On Thu, Jul 24, 2014 at 11:25 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote: > On Thu, Jul 17, 2014 at 9:20 PM, Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote: >> Safety of eBPF programs is statically determined by the verifier, which detects: >> - loops >> - out of range jumps >> - unreachable instructions >> - invalid instructions >> - uninitialized register access >> - uninitialized stack access >> - misaligned stack access >> - out of range stack access >> - invalid calling convention > > Is there something that documents exactly what conditions an eBPF > program must satisfy in order to be considered valid? I did a writeup in the past on things that verifiers checks and gave it to internal folks to review. Guys have said that now they understand very well how it works, but in reality it didn't help at all to write valid programs. What worked is 'verification trace' = the instruction by instruction dump of verifier state while it's analyzing the program. I gave few simple examples of it in 'Understanding eBPF verifier messages' section: https://git.kernel.org/cgit/linux/kernel/git/ast/bpf.git/diff/Documentation/networking/filter.txt?id=b22459133b9f52d2176c8c0f8b5eb036478a40c9 Every example there is what "program must satisfy to be valid"... Therefore I'm addressing two things: 1. how verifier works and what it checks for. that is described in 'eBPF verifier' section of the doc and in 200 lines of comments inside verifier.c 2. how to write valid programs that's more important one, since it's a key to happy users. 'verification trace' is the first step. I'm planning to add debug info and user space tool that points out to line in C instead of assembler trace. In other words to bring errors to user as early as possible during compilation process. This is not a concern when programs are written in assembler, since the programs will be much shorter and thought through by the author. However I don't think there will be too many users willing to understand ebpf assembler. I suspect you're more concerned about #1 at this point whereas I'm concerned about #2. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html