CRSS publication: Kgent: Kernel Extensions Large Language Model Agent

Kgent: Kernel Extensions Large Language Model Agent

Appeared in Proceedings of the ACM SIGCOMM 2024 Workshop on EBPF and Kernel Extensions.

Abstract

The ability to modify and extend an operating system is an important feature for improving a system's security, reliability, and performance. The extended Berkeley Packet Filters (eBPF) ecosystem has emerged as the standard mechanism for extending the Linux kernel and has recently been ported to Windows. eBPF programs inject new logic into the kernel that the system will execute before or after existing logic. While the eBPF ecosystem provides a flexible mechanism for kernel extension, it is difficult for developers to write eBPF programs today. An eBPF developer must have deep knowledge of the internals of the operating system to determine where to place logic and cope with programming limitations on the control flow and data accesses of their eBPF program enforced by the eBPF verifier. This paper presents KEN, an alternative framework that alleviates the difficulty of writing an eBPF program by allowing Kernel Extensions to be written in Natural language. KEN uses recent advances in large language models (LLMs) to synthesize an eBPF program given a user's English language prompt. To ensure that LLM's output is semantically equivalent to the user's prompt, KEN employs a combination of LLM-empowered program comprehension, symbolic execution, and a series of feedback loops. KEN's key novelty is the combination of these techniques. In particular, the system uses symbolic execution in a novel structure that allows it to combine the results of program synthesis and program comprehension and build on the recent success that LLMs have shown for each of these tasks individually. To evaluate KEN, we developed a new corpus of natural language prompts for eBPF programs. We show that KEN produces correct eBPF programs on 80% which is an improvement of a factor of 2.67 compared to an LLM-empowered program synthesis baseline.

Publication date:
July 2024

Authors:
Yiwei Yang
Yusheng Zheng
Andrew Quinn

Projects:
Computational Storage

Available media

Full paper text: PDF
Presentation: slides

Bibtex entry

@inproceedings{kgent-ebpf24,
  author       = {Yiwei Yang and Yusheng Zheng and Andrew Quinn},
  title        = {Kgent: Kernel Extensions Large Language Model Agent},
  booktitle    = {Proceedings of the ACM SIGCOMM 2024 Workshop on EBPF and Kernel Extensions},
  month        = jul,
  year         = {2024},
}

Last modified 28 Nov 2024