1Opcode(3pm) Perl Programmers Reference Guide Opcode(3pm)
2
6 Opcode - Disable named opcodes when compiling perl code
7
9 use Opcode;
10
12 Perl code is always compiled into an internal format before execution.
13 Evaluating perl code (e.g. via "eval" or "do 'file'") causes the code
15 to be compiled into an internal format and then, provided there was no
16 error in the compilation, executed. The internal format is based on
17 many distinct opcodes.
18 By default no opmask is in effect and any code can be compiled.
20 The Opcode module allow you to define an operator mask to be in effect
22 when perl next compiles any code. Attempting to compile code which
23 contains a masked opcode will cause the compilation to fail with an
24 error. The code will not be executed.
25
27 The Opcode module is not usually used directly. See the ops pragma and
28 Safe modules for more typical uses.
29
31 The authors make no warranty, implied or otherwise, about the
32 suitability of this software for safety or security purposes.
33 The authors shall not in any case be liable for special, incidental,
35 consequential, indirect or other similar damages arising from the use
36 of this software.
37 Your mileage will vary. If in any doubt do not use it.
39
41 The canonical list of operator names is the contents of the array
42 PL_op_name defined and initialised in file opcode.h of the Perl source
43 distribution (and installed into the perl library).
44 Each operator has both a terse name (its opname) and a more verbose or
46 recognisable descriptive name. The opdesc function can be used to
47 return a list of descriptions for a list of operators.
48 Many of the functions and methods listed below take a list of operators
50 as parameters. Most operator lists can be made up of several types of
51 element. Each element can be one of
52 an operator name (opname)
54 Operator names are typically small lowercase words like
55 enterloop, leaveloop, last, next, redo etc. Sometimes they are
56 rather cryptic like gv2cv, i_ncmp and ftsvtx.
57 an operator tag name (optag)
59 Operator tags can be used to refer to groups (or sets) of
60 operators. Tag names always begin with a colon. The Opcode
61 module defines several optags and the user can define others
62 using the define_optag function.
63 a negated opname or optag
65 An opname or optag can be prefixed with an exclamation mark,
66 e.g., !mkdir. Negating an opname or optag means remove the
67 corresponding ops from the accumulated set of ops at that
68 point.
69 an operator set (opset)
71 An opset as a binary string of approximately 44 bytes which
72 holds a set or zero or more operators.
73 The opset and opset_to_ops functions can be used to convert
75 from a list of operators to an opset and vice versa.
76 Wherever a list of operators can be given you can use one or
78 more opsets. See also Manipulating Opsets below.
79
81 The Opcode package contains functions for manipulating operator names
82 tags and sets. All are available for export by the package.
83 opcodes In a scalar context opcodes returns the number of opcodes in
85 this version of perl (around 350 for perl-5.7.0).
86 In a list context it returns a list of all the operator names.
88 (Not yet implemented, use @names = opset_to_ops(full_opset).)
89 opset (OP, ...)
91 Returns an opset containing the listed operators.
92 opset_to_ops (OPSET)
94 Returns a list of operator names corresponding to those
95 operators in the set.
96 opset_to_hex (OPSET)
98 Returns a string representation of an opset. Can be handy for
99 debugging.
100 full_opset
102 Returns an opset which includes all operators.
103 empty_opset
105 Returns an opset which contains no operators.
106 invert_opset (OPSET)
108 Returns an opset which is the inverse set of the one supplied.
109 verify_opset (OPSET, ...)
111 Returns true if the supplied opset looks like a valid opset (is
112 the right length etc) otherwise it returns false. If an
113 optional second parameter is true then verify_opset will croak
114 on an invalid opset instead of returning false.
115 Most of the other Opcode functions call verify_opset
117 automatically and will croak if given an invalid opset.
118 define_optag (OPTAG, OPSET)
120 Define OPTAG as a symbolic name for OPSET. Optag names always
121 start with a colon ":".
122 The optag name used must not be defined already (define_optag
124 will croak if it is already defined). Optag names are global to
125 the perl process and optag definitions cannot be altered or
126 deleted once defined.
127 It is strongly recommended that applications using Opcode
129 should use a leading capital letter on their tag names since
130 lowercase names are reserved for use by the Opcode module. If
131 using Opcode within a module you should prefix your tags names
132 with the name of your module to ensure uniqueness and thus
133 avoid clashes with other modules.
134 opmask_add (OPSET)
136 Adds the supplied opset to the current opmask. Note that there
137 is currently no mechanism for unmasking ops once they have been
138 masked. This is intentional.
139 opmask Returns an opset corresponding to the current opmask.
141 opdesc (OP, ...)
143 This takes a list of operator names and returns the
144 corresponding list of operator descriptions.
145 opdump (PAT)
147 Dumps to STDOUT a two column list of op names and op
148 descriptions. If an optional pattern is given then only lines
149 which match the (case insensitive) pattern will be output.
150 It's designed to be used as a handy command line utility:
152 perl -MOpcode=opdump -e opdump
154 perl -MOpcode=opdump -e 'opdump Eval'
155
157 Opsets may be manipulated using the perl bit vector operators & (and),
158 | (or), ^ (xor) and ~ (negate/invert).
159 However you should never rely on the numerical position of any opcode
161 within the opset. In other words both sides of a bit vector operator
162 should be opsets returned from Opcode functions.
163 Also, since the number of opcodes in your current version of perl might
165 not be an exact multiple of eight, there may be unused bits in the last
166 byte of an upset. This should not cause any problems (Opcode functions
167 ignore those extra bits) but it does mean that using the ~ operator
168 will typically not produce the same 'physical' opset 'string' as the
169 invert_opset function.
170
172 $bool = opset_eq($opset1, $opset2) true if opsets are logically eqiv
173 $yes = opset_can($opset, @ops) true if $opset has all @ops set
175 @diff = opset_diff($opset1, $opset2) => ('foo', '!bar', ...)
177
179 :base_core
180 null stub scalar pushmark wantarray const defined undef
181 rv2sv sassign
183 rv2av aassign aelem aelemfast aslice av2arylen
185 rv2hv helem hslice each values keys exists delete
187 preinc i_preinc predec i_predec postinc i_postinc postdec i_postdec
189 int hex oct abs pow multiply i_multiply divide i_divide
190 modulo i_modulo add i_add subtract i_subtract
191 left_shift right_shift bit_and bit_xor bit_or negate i_negate
193 not complement
194 lt i_lt gt i_gt le i_le ge i_ge eq i_eq ne i_ne ncmp i_ncmp
196 slt sgt sle sge seq sne scmp
197 substr vec stringify study pos length index rindex ord chr
199 ucfirst lcfirst uc lc quotemeta trans chop schop chomp schomp
201 match split qr
203 list lslice splice push pop shift unshift reverse
205 cond_expr flip flop andassign orassign dorassign and or dor xor
207 warn die lineseq nextstate scope enter leave setstate
209 rv2cv anoncode prototype
211 entersub leavesub leavesublv return method method_named -- XXX loops via recursion?
213 leaveeval -- needed for Safe to operate, is safe without entereval
215 :base_mem
217 These memory related ops are not included in :base_core because
218 they can easily be used to implement a resource attack (e.g.,
219 consume all available memory).
220 concat repeat join range
222 anonlist anonhash
224 Note that despite the existence of this optag a memory resource
226 attack may still be possible using only :base_core ops.
227 Disabling these ops is a very heavy handed way to attempt to
229 prevent a memory resource attack. It's probable that a specific
230 memory limit mechanism will be added to perl in the near future.
231 :base_loop
233 These loop ops are not included in :base_core because they can
234 easily be used to implement a resource attack (e.g., consume all
235 available CPU time).
236 grepstart grepwhile
238 mapstart mapwhile
239 enteriter iter
240 enterloop leaveloop unstack
241 last next redo
242 goto
243 :base_io
245 These ops enable filehandle (rather than filename) based input and
246 output. These are safe on the assumption that only pre-existing
247 filehandles are available for use. Usually, to create new
248 filehandles other ops such as open would need to be enabled, if
249 you don't take into account the magical open of ARGV.
250 readline rcatline getc read
252 formline enterwrite leavewrite
254 print say sysread syswrite send recv
256 eof tell seek sysseek
258 readdir telldir seekdir rewinddir
260 :base_orig
262 These are a hotchpotch of opcodes still waiting to be considered
263 gvsv gv gelem
265 padsv padav padhv padany
267 once
269 rv2gv refgen srefgen ref
271 bless -- could be used to change ownership of objects (reblessing)
273 pushre regcmaybe regcreset regcomp subst substcont
275 sprintf prtf -- can core dump
277 crypt
279 tie untie
281 dbmopen dbmclose
283 sselect select
284 pipe_op sockpair
285 getppid getpgrp setpgrp getpriority setpriority localtime gmtime
287 entertry leavetry -- can be used to 'hide' fatal errors
289 entergiven leavegiven
291 enterwhen leavewhen
292 break continue
293 smartmatch
294 custom -- where should this go
296 :base_math
298 These ops are not included in :base_core because of the risk of
299 them being used to generate floating point exceptions (which would
300 have to be caught using a $SIG{FPE} handler).
301 atan2 sin cos exp log sqrt
303 These ops are not included in :base_core because they have an
305 effect beyond the scope of the compartment.
306 rand srand
308 :base_thread
310 These ops are related to multi-threading.
311 lock
313 :default
315 A handy tag name for a reasonable default set of ops. (The
316 current ops allowed are unstable while development continues. It
317 will change.)
318 :base_core :base_mem :base_loop :base_orig :base_thread
320 This list used to contain :base_io prior to Opcode 1.07.
322 If safety matters to you (and why else would you be using the
324 Opcode module?) then you should not rely on the definition of
325 this, or indeed any other, optag!
326 :filesys_read
328 stat lstat readlink
329 ftatime ftblk ftchr ftctime ftdir fteexec fteowned fteread
331 ftewrite ftfile ftis ftlink ftmtime ftpipe ftrexec ftrowned
332 ftrread ftsgid ftsize ftsock ftsuid fttty ftzero ftrwrite ftsvtx
333 fttext ftbinary
335 fileno
337 :sys_db
339 ghbyname ghbyaddr ghostent shostent ehostent -- hosts
340 gnbyname gnbyaddr gnetent snetent enetent -- networks
341 gpbyname gpbynumber gprotoent sprotoent eprotoent -- protocols
342 gsbyname gsbyport gservent sservent eservent -- services
343 gpwnam gpwuid gpwent spwent epwent getlogin -- users
345 ggrnam ggrgid ggrent sgrent egrent -- groups
346 :browse
348 A handy tag name for a reasonable default set of ops beyond the
349 :default optag. Like :default (and indeed all the other optags)
350 its current definition is unstable while development continues. It
351 will change.
352 The :browse tag represents the next step beyond :default. It it a
354 superset of the :default ops and adds :filesys_read the :sys_db.
355 The intent being that scripts can access more (possibly sensitive)
356 information about your system but not be able to change it.
357 :default :filesys_read :sys_db
359 :filesys_open
361 sysopen open close
362 umask binmode
363 open_dir closedir -- other dir ops are in :base_io
365 :filesys_write
367 link unlink rename symlink truncate
368 mkdir rmdir
370 utime chmod chown
372 fcntl -- not strictly filesys related, but possibly as dangerous?
374 :subprocess
376 backtick system
377 fork
379 wait waitpid
381 glob -- access to Cshell via <`rm *`>
383 :ownprocess
385 exec exit kill
386 time tms -- could be used for timing attacks (paranoid?)
388 :others
390 This tag holds groups of assorted specialist opcodes that don't
391 warrant having optags defined for them.
392 SystemV Interprocess Communications:
394 msgctl msgget msgrcv msgsnd
396 semctl semget semop
398 shmctl shmget shmread shmwrite
400 :load
402 This tag holds opcodes related to loading modules and getting
403 information about calling environment and args.
404 require dofile
406 caller
407 :still_to_be_decided
409 chdir
410 flock ioctl
411 socket getpeername ssockopt
413 bind connect listen accept shutdown gsockopt getsockname
414 sleep alarm -- changes global timer state and signal handling
416 sort -- assorted problems including core dumps
417 tied -- can be used to access object implementing a tie
418 pack unpack -- can be used to create/use memory pointers
419 entereval -- can be used to hide code from initial compile
421 reset
423 dbstate -- perl -d version of nextstate(ment) opcode
425 :dangerous
427 This tag is simply a bucket for opcodes that are unlikely to be
428 used via a tag name but need to be tagged for completeness and
429 documentation.
430 syscall dump chroot
432
434 ops -- perl pragma interface to Opcode module.
435 Safe -- Opcode and namespace limited execution compartments
437
439 Originally designed and implemented by Malcolm Beattie,
440 mbeattie@sable.ox.ac.uk as part of Safe version 1.
441 Split out from Safe module version 1, named opcode tags and other
443 changes added by Tim Bunce.
444perl v5.10.1 2009-02-12 Opcode(3pm)