The version discussed in the PLDI paper is available here.
DeepWiki: A comprehensive auto-generated documentation is avaliable at https://deepwiki.com/vbpf/prevail
Clone:
git clone --recurse-submodules https://github.com/vbpf/prevail.git
cd prevail
sudo apt install build-essential git cmake libboost-dev libyaml-cpp-dev sudo apt install libboost-filesystem-dev libboost-program-options-dev
cmake -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build
cmake -B build
cmake --build build --config Release
brew install llvm cmake boost yaml-cpp
The system llvm currently comes with Clang 15, which isn't enough to compile prevail, as it depends on C++20. Brew's llvm comes with Clang 17.
export CPATH=$(brew --prefix)/include LIBRARY_PATH=$(brew --prefix)/lib CMAKE_PREFIX_PATH=$(brew --prefix)
cmake -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER=$(brew --prefix llvm)/bin/clang -DCMAKE_CXX_COMPILER=$(brew --prefix llvm)/bin/clang++
cmake --build build
docker build -t verifier . docker run -it verifier ebpf-samples/cilium/bpf_lxc.o 2/1 1,0.009812,4132 # To run the Linux verifier you'll need a privileged container: docker run --privileged -it verifier ebpf-samples/linux/cpustat_kern.o --domain=linux
$ ./check ebpf-samples/cilium/bpf_lxc.o 2/1
1,0.008288,4064
The output is three comma-separated values:
PREVAIL is a new eBPF verifier based on abstract interpretation.
Usage: ./check [OPTIONS] path [section] [function]
Positionals:
path TEXT:FILE REQUIRED Elf file to analyze
section SECTION Section to analyze
function FUNCTION Function to analyze
Options:
-h,--help Print this help message and exit
--section SECTION Section to analyze
--function FUNCTION Function to analyze
-l List programs
--domain DOMAIN:{stats,linux,zoneCrab,cfg} [zoneCrab]
Abstract domain
Features:
--termination,--no-verify-termination{false}
Verify termination. Default: ignore
--allow-division-by-zero,--no-division-by-zero{false}
Handling potential division by zero. Default: allow
-s,--strict Apply additional checks that would cause runtime failures
--include_groups GROUPS:{atomic32,atomic64,base32,base64,callx,divmul32,divmul64,packet}
Include conformance groups
--exclude_groups GROUPS:{atomic32,atomic64,base32,base64,callx,divmul32,divmul64,packet}
Exclude conformance groups
Verbosity:
--simplify,--no-simplify{false}
Simplify the CFG before analysis by merging chains of instructions into a single basic block. Default: enabled
--line-info Print line information
--print-btf-types Print BTF types
--assume-assert,--no-assume-assert{false}
Assume assertions (useful for debugging verification failures). Default: disabled
-i Print invariants
-f Print verifier's failure logs
-v Print both invariants and failures
CFG output:
--asm FILE Print disassembly to FILE
--dot FILE Export control-flow graph to dot FILE
A standard alternative to the --asm flag is llvm-objdump -S FILE.
The cfg can be viewed using dot and the standard PDF viewer:
sudo apt install graphviz
./check ebpf-samples/cilium/bpf_lxc.o 2/1 --dot cfg.dot --domain=stats
dot -Tpdf cfg.dot > cfg.pdf
To run the Linux verifier, you must use sudo:
sudo ./check ebpf-samples/linux/cpustat_kern.o tracepoint/power/cpu_idle --domain=linux
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4