_segment_transformer bpftime-syscall-server CONFIGURATIONS Release Debug RelWithDebInfo DESTINATION ${DEST_DIR})
+  install(TARGETS bpftime-agent bpftime_text_segment_transformer bpftime-syscall-server CONFIGURATIONS Release Debug RelWithDebInfo DESTINATION ${DEST_DIR})
 else()
-    install(TARGETS bpftime-agent bpftime-syscall-server CONFIGURATIONS Release Debug RelWithDebInfo DESTINATION ${DEST_DIR})
+  install(TARGETS bpftime-agent bpftime-syscall-server CONFIGURATIONS Release Debug RelWithDebInfo DESTINATION ${DEST_DIR})
 endif()

Dockerfile

@@ -8,4 +8,4 @@ RUN git submodule update --init --recursive
 ENV CXX=g++
 ENV CC=gcc
 RUN make release
-ENV PATH="${PATH}:/root/.bpftime/"
+ENV PATH="${PATH}:/root/.bpftime/"

Makefile

@@ -65,7 +65,7 @@ release: ## build the release version
 
 release-with-llvm-jit: ## build the package, with llvm-jit
 	cmake -Bbuild  -DCMAKE_BUILD_TYPE:STRING=RelWithDebInfo \
-				   -DBPFTIME_LLVM_JIT=1
+				   -DBPFTIME_LLVM_JIT=1 \
 				   -DBUILD_BPFTIME_DAEMON=1
 	cmake --build build --config RelWithDebInfo --target install -j$(JOBS)
 

README.md

@@ -17,18 +17,18 @@
 
 ## Key Features
 
-- **Uprobe and Syscall hooks based on binary rewriting**: Run eBPF programs in userspace, attaching them to Uprobes and Syscall tracepoints: **No manual instrumentation or restart required!**. It can `trace` or `change` the execution of a function, `hook` or `filter` all syscalls of a process safely, and efficiently with an eBPF userspace runtime.
-- **Performance**: Experience up to a `10x` speedup in Uprobe overhead compared to kernel uprobe and uretprobe.
+- **Uprobe and Syscall hooks based on binary rewriting**: Run eBPF programs in userspace, attaching them to Uprobes and Syscall tracepoints: **No manual instrumentation or restart required!**. It can `trace` or `change` the execution of a function, `hook` or `filter` all syscalls of a process safely, and efficiently with an eBPF userspace runtime. Can inject eBPF runtime into any running process without the need for a restart or manual recompilation.
+- **Performance**: Experience up to a `10x` speedup in Uprobe overhead compared to kernel uprobe and uretprobe. Read/Write userspace memory is also faster than kernel eBPF.
 - **Interprocess eBPF Maps**: Implement userspace `eBPF maps` in shared userspace memory for summary aggregation or control plane communication.
-- **Compatibility**: use `existing eBPF toolchains` like clang and libbpf to develop userspace eBPF without any modifications. Supporting CO-RE via BTF, and offering userspace host function access.
-- **JIT Support**: Benefit from a cross-platform eBPF interpreter and a high-speed `JIT/AOT` compiler powered by LLVM. It also includes a handcrafted x86 JIT in C for limited resources. The vm can be built as `a standalone library` like ubpf.
-- **No instrumentation**: Can inject eBPF runtime into any running process without the need for a restart or manual recompilation.
+- **Compatibility**: use `existing eBPF toolchains` like clang, libbpf and bpftrace to develop userspace eBPF application without any modifications. Supporting CO-RE via BTF, and offering userspace `ufunc` access.
+- **Multi JIT Support**: Support [llvmbpf](https://github.com/eunomia-bpf/llvmbpf), a high-speed `JIT/AOT` compiler powered by LLVM, or using `ubpf JIT` and INTERPRETER. The vm can be built as `a standalone library` like ubpf.
 - **Run with kernel eBPF**: Can load userspace eBPF from kernel, and using kernel eBPF maps to cooperate with kernel eBPF programs like kprobes and network filters.
 
 ## Components
 
-- [`vm`](https://github.com/eunomia-bpf/bpftime/tree/master/vm): The eBPF VM and JIT for eBPF, you can choose from bpftime LLVM JIT and a simple JIT/interpreter based on ubpf. It can be built as a standalone library and integrated into other projects. The API is similar to ubpf.
-- [`runtime`](https://github.com/eunomia-bpf/bpftime/tree/master/runtime): The userspace runtime for eBPF, including the syscall server and agent, attaching eBPF programs to Uprobes and Syscall tracepoints, and eBPF maps in shared memory.
+- [`vm`](https://github.com/eunomia-bpf/bpftime/tree/master/vm): The eBPF VM and JIT compiler for bpftime, you can choose from [bpftime LLVM JIT/AOT compiler](https://github.com/eunomia-bpf/llvmbpf) and [ubpf](https://github.com/iovisor/ubpf). The [llvm-based vm](https://github.com/eunomia-bpf/llvmbpf) in bpftime can also be built as a standalone library and integrated into other projects, similar to ubpf.
+- [`runtime`](https://github.com/eunomia-bpf/bpftime/tree/master/runtime): The userspace runtime for eBPF, including the bpf-syscall loader(`syscall-server`) and agent, support attaching eBPF programs to Uprobes, Syscall tracepoints and other events, as well as eBPF maps in shared memory.
+- [verifier](https://github.com/eunomia-bpf/bpftime/tree/master/bpftime-verifier): Support using [PREVAIL](https://github.com/vbpf/ebpf-verifier) as userspace verifier, or using Linux kernel verifier as an option.
 - [`daemon`](https://github.com/eunomia-bpf/bpftime/tree/master/daemon): A daemon to make userspace eBPF working with kernel and compatible with kernel uprobe. Monitor and modify kernel eBPF events and syscalls, load eBPF in userspace from kernel.
 
 ## Quick Start

attach/frida_uprobe_attach_impl/CMakeLists.txt

@@ -25,7 +25,8 @@ set(TEST_SOURCES
 )
 add_executable(bpftime_frida_uprobe_attach_tests ${TEST_SOURCES})
 
-if(${ENABLE_EBPF_VERIFIER})
+if(${ENABLE_EBPF_VERIFIER} AND NOT TARGET Catch2)
+    message(STATUS "Adding Catch2 by FetchContent for frida_uprobe_attach_impl")
     Include(FetchContent)
     FetchContent_Declare(
         Catch2

attach/syscall_trace_attach_impl/CMakeLists.txt

@@ -30,7 +30,8 @@ set(TEST_SOURCES
 )
 add_executable(bpftime_syscall_trace_attach_tests ${TEST_SOURCES})
 
-if(${ENABLE_EBPF_VERIFIER})
+if(${ENABLE_EBPF_VERIFIER} AND NOT TARGET Catch2)
+    message(STATUS "Adding Catch2 by FetchContent at syscall_trace_attach_impl")
     Include(FetchContent)
     FetchContent_Declare(
         Catch2