> The idea of jit compilation of a web server in a small project is pretty terrifying to me. The attack surface here is enormous.
Does Spring Boot terrify you, then? Or Lua scripts in nginx? Or PHP? All of these use JIT compilation to run code that handles web requests.
Attack surface is a property of the JIT implementation, not of JIT itself. And eBPF is specifically designed to be very simple to implement and audit.
There's a big difference between a JIT like luajit which has lots of attention and fuzzing and one that's used by essentially nobody.
Would you compile your daily driver kernel with someone else's hobby C compiler that essentially nobody else uses?
> Does Spring Boot terrify you, then?
It should.