Re: [PATCH v6 net-next 1/6] net: filter: add "load 64-bit immediate" eBPF instruction

From: Alexei Starovoitov
Date: Tue Aug 26 2014 - 00:12:28 EST

On Mon, Aug 25, 2014 at 6:06 PM, David Miller <davem@xxxxxxxxxxxxx> wrote:
> Instead I would rather you look into a model like what the quake
> engine uses for it's VM.

Thanks for the tip! I wasn't aware of quake vm.
I've looked through several papers and slides.
I'm surely missing something in what they're doing, but
here is my comparison of eBPF vs QVM:
- QVM ISA is stack based vs eBPF registers
- pointer types are predefined by QVM ISA whereas eBPF relies
on static verifier which is more extensible, since verifier can get
progressively smarter with time without need to change interpreter,
llvm and JITs, whereas QVM would need changes through the
toolchain, interpreter, JITs to support new pointer type
- QVM calls with negative values invoke helper functions, which is
similar to eBPF calls. The difference is QVM keeps negative values
while interpreting and doing run-time checking of arguments whereas
eBPF is statically verifying all before interpreting
- access to QVM 'local' memory is bounds checked at run-time,
whereas eBPF does load/store bounds checking by static analysis

I may be wrong, but it seems possible to side step QVM run-time
checking, since their 'top of stack' is typeless and it seems possible
to push constant as a pointer there.

I'm biased, but eBPF seems like better architecture,
more flexible, likely faster to interpret, simple JITs, more powerful
compiler. The downside, of course, eBPF verifier is more complex
than QVM which is mainly relying on run-time checks.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at