Improving BCC tracing for the Linux Kernel with LLVM IR

Session information has not yet been published for this event.


One Line Summary

Discuss and learn about the way BCC uses clang's rewrite functionality to create valid bpf programs, and how to improve support to create a better tracer.


Many of the tools in BCC rely on the ability to introspect kernel memory by way of pointer dereferences in the C/BPF scripts that these tools include. However, BPF doesn’t allow direct memory access, instead requiring the BPF program to use the bpf_probe_read helper. BCC uses clang’s rewrite functionality to do a source-to-source translation into a valid (but more verbose) C program.

This approach has worked, but is starting to hit a wall as more complex tools are written. Let’s discuss alternatives, one proposal being use of an LLVM IR “optimization” pass to generate valid programs.

Other topics in this session may include how to improve the user friendliness of writing BPF programs, such as using LLVM to give better compile-time error reporting before handing over to the kernel.


tracing, LLVM, Clang, bpf