1Opcode(3pm) Perl Programmers Reference Guide Opcode(3pm)
2
6 Opcode - Disable named opcodes when compiling perl code
7
9 use Opcode;
10
12 Perl code is always compiled into an internal format before execution.
13 Evaluating perl code (e.g. via "eval" or "do 'file'") causes the code
15 to be compiled into an internal format and then, provided there was no
16 error in the compilation, executed. The internal format is based on
17 many distinct opcodes.
18 By default no opmask is in effect and any code can be compiled.
20 The Opcode module allow you to define an operator mask to be in effect
22 when perl next compiles any code. Attempting to compile code which
23 contains a masked opcode will cause the compilation to fail with an
24 error. The code will not be executed.
25
27 The Opcode module is not usually used directly. See the ops pragma and
28 Safe modules for more typical uses.
29
31 The authors make no warranty, implied or otherwise, about the
32 suitability of this software for safety or security purposes.
33 The authors shall not in any case be liable for special, incidental,
35 consequential, indirect or other similar damages arising from the use
36 of this software.
37 Your mileage will vary. If in any doubt do not use it.
39
41 The canonical list of operator names is the contents of the array
42 PL_op_name defined and initialised in file opcode.h of the Perl source
43 distribution (and installed into the perl library).
44 Each operator has both a terse name (its opname) and a more verbose or
46 recognisable descriptive name. The opdesc function can be used to
47 return a list of descriptions for a list of operators.
48 Many of the functions and methods listed below take a list of operators
50 as parameters. Most operator lists can be made up of several types of
51 element. Each element can be one of
52 an operator name (opname)
54 Operator names are typically small lowercase words like
55 enterloop, leaveloop, last, next, redo etc. Sometimes they are
56 rather cryptic like gv2cv, i_ncmp and ftsvtx.
57 an operator tag name (optag)
59 Operator tags can be used to refer to groups (or sets) of
60 operators. Tag names always begin with a colon. The Opcode
61 module defines several optags and the user can define others
62 using the define_optag function.
63 a negated opname or optag
65 An opname or optag can be prefixed with an exclamation mark,
66 e.g., !mkdir. Negating an opname or optag means remove the
67 corresponding ops from the accumulated set of ops at that
68 point.
69 an operator set (opset)
71 An opset as a binary string of approximately 44 bytes which
72 holds a set or zero or more operators.
73 The opset and opset_to_ops functions can be used to convert
75 from a list of operators to an opset and vice versa.
76 Wherever a list of operators can be given you can use one or
78 more opsets. See also Manipulating Opsets below.
79
81 The Opcode package contains functions for manipulating operator names
82 tags and sets. All are available for export by the package.
83 opcodes In a scalar context opcodes returns the number of opcodes in
85 this version of perl (around 350 for perl-5.7.0).
86 In a list context it returns a list of all the operator names.
88 (Not yet implemented, use @names = opset_to_ops(full_opset).)
89 opset (OP, ...)
91 Returns an opset containing the listed operators.
92 opset_to_ops (OPSET)
94 Returns a list of operator names corresponding to those
95 operators in the set.
96 opset_to_hex (OPSET)
98 Returns a string representation of an opset. Can be handy for
99 debugging.
100 full_opset
102 Returns an opset which includes all operators.
103 empty_opset
105 Returns an opset which contains no operators.
106 invert_opset (OPSET)
108 Returns an opset which is the inverse set of the one supplied.
109 verify_opset (OPSET, ...)
111 Returns true if the supplied opset looks like a valid opset (is
112 the right length etc) otherwise it returns false. If an
113 optional second parameter is true then verify_opset will croak
114 on an invalid opset instead of returning false.
115 Most of the other Opcode functions call verify_opset
117 automatically and will croak if given an invalid opset.
118 define_optag (OPTAG, OPSET)
120 Define OPTAG as a symbolic name for OPSET. Optag names always
121 start with a colon ":".
122 The optag name used must not be defined already (define_optag
124 will croak if it is already defined). Optag names are global to
125 the perl process and optag definitions cannot be altered or
126 deleted once defined.
127 It is strongly recommended that applications using Opcode
129 should use a leading capital letter on their tag names since
130 lowercase names are reserved for use by the Opcode module. If
131 using Opcode within a module you should prefix your tags names
132 with the name of your module to ensure uniqueness and thus
133 avoid clashes with other modules.
134 opmask_add (OPSET)
136 Adds the supplied opset to the current opmask. Note that there
137 is currently no mechanism for unmasking ops once they have been
138 masked. This is intentional.
139 opmask Returns an opset corresponding to the current opmask.
141 opdesc (OP, ...)
143 This takes a list of operator names and returns the
144 corresponding list of operator descriptions.
145 opdump (PAT)
147 Dumps to STDOUT a two column list of op names and op
148 descriptions. If an optional pattern is given then only lines
149 which match the (case insensitive) pattern will be output.
150 It's designed to be used as a handy command line utility:
152 perl -MOpcode=opdump -e opdump
154 perl -MOpcode=opdump -e 'opdump Eval'
155
157 Opsets may be manipulated using the perl bit vector operators & (and),
158 | (or), ^ (xor) and ~ (negate/invert).
159 However you should never rely on the numerical position of any opcode
161 within the opset. In other words both sides of a bit vector operator
162 should be opsets returned from Opcode functions.
163 Also, since the number of opcodes in your current version of perl might
165 not be an exact multiple of eight, there may be unused bits in the last
166 byte of an upset. This should not cause any problems (Opcode functions
167 ignore those extra bits) but it does mean that using the ~ operator
168 will typically not produce the same 'physical' opset 'string' as the
169 invert_opset function.
170
172 $bool = opset_eq($opset1, $opset2) true if opsets are logically eqiv
173 $yes = opset_can($opset, @ops) true if $opset has all @ops set
175 @diff = opset_diff($opset1, $opset2) => ('foo', '!bar', ...)
177
179 :base_core
180 null stub scalar pushmark wantarray const defined undef
181 rv2sv sassign
183 rv2av aassign aelem aelemfast aelemfast_lex aslice av2arylen
185 rv2hv helem hslice each values keys exists delete aeach akeys avalues
187 boolkeys reach rvalues rkeys
188 preinc i_preinc predec i_predec postinc i_postinc postdec i_postdec
190 int hex oct abs pow multiply i_multiply divide i_divide
191 modulo i_modulo add i_add subtract i_subtract
192 left_shift right_shift bit_and bit_xor bit_or negate i_negate
194 not complement
195 lt i_lt gt i_gt le i_le ge i_ge eq i_eq ne i_ne ncmp i_ncmp
197 slt sgt sle sge seq sne scmp
198 substr vec stringify study pos length index rindex ord chr
200 ucfirst lcfirst uc lc fc quotemeta trans transr chop schop chomp schomp
202 match split qr
204 list lslice splice push pop shift unshift reverse
206 cond_expr flip flop andassign orassign dorassign and or dor xor
208 warn die lineseq nextstate scope enter leave
210 rv2cv anoncode prototype coreargs
212 entersub leavesub leavesublv return method method_named -- XXX loops via recursion?
214 leaveeval -- needed for Safe to operate, is safe without entereval
216 :base_mem
218 These memory related ops are not included in :base_core because
219 they can easily be used to implement a resource attack (e.g.,
220 consume all available memory).
221 concat repeat join range
223 anonlist anonhash
225 Note that despite the existence of this optag a memory resource
227 attack may still be possible using only :base_core ops.
228 Disabling these ops is a very heavy handed way to attempt to
230 prevent a memory resource attack. It's probable that a specific
231 memory limit mechanism will be added to perl in the near future.
232 :base_loop
234 These loop ops are not included in :base_core because they can
235 easily be used to implement a resource attack (e.g., consume all
236 available CPU time).
237 grepstart grepwhile
239 mapstart mapwhile
240 enteriter iter
241 enterloop leaveloop unstack
242 last next redo
243 goto
244 :base_io
246 These ops enable filehandle (rather than filename) based input and
247 output. These are safe on the assumption that only pre-existing
248 filehandles are available for use. Usually, to create new
249 filehandles other ops such as open would need to be enabled, if
250 you don't take into account the magical open of ARGV.
251 readline rcatline getc read
253 formline enterwrite leavewrite
255 print say sysread syswrite send recv
257 eof tell seek sysseek
259 readdir telldir seekdir rewinddir
261 :base_orig
263 These are a hotchpotch of opcodes still waiting to be considered
264 gvsv gv gelem
266 padsv padav padhv padany
268 once
270 rv2gv refgen srefgen ref
272 bless -- could be used to change ownership of objects (reblessing)
274 pushre regcmaybe regcreset regcomp subst substcont
276 sprintf prtf -- can core dump
278 crypt
280 tie untie
282 dbmopen dbmclose
284 sselect select
285 pipe_op sockpair
286 getppid getpgrp setpgrp getpriority setpriority localtime gmtime
288 entertry leavetry -- can be used to 'hide' fatal errors
290 entergiven leavegiven
292 enterwhen leavewhen
293 break continue
294 smartmatch
295 custom -- where should this go
297 :base_math
299 These ops are not included in :base_core because of the risk of
300 them being used to generate floating point exceptions (which would
301 have to be caught using a $SIG{FPE} handler).
302 atan2 sin cos exp log sqrt
304 These ops are not included in :base_core because they have an
306 effect beyond the scope of the compartment.
307 rand srand
309 :base_thread
311 These ops are related to multi-threading.
312 lock
314 :default
316 A handy tag name for a reasonable default set of ops. (The
317 current ops allowed are unstable while development continues. It
318 will change.)
319 :base_core :base_mem :base_loop :base_orig :base_thread
321 This list used to contain :base_io prior to Opcode 1.07.
323 If safety matters to you (and why else would you be using the
325 Opcode module?) then you should not rely on the definition of
326 this, or indeed any other, optag!
327 :filesys_read
329 stat lstat readlink
330 ftatime ftblk ftchr ftctime ftdir fteexec fteowned fteread
332 ftewrite ftfile ftis ftlink ftmtime ftpipe ftrexec ftrowned
333 ftrread ftsgid ftsize ftsock ftsuid fttty ftzero ftrwrite ftsvtx
334 fttext ftbinary
336 fileno
338 :sys_db
340 ghbyname ghbyaddr ghostent shostent ehostent -- hosts
341 gnbyname gnbyaddr gnetent snetent enetent -- networks
342 gpbyname gpbynumber gprotoent sprotoent eprotoent -- protocols
343 gsbyname gsbyport gservent sservent eservent -- services
344 gpwnam gpwuid gpwent spwent epwent getlogin -- users
346 ggrnam ggrgid ggrent sgrent egrent -- groups
347 :browse
349 A handy tag name for a reasonable default set of ops beyond the
350 :default optag. Like :default (and indeed all the other optags)
351 its current definition is unstable while development continues. It
352 will change.
353 The :browse tag represents the next step beyond :default. It it a
355 superset of the :default ops and adds :filesys_read the :sys_db.
356 The intent being that scripts can access more (possibly sensitive)
357 information about your system but not be able to change it.
358 :default :filesys_read :sys_db
360 :filesys_open
362 sysopen open close
363 umask binmode
364 open_dir closedir -- other dir ops are in :base_io
366 :filesys_write
368 link unlink rename symlink truncate
369 mkdir rmdir
371 utime chmod chown
373 fcntl -- not strictly filesys related, but possibly as dangerous?
375 :subprocess
377 backtick system
378 fork
380 wait waitpid
382 glob -- access to Cshell via <`rm *`>
384 :ownprocess
386 exec exit kill
387 time tms -- could be used for timing attacks (paranoid?)
389 :others
391 This tag holds groups of assorted specialist opcodes that don't
392 warrant having optags defined for them.
393 SystemV Interprocess Communications:
395 msgctl msgget msgrcv msgsnd
397 semctl semget semop
399 shmctl shmget shmread shmwrite
401 :load
403 This tag holds opcodes related to loading modules and getting
404 information about calling environment and args.
405 require dofile
407 caller runcv
408 :still_to_be_decided
410 chdir
411 flock ioctl
412 socket getpeername ssockopt
414 bind connect listen accept shutdown gsockopt getsockname
415 sleep alarm -- changes global timer state and signal handling
417 sort -- assorted problems including core dumps
418 tied -- can be used to access object implementing a tie
419 pack unpack -- can be used to create/use memory pointers
420 hintseval -- constant op holding eval hints
422 entereval -- can be used to hide code from initial compile
424 reset
426 dbstate -- perl -d version of nextstate(ment) opcode
428 :dangerous
430 This tag is simply a bucket for opcodes that are unlikely to be
431 used via a tag name but need to be tagged for completeness and
432 documentation.
433 syscall dump chroot
435
437 ops -- perl pragma interface to Opcode module.
438 Safe -- Opcode and namespace limited execution compartments
440
442 Originally designed and implemented by Malcolm Beattie,
443 mbeattie@sable.ox.ac.uk as part of Safe version 1.
444 Split out from Safe module version 1, named opcode tags and other
446 changes added by Tim Bunce.
447perl v5.16.3 2013-03-04 Opcode(3pm)