bpftime
bpfcov
| bpftime | bpfcov | |
|---|---|---|
| 6 | 5 | |
| 631 | 121 | |
| 6.8% | 0.0% | |
| 9.2 | 0.0 | |
| 9 days ago | about 2 years ago | |
| C++ | C | |
| MIT License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bpftime
-
eBPF Tutorial by Example 16: Monitoring Memory Leaks
Uprobe in kernel mode eBPF runtime may also cause relatively large performance overhead. In this case, you can also consider using user mode eBPF runtime, such as bpftime. bpftime is a user mode eBPF runtime based on LLVM JIT/AOT. It can run eBPF programs in user mode and is compatible with kernel mode eBPF, avoiding context switching between kernel mode and user mode, thereby improving the execution efficiency of eBPF programs by 10 times.
-
bpftime: Extending eBPF from Kernel to Userspace
In this blog, we are excited to introduce a new open-source user-space eBPF runtime: https://github.com/eunomia-bpf/bpftime. bpftime further expands the capabilities of eBPF, allowing existing eBPF tools and applications, such as BCC tools, bpftrace, Deepflow, etc., to run in non-privileged user space without any code modifications, while using the same libraries and toolchains as kernel eBPF.
- The Secure Path Forward for eBPF runtime: Challenges and Innovations
-
Bpftime: Userspace eBPF runtime for fast Uprobe and Syscall hook and Plugins
Thanks for sharing your talk and insights! bpftrace is a wonderful tool, and the talk is great!
In fact, bpftime can already run bpftrace in userspace for uprobes, without any modification: https://github.com/eunomia-bpf/bpftime/tree/master/example/b...
(There might still need some bug fixes in some cases, eg. the signal handler to stop the bpf program...
bpfcov
- Bpfcov – source-based code coverage for eBPF programs
- Show HN: Bpfcov – source-based code coverage for eBPF programs
- Coverage for eBPF programs
-
Source-based code coverage for eBPF programs
Lazyweb: the LLVM pass (libBPFCov.so) and the CLI source code is at: https://github.com/elastic/bpfcov
- elastic/bpfcov: Source-code based coverage for eBPF programs actually running in the Linux kernel
What are some alternatives?
chaotix - The chaotix operating system! (Previously known as Magma or Psychix)
pwru - Packet, where are you? -- eBPF-based Linux kernel networking debugger
wasm-micro-runtime - WebAssembly Micro Runtime (WAMR)
adorad - Fast, Expressive, & High-Performance Programming Language for those who dare
bpf-developer-tutorial - eBPF Developer Tutorial: Learning eBPF Step by Step with Examples
npf - NPF: packet filter with stateful inspection, NAT, IP sets, etc.
AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
redcanary-ebpf-sensor - Red Canary's eBPF Sensor
bpfman - An eBPF Manager for Linux and Kubernetes
traffico - Shape your traffic the BPF way
opentelemetry-go-instrumentation - OpenTelemetry Auto Instrumentation using eBPF
checkedc - Checked C is an extension to C that lets programmers write C code that is guaranteed by the compiler to be type-safe. The goal is to let people easily make their existing C code type-safe and eliminate entire classes of errors. Checked C does not address use-after-free errors. This repo has a wiki for Checked C, sample code, the specification, and test code.