Skip to content
/ ebpf-se Public

Tool to symbolically execute eBPF programs

License

MIT license
8 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dslab-epfl/ebpf-se

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
examples
examples
 
 
libbpf-stubbed
libbpf-stubbed
 
 
tool
tool
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

eBPF-SE

This repository hosts eBPF-SE, a tool that can be used to symbolically execute programs written using the Linux kernel's eBPF framework. eBPF-SE was previously a part of PIX, a tool that automatically extracts performance interfaces from NF code. In case eBPF-SE is useful to you in any published work, please cite the PIX paper published at NSDI'22.

Organization

Subdirectories have their own README files.

  • examples - contains a set of example eBPF programs that eBPF-SE has been used to symbolically execute so far.
  • tool - contains the symbolic execution engine which is based on KLEE
  • libbpf-stubbed - Simple models (stubs) for the Linux kernel's libbpf API that are amenable to symbolic execution. Linking against these models (as opposed to the real implementation of these API functions in the Linux kernel) ensures that eBPF-SE can explore all program paths through the loaded eBPF program without running into path explosion. Current directory is up-to-date with libbpf 1.2.2.

Getting Started

First, setup the tool as follows:

cd tool
./setup-tool.sh
source paths.sh

This step should take approximately 10 minutes and will install the symbolic execution engine along with all of its dependencies (KLEE, klee-uclibc and Z3). This also creates a paths.sh file which contains commands to add klee and its include directory to your path. We recommend adding source ebpf-se/tool/paths.sh to your .bashrc for ease of use.

Then, to test the tool on any of the provided examples (for instance, Katran):

cd examples/katran  # Replace with example of your choice here
make libbpf # This needs to be done only for the first example you run
make xdp-target
make symbex

You should automatically see the KLEE output at the end of third step, which describes the total number of paths explored during symbolic execution. The analysis for Katran, which is one of the more complex eBPF programs, takes approximately 2 minutes and yields 16110 paths.

Using eBPF-SE to analyze your own eBPF programs

Please follow the steps listed in examples/README.md.

Other information

  • All code in this repository was tested on Ubuntu 22.04.
  • For any questions, please contact Rishabh Iyer

About

Tool to symbolically execute eBPF programs

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages