lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Sat, 18 Oct 2014 10:33:56 +0000 (UTC)
From:	Mathieu Desnoyers <>
To:	Alexei Starovoitov <>
	"zhangwei(Jovi)" <>
Subject: LTTng-UST bytecode interpreter

Hi Alexei,

Following our Plumbers discussion, here are links to
lttng-ust and lttng-tools parts that are relevant to
the bytecode I use for tracepoint filtering:;a=summary
  -> parser of filter expressions to AST, then to
     intermediate representation, followed by
     bytecode generation.

The bytecode is then moved from the client to the
application being traced through the lttng-sessiond
  filter "linker" attaching bytecode to tracepoint.
  _lttng_filter_event_link_bytecode() has all the
  steps required to translate a bytecode into
  something the interpreter can use.

  Perform type specialization of some opcodes. This
  is done after linking to an event fields, now that
  we know their type.

  Validation of the bytecode: making sure typing is
  consistent, checks there are no loops (no backward

  Bytecode interpreter, executes quickly without any
  checks, relying on the fact that they were already
  performed by the validator. It is a threaded
  interpreter which has 2 registers aliasing the top
  of its stack.

My general approach is to use an interpreter to deal
with the general case, which makes porting to new
architectures easy. We can then have JIT phases if
we want to eventually translate this bytecode into
native instruction.

Working with a bytecode which has a slightly higher
level semantic allows dealing with strings as a basic
type in addition to integers and floating point values.

Please note that the current bytecode is limited to
64-bit integers. We can eventually extend it to be
more compact (8, 16, 32-bit integers).

This is just provided as input in case some ideas
can be useful for your work on eBPF. 



Mathieu Desnoyers
EfficiOS Inc.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists