Oracle Company
DTrace already
eBPF is a bytecode interpreter built into the Linux kernel that allows you to create network operation handlers, monitor system activity, intercept system calls, control access, process events with preservation of timing (perf_event_open), calculate the frequency and time of operations, perform tracing using kprobes / uprobes /tracepoints. Thanks to the use of JIT compilation, bytecode is translated into machine instructions on the fly and executed with the performance of native code. DTrace can be implemented on top of eBPF, similar to how it is on top of eBPF
DTrace technology was developed for the Solaris operating system to solve problems of dynamic tracing of the system kernel and end applications, giving the user the ability to monitor system behavior in detail and diagnose problems in real time. During debugging, DTrace does not affect the operation of the studied applications and does not affect their performance in any way, which allows organizing the analysis of running systems on the fly. Of the strengths of DTrace, a high-level D language, similar to AWK, is noted, in which it is much easier to write trace scripts than when using the tools for writing handlers offered for eBPF in C, Python and Lua with external libraries.
Oracle engineers are also working on building an eBPF backend for GCC and have already published
In addition to the backend for generating bytecode, the patches proposed for GCC also include a port of libgcc for eBPF and tools for generating ELF files, making it possible to execute code in the eBPF virtual machine using kernel-provided loaders. For now, C code can be translated into bytecode (not all language features are available), but in the future it is expected to expand the C language features available for use, add support for other languages, create a simulator, and add GCC support for debugging eBPF programs without loading into the kernel.
Source: opennet.ru