Common Lisp in particular is multi-paradigm. You can write a ton of code and never use recursion once. I doubt bridging this "gap" was in any way difficult.
The whistler code you inline with your common lisp is an s-expression based DSL. So you can use common lisp macros, but those macros are generating something that will look familiar to CL devs but is restricted based on the eBPF archictecture and validator requirements. eg. it only supports bounded `dotimes`, some basic progn/let/when/if/cond/eq/setf/incf/decf and math, and a simple array iterator. No lists, loops, tagbody/go, conditions, etc, etc. There's a manual in the docs directory.
very cool and the person has the skills to do that. sad to see how the fully AI generated "why this matters" section in the blog gives a lingering vibe of slop.
While this is an interesting project, I found following grating:
"Permissions without root
You don’t need root. Grant capabilities to SBCL:
sudo setcap cap_bpf,cap_perfmon+ep /usr/bin/sbcl
Now sbcl --load my-bpf-program.lisp works as your regular user. Tracepoint format files need chmod a+r to allow non-root compilation with deftracepoint."
That's obviously not ideal. Better might be to create a purpose-built image. Unlike perl, sbcl doesn't even pretend to care about security. Taint mode extension for sbcl, anybody?
12 comments
[ 3.7 ms ] story [ 38.4 ms ] threadI'm in danger of being nerd sniped.
You can (and people do, core.async in Clojure works this way) put entire compilers in macros, macros are just functions that take and return code.
I enjoyed reading up on his fiber implementation and dabbling with the Java compiler/runtime integration.
https://atgreen.github.io/repl-yell/posts/sbcl-fibers/
https://github.com/atgreen/openldk
Kudos Anthony - you make the world a more interesting place ;-)
"Permissions without root
You don’t need root. Grant capabilities to SBCL:
sudo setcap cap_bpf,cap_perfmon+ep /usr/bin/sbcl
Now sbcl --load my-bpf-program.lisp works as your regular user. Tracepoint format files need chmod a+r to allow non-root compilation with deftracepoint."
That's obviously not ideal. Better might be to create a purpose-built image. Unlike perl, sbcl doesn't even pretend to care about security. Taint mode extension for sbcl, anybody?