The version discussed in the PLDI paper is available here.
DeepWiki: A comprehensive auto-generated documentation is avaliable at https://deepwiki.com/vbpf/prevail
Clone:
git clone --recurse-submodules https://github.com/vbpf/prevail.git
cd prevail
🐧 Linux
sudo apt install build-essential git cmake libboost-dev libyaml-cpp-dev
sudo apt install libboost-filesystem-dev libboost-program-options-devcmake -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build
🪟 Windows
- Install git
- Install Visual Studio Build Tools 2022 and:
- Choose the "C++ build tools" workload (Visual Studio Build Tools 2022 has support for CMake Version 3.25)
- Under Individual Components, select:
- "C++ Clang Compiler"
- "MSBuild support for LLVM"
- Install nuget.exe
cmake -B build
cmake --build build --config Release
🍏 macOS
brew install llvm cmake boost yaml-cppThe system llvm currently comes with Clang 15, which isn't enough to compile prevail, as it depends on C++20. Brew's llvm comes with Clang 17.
export CPATH=$(brew --prefix)/include LIBRARY_PATH=$(brew --prefix)/lib CMAKE_PREFIX_PATH=$(brew --prefix)
cmake -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER=$(brew --prefix llvm)/bin/clang -DCMAKE_CXX_COMPILER=$(brew --prefix llvm)/bin/clang++
cmake --build build
🐋 Docker
docker build -t prevail .
docker run -it prevail ebpf-samples/cilium/bpf_lxc.o 2/1$ bin/prevail ebpf-samples/cilium/bpf_lxc.o 2/1
PASS: 2/1
Usage
PREVAIL is a new eBPF verifier based on abstract interpretation.
bin/prevail [OPTIONS] path [section] [function]
POSITIONALS:
path TEXT:FILE REQUIRED Elf file to analyze
section SECTION Section to analyze
function FUNCTION Function to analyze
OPTIONS:
-h, --help Print this help message and exit
--section SECTION Section to analyze
--function FUNCTION Function to analyze
-l List programs
-q, --quiet No stdout output, exit code only
--cfg Print control-flow graph and exit
Features:
--termination, --no-verify-termination{false}
Verify termination. Default: ignore
--allow-division-by-zero, --no-division-by-zero{false}
Handling potential division by zero. Default: allow
-s, --strict Apply additional checks that would cause runtime failures
--include_groups GROUPS:{atomic32,atomic64,base32,base64,callx,divmul32,divmul64,packet}
Include conformance groups
--exclude_groups GROUPS:{atomic32,atomic64,base32,base64,callx,divmul32,divmul64,packet}
Exclude conformance groups
Verbosity:
--simplify, --no-simplify{false}
Simplify the display of the CFG by merging chains of instructions
into a single basic block. Default: enabled (disabled with
--failure-slice)
--line-info Print line information
--print-btf-types Print BTF types
-v Print invariants and first failure
-f Print first failure
--failure-slice Print minimal failure slices showing only instructions that
contributed to errors
--failure-slice-depth UINT
Maximum backward steps for failure slicing (default: 200)
CFG output:
--asm FILE Print disassembly to FILE
--dot FILE Export control-flow graph to dot FILE
A standard alternative to the --asm flag is llvm-objdump -S FILE.
The cfg can be viewed using dot and the standard PDF viewer:
sudo apt install graphviz
bin/prevail ebpf-samples/cilium/bpf_lxc.o 2/1 --dot cfg.dot
dot -Tpdf cfg.dot > cfg.pdf