
An Introduction to the BPF Compiler Collection (2017) - Tomte
https://lwn.net/SubscriberLink/742082/8528a1e85bb9e65c/
======
brendangregg
It's a good article; since it was published, we've released bpftrace as a
high-level front end. It's a much easier interface than bcc, and great for
one-liners and short scripts.

[https://github.com/iovisor/bpftrace/blob/master/docs/tutoria...](https://github.com/iovisor/bpftrace/blob/master/docs/tutorial_one_liners.md)
[https://github.com/iovisor/bpftrace/blob/master/docs/referen...](https://github.com/iovisor/bpftrace/blob/master/docs/reference_guide.md)

bpftrace has alreay been packaged by Debian, Canonical, and others. Maybe you
can try it with just an apt-get install bpftrace, or snap install bpftrace.

bcc is great for complex tools and daemons. Right now at Netflix I'm coding in
both.

------
ncmncm
Everyone seems to assume that eBPF program source is C. But LLVM is happy to
generate code from IF produced from other languages, notably C++ and Rust. It
would be unfortunate if BCC fails to make available improved ways to express
eBPF programs.

People have asked me why anyone would code small program fragments like eBPF
in C++. The short answer is that C++ enables better encapsulation of
semantics, particularly those useful for a whole collection of eBPF program
fragments. Once you find a use for eBPF in one place, you are likely to notice
many other places.

Bcc (and maybe Bpftrace?) would be a good place to park C++ abstractions
useful for any eBPF program fragment.

~~~
monocasa
There's been some good work on eBPF programs written in Rust at least.

[https://unhandledexpression.com/general/rust/2018/02/02/poc-...](https://unhandledexpression.com/general/rust/2018/02/02/poc-
compiling-to-ebpf-from-rust.html)

