1Opcode(3pm) Perl Programmers Reference Guide Opcode(3pm)
2
6 Opcode - Disable named opcodes when compiling perl code
7
9 use Opcode;
10
12 Perl code is always compiled into an internal format before execution.
13 Evaluating perl code (e.g. via "eval" or "do 'file'") causes the code
15 to be compiled into an internal format and then, provided there was no
16 error in the compilation, executed. The internal format is based on
17 many distinct opcodes.
18 By default no opmask is in effect and any code can be compiled.
20 The Opcode module allow you to define an operator mask to be in effect
22 when perl next compiles any code. Attempting to compile code which
23 contains a masked opcode will cause the compilation to fail with an
24 error. The code will not be executed.
25
27 The Opcode module is not usually used directly. See the ops pragma and
28 Safe modules for more typical uses.
29
31 The authors make no warranty, implied or otherwise, about the suitabil‐
32 ity of this software for safety or security purposes.
33 The authors shall not in any case be liable for special, incidental,
35 consequential, indirect or other similar damages arising from the use
36 of this software.
37 Your mileage will vary. If in any doubt do not use it.
39
41 The canonical list of operator names is the contents of the array
42 PL_op_name defined and initialised in file opcode.h of the Perl source
43 distribution (and installed into the perl library).
44 Each operator has both a terse name (its opname) and a more verbose or
46 recognisable descriptive name. The opdesc function can be used to
47 return a list of descriptions for a list of operators.
48 Many of the functions and methods listed below take a list of operators
50 as parameters. Most operator lists can be made up of several types of
51 element. Each element can be one of
52 an operator name (opname)
54 Operator names are typically small lowercase words like enter‐
55 loop, leaveloop, last, next, redo etc. Sometimes they are
56 rather cryptic like gv2cv, i_ncmp and ftsvtx.
57 an operator tag name (optag)
59 Operator tags can be used to refer to groups (or sets) of oper‐
60 ators. Tag names always begin with a colon. The Opcode module
61 defines several optags and the user can define others using the
62 define_optag function.
63 a negated opname or optag
65 An opname or optag can be prefixed with an exclamation mark,
66 e.g., !mkdir. Negating an opname or optag means remove the
67 corresponding ops from the accumulated set of ops at that
68 point.
69 an operator set (opset)
71 An opset as a binary string of approximately 44 bytes which
72 holds a set or zero or more operators.
73 The opset and opset_to_ops functions can be used to convert
75 from a list of operators to an opset and vice versa.
76 Wherever a list of operators can be given you can use one or
78 more opsets. See also Manipulating Opsets below.
79
81 The Opcode package contains functions for manipulating operator names
82 tags and sets. All are available for export by the package.
83 opcodes In a scalar context opcodes returns the number of opcodes in
85 this version of perl (around 350 for perl-5.7.0).
86 In a list context it returns a list of all the operator names.
88 (Not yet implemented, use @names = opset_to_ops(full_opset).)
89 opset (OP, ...)
91 Returns an opset containing the listed operators.
92 opset_to_ops (OPSET)
94 Returns a list of operator names corresponding to those opera‐
95 tors in the set.
96 opset_to_hex (OPSET)
98 Returns a string representation of an opset. Can be handy for
99 debugging.
100 full_opset
102 Returns an opset which includes all operators.
103 empty_opset
105 Returns an opset which contains no operators.
106 invert_opset (OPSET)
108 Returns an opset which is the inverse set of the one supplied.
109 verify_opset (OPSET, ...)
111 Returns true if the supplied opset looks like a valid opset (is
112 the right length etc) otherwise it returns false. If an
113 optional second parameter is true then verify_opset will croak
114 on an invalid opset instead of returning false.
115 Most of the other Opcode functions call verify_opset automati‐
117 cally and will croak if given an invalid opset.
118 define_optag (OPTAG, OPSET)
120 Define OPTAG as a symbolic name for OPSET. Optag names always
121 start with a colon ":".
122 The optag name used must not be defined already (define_optag
124 will croak if it is already defined). Optag names are global to
125 the perl process and optag definitions cannot be altered or
126 deleted once defined.
127 It is strongly recommended that applications using Opcode
129 should use a leading capital letter on their tag names since
130 lowercase names are reserved for use by the Opcode module. If
131 using Opcode within a module you should prefix your tags names
132 with the name of your module to ensure uniqueness and thus
133 avoid clashes with other modules.
134 opmask_add (OPSET)
136 Adds the supplied opset to the current opmask. Note that there
137 is currently no mechanism for unmasking ops once they have been
138 masked. This is intentional.
139 opmask Returns an opset corresponding to the current opmask.
141 opdesc (OP, ...)
143 This takes a list of operator names and returns the correspond‐
144 ing list of operator descriptions.
145 opdump (PAT)
147 Dumps to STDOUT a two column list of op names and op descrip‐
148 tions. If an optional pattern is given then only lines which
149 match the (case insensitive) pattern will be output.
150 It's designed to be used as a handy command line utility:
152 perl -MOpcode=opdump -e opdump
154 perl -MOpcode=opdump -e 'opdump Eval'
155
157 Opsets may be manipulated using the perl bit vector operators & (and),
158 ⎪ (or), ^ (xor) and ~ (negate/invert).
159 However you should never rely on the numerical position of any opcode
161 within the opset. In other words both sides of a bit vector operator
162 should be opsets returned from Opcode functions.
163 Also, since the number of opcodes in your current version of perl might
165 not be an exact multiple of eight, there may be unused bits in the last
166 byte of an upset. This should not cause any problems (Opcode functions
167 ignore those extra bits) but it does mean that using the ~ operator
168 will typically not produce the same 'physical' opset 'string' as the
169 invert_opset function.
170
172 $bool = opset_eq($opset1, $opset2) true if opsets are logically eqiv
173 $yes = opset_can($opset, @ops) true if $opset has all @ops set
175 @diff = opset_diff($opset1, $opset2) => ('foo', '!bar', ...)
177
179 :base_core
180 null stub scalar pushmark wantarray const defined undef
181 rv2sv sassign
183 rv2av aassign aelem aelemfast aslice av2arylen
185 rv2hv helem hslice each values keys exists delete
187 preinc i_preinc predec i_predec postinc i_postinc postdec i_postdec
189 int hex oct abs pow multiply i_multiply divide i_divide
190 modulo i_modulo add i_add subtract i_subtract
191 left_shift right_shift bit_and bit_xor bit_or negate i_negate
193 not complement
194 lt i_lt gt i_gt le i_le ge i_ge eq i_eq ne i_ne ncmp i_ncmp
196 slt sgt sle sge seq sne scmp
197 substr vec stringify study pos length index rindex ord chr
199 ucfirst lcfirst uc lc quotemeta trans chop schop chomp schomp
201 match split qr
203 list lslice splice push pop shift unshift reverse
205 cond_expr flip flop andassign orassign and or xor
207 warn die lineseq nextstate scope enter leave setstate
209 rv2cv anoncode prototype
211 entersub leavesub leavesublv return method method_named -- XXX loops via recursion?
213 leaveeval -- needed for Safe to operate, is safe without entereval
215 :base_mem
217 These memory related ops are not included in :base_core because
218 they can easily be used to implement a resource attack (e.g., con‐
219 sume all available memory).
220 concat repeat join range
222 anonlist anonhash
224 Note that despite the existence of this optag a memory resource
226 attack may still be possible using only :base_core ops.
227 Disabling these ops is a very heavy handed way to attempt to pre‐
229 vent a memory resource attack. It's probable that a specific mem‐
230 ory limit mechanism will be added to perl in the near future.
231 :base_loop
233 These loop ops are not included in :base_core because they can
234 easily be used to implement a resource attack (e.g., consume all
235 available CPU time).
236 grepstart grepwhile
238 mapstart mapwhile
239 enteriter iter
240 enterloop leaveloop unstack
241 last next redo
242 goto
243 :base_io
245 These ops enable filehandle (rather than filename) based input and
246 output. These are safe on the assumption that only pre-existing
247 filehandles are available for use. To create new filehandles
248 other ops such as open would need to be enabled.
249 readline rcatline getc read
251 formline enterwrite leavewrite
253 print sysread syswrite send recv
255 eof tell seek sysseek
257 readdir telldir seekdir rewinddir
259 :base_orig
261 These are a hotchpotch of opcodes still waiting to be considered
262 gvsv gv gelem
264 padsv padav padhv padany
266 rv2gv refgen srefgen ref
268 bless -- could be used to change ownership of objects (reblessing)
270 pushre regcmaybe regcreset regcomp subst substcont
272 sprintf prtf -- can core dump
274 crypt
276 tie untie
278 dbmopen dbmclose
280 sselect select
281 pipe_op sockpair
282 getppid getpgrp setpgrp getpriority setpriority localtime gmtime
284 entertry leavetry -- can be used to 'hide' fatal errors
286 custom -- where should this go
288 :base_math
290 These ops are not included in :base_core because of the risk of
291 them being used to generate floating point exceptions (which would
292 have to be caught using a $SIG{FPE} handler).
293 atan2 sin cos exp log sqrt
295 These ops are not included in :base_core because they have an
297 effect beyond the scope of the compartment.
298 rand srand
300 :base_thread
302 These ops are related to multi-threading.
303 lock threadsv
305 :default
307 A handy tag name for a reasonable default set of ops. (The cur‐
308 rent ops allowed are unstable while development continues. It will
309 change.)
310 :base_core :base_mem :base_loop :base_io :base_orig :base_thread
312 If safety matters to you (and why else would you be using the
314 Opcode module?) then you should not rely on the definition of
315 this, or indeed any other, optag!
316 :filesys_read
318 stat lstat readlink
319 ftatime ftblk ftchr ftctime ftdir fteexec fteowned fteread
321 ftewrite ftfile ftis ftlink ftmtime ftpipe ftrexec ftrowned
322 ftrread ftsgid ftsize ftsock ftsuid fttty ftzero ftrwrite ftsvtx
323 fttext ftbinary
325 fileno
327 :sys_db
329 ghbyname ghbyaddr ghostent shostent ehostent -- hosts
330 gnbyname gnbyaddr gnetent snetent enetent -- networks
331 gpbyname gpbynumber gprotoent sprotoent eprotoent -- protocols
332 gsbyname gsbyport gservent sservent eservent -- services
333 gpwnam gpwuid gpwent spwent epwent getlogin -- users
335 ggrnam ggrgid ggrent sgrent egrent -- groups
336 :browse
338 A handy tag name for a reasonable default set of ops beyond the
339 :default optag. Like :default (and indeed all the other optags)
340 its current definition is unstable while development continues. It
341 will change.
342 The :browse tag represents the next step beyond :default. It it a
344 superset of the :default ops and adds :filesys_read the :sys_db.
345 The intent being that scripts can access more (possibly sensitive)
346 information about your system but not be able to change it.
347 :default :filesys_read :sys_db
349 :filesys_open
351 sysopen open close
352 umask binmode
353 open_dir closedir -- other dir ops are in :base_io
355 :filesys_write
357 link unlink rename symlink truncate
358 mkdir rmdir
360 utime chmod chown
362 fcntl -- not strictly filesys related, but possibly as dangerous?
364 :subprocess
366 backtick system
367 fork
369 wait waitpid
371 glob -- access to Cshell via <`rm *`>
373 :ownprocess
375 exec exit kill
376 time tms -- could be used for timing attacks (paranoid?)
378 :others
380 This tag holds groups of assorted specialist opcodes that don't
381 warrant having optags defined for them.
382 SystemV Interprocess Communications:
384 msgctl msgget msgrcv msgsnd
386 semctl semget semop
388 shmctl shmget shmread shmwrite
390 :still_to_be_decided
392 chdir
393 flock ioctl
394 socket getpeername ssockopt
396 bind connect listen accept shutdown gsockopt getsockname
397 sleep alarm -- changes global timer state and signal handling
399 sort -- assorted problems including core dumps
400 tied -- can be used to access object implementing a tie
401 pack unpack -- can be used to create/use memory pointers
402 entereval -- can be used to hide code from initial compile
404 require dofile
405 caller -- get info about calling environment and args
407 reset
409 dbstate -- perl -d version of nextstate(ment) opcode
411 :dangerous
413 This tag is simply a bucket for opcodes that are unlikely to be
414 used via a tag name but need to be tagged for completeness and
415 documentation.
416 syscall dump chroot
418
420 ops(3) -- perl pragma interface to Opcode module.
421 Safe(3) -- Opcode and namespace limited execution compartments
423
425 Originally designed and implemented by Malcolm Beattie, mbeat‐
426 tie@sable.ox.ac.uk as part of Safe version 1.
427 Split out from Safe module version 1, named opcode tags and other
429 changes added by Tim Bunce.
430perl v5.8.8 2001-09-21 Opcode(3pm)