Re: [iovisor-dev] [PATCH v3 net-next] bpf/verifier: track liveness for pruning

2017-08-15 Thread David Miller via iovisor-dev 
From: Daniel Borkmann 
Date: Wed, 16 Aug 2017 00:12:58 +0200

> On 08/15/2017 09:34 PM, Edward Cree wrote:
>> State of a register doesn't matter if it wasn't read in reaching an
>> exit;
>>   a write screens off all reads downstream of it from all
>>   explored_states
>>   upstream of it.
>> This allows us to prune many more branches; here are some processed
>> insn
>>   counts for some Cilium programs:
>> Program  before  after
>> bpf_lb_opt_-DLB_L3.o   6515   3361
>> bpf_lb_opt_-DLB_L4.o   8976   5176
>> bpf_lb_opt_-DUNKNOWN.o 2960   1137
>> bpf_lxc_opt_-DDROP_ALL.o  95412  48537
>> bpf_lxc_opt_-DUNKNOWN.o  141706  78718
>> bpf_netdev.o  24251  17995
>> bpf_overlay.o 10999   9385
>>
>> The runtime is also improved; here are 'time' results in ms:
>> Program  before  after
>> bpf_lb_opt_-DLB_L3.o 24  6
>> bpf_lb_opt_-DLB_L4.o 26 11
>> bpf_lb_opt_-DUNKNOWN.o   11  2
>> bpf_lxc_opt_-DDROP_ALL.o   1288139
>> bpf_lxc_opt_-DUNKNOWN.o1768234
>> bpf_netdev.o 62 31
>> bpf_overlay.o15 13
>>
>> Signed-off-by: Edward Cree 
> 
> Acked-by: Daniel Borkmann 

Applied, nice work Edward.
___
iovisor-dev mailing list
iovisor-dev@lists.iovisor.org
https://lists.iovisor.org/mailman/listinfo/iovisor-dev

Re: [iovisor-dev] [PATCH v3 net-next] bpf/verifier: track liveness for pruning

2017-08-15 Thread Daniel Borkmann via iovisor-dev 

On 08/15/2017 09:34 PM, Edward Cree wrote:

State of a register doesn't matter if it wasn't read in reaching an exit;
  a write screens off all reads downstream of it from all explored_states
  upstream of it.
This allows us to prune many more branches; here are some processed insn
  counts for some Cilium programs:
Program  before  after
bpf_lb_opt_-DLB_L3.o   6515   3361
bpf_lb_opt_-DLB_L4.o   8976   5176
bpf_lb_opt_-DUNKNOWN.o 2960   1137
bpf_lxc_opt_-DDROP_ALL.o  95412  48537
bpf_lxc_opt_-DUNKNOWN.o  141706  78718
bpf_netdev.o  24251  17995
bpf_overlay.o 10999   9385

The runtime is also improved; here are 'time' results in ms:
Program  before  after
bpf_lb_opt_-DLB_L3.o 24  6
bpf_lb_opt_-DLB_L4.o 26 11
bpf_lb_opt_-DUNKNOWN.o   11  2
bpf_lxc_opt_-DDROP_ALL.o   1288139
bpf_lxc_opt_-DUNKNOWN.o1768234
bpf_netdev.o 62 31
bpf_overlay.o15 13

Signed-off-by: Edward Cree 


Acked-by: Daniel Borkmann 
___
iovisor-dev mailing list
iovisor-dev@lists.iovisor.org
https://lists.iovisor.org/mailman/listinfo/iovisor-dev