1、开源云原生计算时代专场 李枫 2021年8月1日 本期议题：GraalVM-based unified runtime for eBPF&WASM Agenda I.Overview Runtime DSL eBPF LLVM WASM GraalVM Testbed II.eBPF on GraalVM uBPF Implementations III.WASM on GraalVM GraalVM-native Implementation Sulong-based Implementation IV.Unified eBPF&WASM runtime for Cloud Native R

2、ethinking Cloud Native Why is GraalVM Ideas for Unified eBPF&WASM runtime V.Wrap-up Who Am I The main translator of the book Gray Hat Hacking The Ethical Hackers Handbook,Fourth Edition(ISBN：9787302428671)&Linux Hardening in Hostile Networks,First Edition(ISBN:9787115544384)Pure software developmeme

3、nt for 15 years Actively participate in various activities of the open source community https:/ https:/ Recently,focus on infrastructure of Cloud/Edge Computing,AI,Virtualization,Program Runtimes,Network,5G,RISC-V,EDA I.Overview 1)Runtime https:/en.wikipedia.org/wiki/Runtime_system https:/en.wikiped

4、ia.org/wiki/Register_machine https:/en.wikipedia.org/wiki/Stack_machine https:/en.wikipedia.org/wiki/Intermediate_representation https:/en.wikipedia.org/wiki/Bytecode https:/en.wikipedia.org/wiki/Compiler https:/en.wikipedia.org/wiki/Just-in-time_compilation https:/en.wikipedia.org/wiki/Ahead-of-tim

5、e_compilation https:/en.wikipedia.org/wiki/Source-to-source_compiler https:/en.wikipedia.org/wiki/Interpreter_(computing)https:/en.wikipedia.org/wiki/Polyglot_(computing)Polyglot use the best tool for the right jobs:high performance,scripting,web,functional programming,etc 1.1 The most important Pol

6、yglot Runtimes (GraalVM,.Net,WASM).Net https:/en.wikipedia.org/wiki/.NET Roadmap:https:/ https:/ 2)DSL https:/en.wikipedia.org/wiki/Domain-specific_language Pros&Cons:2.1 P4 https:/en.wikipedia.org/wiki/P4_(programming_language)https:/p4.org/Programming Protocol-independent Packet Processors(P4)is a

7、 domain-specific language for network devices,specifying how data plane devices(switches,NICs,routers,filters,etc.)process packets.Features:https:/p4.org/specs/https:/p4.org/learn/https:/p4.org/ecosystem/Workflow o Development https:/ https:/ https:/ 3.1 Overview https:/en.wikipedia.org/wiki/Berkele

8、y_Packet_Filter BPF(aka cBPF)Introduced in kernel 2.1.75(1997)https:/ eBPF(extended BPF)Since Linux Kernel v3.15 and ongoing Aims at being a universal in-kernel virtual machine A simple way to extend the functionality of Kernel at runtime “DTrace()for Linux”Source:https:/ BPF VM Source:https:/ BPF R

9、untime Internals bpf()system call http:/www.man7.org/linux/man-pages/man2/bpf.2.html o Source:https:/ https:/ebpf.io/https:/ebpf.io/what-is-ebpf/https:/ebpf.io/projects/3.2 BCC(BPF Compiler Collection)https:/ What is it https:/ toolkit with Python/Lua frontend for compiling,loading,and executing BPF

10、 programs,which allows user-defined instrumentation on a live kernel image:compile BPF program from C source attach BPF program to kprobe/uprobe/tracepoint/USDT/socket poll data from BPF program framework for building new tools or one-off scripts contains a P4 compiler for BPF targets additional pro

11、jects to support Go,Rust,and DTrace-style frontend https:/ Architecture o https:/ Source:http:/ libbcc.so libbcc_bpf.so 4)LLVM 4.1 Overview https:/en.wikipedia.org/wiki/LLVM https:/llvm.org http:/clang.llvm.org/o https:/www.llvm.org/ProjectsWithLLVM/Source:http:/ IR o https:/llvm.org/docs/LangRef.ht

12、ml MLIR:https:/mlir.llvm.org/Bitcode:https:/llvm.org/docs/BitCodeFormat.html https:/llvm.org/docs/CommandGuide/llvm-bcanalyzer.html https:/ LLVM vs GCC http:/lld.llvm.org/https:/llvm.org/docs/Proposals/LLVMLibC.html 4.2 LLVM support for eBPF eBPF backend firstly introduced in LLVM 3.7 release http:/

13、llvm.org/docs/CodeGenerator.html#the-extended-berkeley-packet-filter-ebpf-backend o$LLVM_SRC/lib/Target/BPF http:/cilium.readthedocs.io/en/latest/bpf/LLVM 9.0 Released With Ability To Build The Linux x86_64 Source:https:/ 5)WASM 5.1 Overview https:/en.wikipedia.org/wiki/WebAssembly https:/webassembl

14、y.org/WebAssembly(abbreviated Wasm)is a binary instruction format for a stack-based virtual machine.Wasm is designed as a portable compilation target for programming languages,enabling deployment on the web for client and server applications.https:/ https:/webassembly.org/getting-started/developers-

15、guide/Implementations o https:/ https:/ WASM&Rust https:/www.rust-lang.org/what/wasm https:/rustwasm.github.io/book https:/ Compilers o Limitations o 5.2 Beyond the browser https:/webassembly.org/docs/non-web/https:/ WebAssembly System Interface https:/wasi.dev/https:/ https:/ https:/hacks.mozilla.o

16、rg/2019/03/standardizing-wasi-a-webassembly-system-interface/https:/training.linuxfoundation.org/announcements/wasi-bringing-webassembly-way-beyond-browsers/6)GraalVM 6.1 Overview https:/en.wikipedia.org/wiki/GraalVM https:/www.graalvm.org/o A Universal High-Performance Polyglot VM A meta-runtime fo

17、r Language-Level Virtualization Currently base an Oracle Labs JDK 8,11,16 with JVMCI support https:/www.graalvm.org/docs/introduction/https:/ Editions CE(Community Edition)vs EE(Enterprise Edition)History o Source:“How and why GraalVM is quickly becoming relevant for you”,Lucas Jellema,DOAG 2020.Met

18、a-Circular Maxine GraalVM Source:https:/ A hybrid of static&dynamic runtimes Source:https:/ics.psu.edu/wp-content/uploads/2017/02/GraalVM-PSU.pptx Source:“Adopting Java for the Serverless world”,Vadym Kazulkin,JUG London 2020.Truffle&Graal https:/ AST https:/en.wikipedia.org/wiki/Abstract_syntax_tre

19、e Graal/GraalVM:ASTs as first class citizen IR Source:http:/crest.cs.ucl.ac.uk/cow/59/slides/cow59_Sarkar.pdf Graph-Based IR Platform Independent Graph-Based IR Platform Dependent Source:http:/ssw.jku.at/Research/Papers/Stadler14PhD/Thesis_Stadler_14.pdf Implement a new language runtime https:/www.g

20、raalvm.org/graalvm-as-a-platform/language-implementation-framework/https:/ Source:“Turning the JVM into a Polyglot VM with Graal”,Chris Seaton,Oracle Labs Sulong https:/ Memory Safe and Efficient Execution of LLVM-Based Languages https:/www.graalvm.org/docs/reference-manual/languages/llvm/Node LLVMN

21、ode$GRAALVM_SRC/sulong/projects/com.oracle.truffle.llvm.runtime/src/com/oracle/truffle/llvm/runtime/nodes Memory https:/www.graalvm.org/reference-manual/llvm/https:/www.graalvm.org/reference-manual/llvm/Compiling/lli(directly execute programs from LLVM bitcode)https:/llvm.org/docs/CommandGuide/lli.h

22、tml Source:https:/www.llvm.org/devmtg/2016-01/slides/Sulong.pdf Native Image https:/www.graalvm.org/reference-manual/native-image/https:/www.graalvm.org/examples/native-image-examples/o Benefits of the Image Heap Source:https:/www.jug-gr.de/downloads/JDK_14_und_GraalVM_im_Java-%C3%96kosystem_WW.pdf

23、Substrate VM(SVM)https:/llvJEP 295:Ahead-of-Time Compilation Self-contained native executables Source:https:/plang.tuwien.ac.at/lehre/ubvo/substrate.pdf Src https:/ https:/ https:/ Getting started https:/www.graalvm.org/docs/getting-started/https:/www.graalvm.org/reference-manual/graalvm-updater/Ass

24、ets:e.g.,https:/ Installation https:/www.graalvm.org/reference-manual/graalvm-updater/#component-installation e.g.,on X64 Laptop:7)Testbed 7.1 Raspberry Pi https:/www.raspberrypi.org/products/raspberry-pi-4-model-b/o 7.2 X86 Laptop on an Dell Laptop with Fedora 34+Kernel 5.13.4+14GB Memory(6GB DDR4+

25、8GB Swap)Fedora A Linux distribution developed by the community-supported Fedora Project which is sponsored primarily by Red Hat https:/en.wikipedia.org/wiki/Fedora_(operating_system)https:/getfedora.org/https:/alt.fedoraproject.org/alt/https:/spins.fedoraproject.org/https:/fedoraproject.org/wiki/Ar

26、chitectures/ARM https:/fedoramagazine.org/https:/silverblue.fedoraproject.org/Developer friendly!II.eBPF on GraalVM 1)uBPF 1.1 Overview Userspace BPF https:/ applied to Networking&Blockchain 2)Implementations Dev Env X64 Laptop:pip3 install user wheel nose nose2 coveralls cpp-coveralls pyelftools pa

27、rcon 2.1 BPF-Graal-Truffle https:/ a VM for(e)BPF built using the Truffle framework and utilizing Graal JIT compilation o X64 only Failed to be built with GraalVM CE Java11-21.2.0 o Even modified the GraalVM version in the configuration files Got the similar failure when built with GraalVM CE Java11

28、-20.1.0 Succesfully built with GraalVM CE Java8-20.1.0 o Disable Native(AOT)Retried with GraalVM CE Java11-21.2.0 and build pass Repatched:Rebuild:Successfully install bpf-component.jar to GraalVM CE Java11-21.2.0 Failed to start:Patched again:Succesfully run the“calculate the 10000th prime”test cas

29、e:Not passed all the test cases at:https:/ Under investigation Successfully run the samples with the built uBPF(IOVisor)with the GraalVM!https:/2.2 uBPF from IOVisor Userspace eBPF VM https:/ X64 only https:/Build make C vm https:/ Samples https:/klyr.github.io/posts/playing_with_ubpf/Run the uBPF I

30、OVisor run on GraalVM Method:convert uBPF(IOVisor)to LLVM bitcode installed GraalVM LLVM toolchain Initial build result:Something wrong with the linker in current GraalVM LLVM toolchain?My workaround(patched Makefile):Rebuild and run the previous samples:Successfully run the samples with the built u

31、BPF(IOVisor)with the GraalVM!https:/ 2.3 Summary Two ways to run uBPF with GraalVM:GraalVM-native implementation via Truffle/Graal working on porting project bpf-graal-truffle to the latest GraalVM CE for AArch64 with the re-implemented eBPF call instruction and so on keep the pace with the latest L

32、inux Kernel 5.13+Convert uBPF VM to LLVM bitcode working on a new version of GraalVM LLVM toolchain try to make Rust-based uBPF implementation run on GraalVM III.WASM on GraalVM Dev Env(on X64 Laptop)https:/emscripten.org/docs/getting_started/downloads.html sudo dnf install wabt mx https:/ Command-l

33、ine tool used for the development of Graal projects.for GraalVM development,pls refer to:https:/ 1)GraalVM-native Implementation 1.1 GraalWasm The official solution https:/ Samples https:/www.graalvm.org/reference-manual/wasm/floyd.c:Embedding WebAssembly Program https:/www.graalvm.org/reference-man

34、ual/wasm/https:/ https:/ prepare WasmPolyglotTest1.java(patched for above sample code):prepare main.c and main.wasm:put main.wasm and WasmPolyglotTest1.java to$GRAALVM_SRC/wasm at$GRAALVM_SRC/wasm,run“mx-dy/truffle,/compiler build”build pass!(GraalVM Java11-21.2.0)then run“mx-dy/compiler,/truffle-jd

35、k jvmci unittest WasmPolyglotTest1”try to run other tests and even without our new test case also got the same failure.and build failed when switching to GraalVM Java8-21.2.0.should be a JDK compliance issue,something wrong with the mx or my dev env?Still working on dig out the root cause https:/www

36、.graalvm.org/reference-manual/polyglot-programming/not mature yet 2)Sulong-based Implementation 2.1 XX Working on rebuild some awesome WASM implementations with GraalVM LLVM toolchain IV.Unified eBPF&WASM runtime for Cloud Native 1)Rethinking for Cloud Native 1.1 Replace docker with WASM?o https:/kr

37、ustlet.dev/run WASM workloads in your Kubernetes cluster .1.2 DSLs P4 https:/opennetworking.org/news-and-events/blog/p4c-ubpf-a-new-back-end-for-the-p4-compiler/https:/ https:/ .How about a GraalVM-native implementation of P4-like DSL?1.3 EDA in the Cloud https:/ FOSS EDA tools are written in variou

38、s languages you may refer to my previous talks as below:Scala-based FOSS EDA on ARM at the 5th China Functional Programming Meetup(Shanghai 2021)Python-based Open Source Toolchain for RISC-V Development at the 1st RISC-V World Conference China(Shanghai 2021).1.4 eBPF-centric infrastructure for edge

39、computing Reconstructing nearly every aspect of Linux Kernel Networking&Security subsystem and much more.A new design Source:“Rethinking Hyper-Converged Infrastructure for Edge Computing”,Feng Li,OpenInfra Days 2019(Shanghai)Cilium https:/cilium.io/eBPF-based Networking,Security,and Observability ht

40、tps:/cilium.io/blog/2021/05/11/cni-benchmark Rethinking Cilium,Kubernetes,Service Mesh(Istio/Linkerd,Envoy)More and more lightweight Kubernetes Krustlet-like new projects Extending Envoy with WASM https:/thenewstack.io/wasm-modules-and-envoy-extensibility-explained-part-1/Ciliums ambition 2)Why is G

41、raalVM Best choice in current stage higher productivity for customizing a VM a more mature ecosystem many language implementations for reference official support for WASM less fragmentation and more sustainability“one VM to rule them all”how about a re-implementation of BCC by leveraging GraalVM?htt

42、ps:/ Still need to be further perfected further optimize code base e.g.,OpenJDK 17 further reduce the consumption of system resources e.g.,Mandrel for Quarkus further improve GraalVM LLVM toolchain e.g.,enhance the linker and add more tools provide a toolkit like VM generator for convenience e.g.,au

43、tomated generate a base VM according to an user defined configuration file 3)Ideas for Unified eBPF&WASM runtime SuperVM(Register-based)A“superset”of eBPF&WASM 1.backward compatible with eBPF bytecode 2.WASM bytecode could be converted to(similar to convert Java bytecode for Dalvik VM)3.hardware-fri

44、endly A superset of WASI 1.extended system interface for both uBPF&WASM 2.better support heterogeneous parallel computing New DSLs for Super VM In-Kernel Super VM One VM to run both eBPF and WASM program in Linux Kernel Written in Rust?https:/ heads into the kernel?https:/ in the Linux kernel https:

45、/ support hits linux-next https:/ Linux kernel development in Rust https:/ -happening-next/https:/ https:/ https:/ https:/ /Idiomatic rust wrapper around libbpf https:/ /A Rust eBPF toolchain V.Wrap-up DSLs are becoming increasingly more important.GraalVM,WASM and.Net are the key players to future o

46、f Polyglot Runtimes.eBPF is the key point in the infrastructure of tomorrows edge computing.How about unified runtime for eBPF&WASM?Project like OVS(Open vSwitch)that code need to be run both in the user space and kernel space may adopt“a new design”.Make the things above work on ARM&RISC-V.Q&A Thanks!Reference Slides/materials from many and varied sources:http:/en.wikipedia.org/wiki/http:/ https:/plvision.eu/expertise/sdn-nfv/p4 https:/ https:/ https:/ https:/doc.dpdk.org/guides/prog_guide/bpf_lib.html https:/