EPSO: A Caching-Based Efficient Superoptimizer for BPF Bytecode
Qian Zhu, Yuxuan Liu, Ziyuan Zhu, Shangqing Liu, Lei Bu
TL;DR
This work addresses the challenge of optimizing eBPF bytecode under strict kernel verifier constraints. It introduces EPSO, a caching-based superoptimizer that performs offline enumerative synthesis to generate a large library of verifier-safe rewrite rules, which are then applied online via fast rule matching and def-use-aware recomposition. Key contributions include 795 rewrite rules, up to 68.87% program size reduction (avg 24.37%), and an average 6.60% improvement in runtime, with an 88.71% reduction in optimization overhead compared to synthesis-only baselines. The approach combines the strengths of synthesis-based and rule-based methods, achieving high optimization quality with minimal online cost, and demonstrates strong generality across diverse Linux kernel eBPF programs. This has practical impact for network throughput and latency in high-performance systems, enabling scalable, verifier-safe optimizations in real-world workloads.
Abstract
Extended Berkeley Packet Filter (eBPF) allows developers to extend Linux kernel functionality without modifying its source code. To ensure system safety, an in-kernel safety checker, the verifier, enforces strict safety constraints (for example, a limited program size) on eBPF programs loaded into the kernel. These constraints, combined with eBPF's performance-critical use cases, make effective optimization essential. However, existing compilers (such as Clang) offer limited optimization support, and many semantics-preserving transformations are rejected by the verifier, which makes handcrafted optimization rule design both challenging and limited in effectiveness. Superoptimization overcomes the limitations of rule-based methods by automatically discovering optimal transformations, but its high computational cost limits scalability. To address this, we propose EPSO, a caching-based superoptimizer that discovers rewrite rules via offline superoptimization and reuses them to achieve high-quality optimizations with minimal runtime overhead. We evaluate EPSO on benchmarks from the Linux kernel and several eBPF-based projects, including Cilium, Katran, hXDP, Sysdig, Tetragon, and Tracee. EPSO discovers 795 rewrite rules and achieves up to 68.87 percent (average 24.37 percent) reduction in program size compared to Clang's output, outperforming the state-of-the-art BPF optimizer K2 on all benchmarks and Merlin on 92.68 percent of them. Additionally, EPSO reduces program runtime by an average of 6.60 percent, improving throughput and lowering latency in network applications.