SYNOPSIS
use Opcode;
DESCRIPTION
Perl code is always compiled into an internal format before execution.
Evaluating perl code (e.g. via "eval" or "do 'file'") causes the code
to be compiled into an internal format and then, provided there was no
error in the compilation, executed. The internal format is based on
many distinct opcodes.
By default no opmask is in effect and any code can be compiled.
The Opcode module allow you to define an operator mask to be in effect
when perl next compiles any code. Attempting to compile code which
contains a masked opcode will cause the compilation to fail with an
error. The code will not be executed.
NOTE
The Opcode module is not usually used directly. See the ops pragma and
Safe modules for more typical uses.
WARNING
The authors make no warranty, implied or otherwise, about the suitabil-
ity of this software for safety or security purposes.
The authors shall not in any case be liable for special, incidental,
consequential, indirect or other similar damages arising from the use
of this software.
Your mileage will vary. If in any doubt do not use it.
Operator Names and Operator Lists
The canonical list of operator names is the contents of the array
PL_op_name defined and initialised in file opcode.h of the Perl source
distribution (and installed into the perl library).
Each operator has both a terse name (its opname) and a more verbose or
recognisable descriptive name. The opdesc function can be used to
return a list of descriptions for a list of operators.
Many of the functions and methods listed below take a list of operators
as parameters. Most operator lists can be made up of several types of
element. Each element can be one of
an operator name (opname)
Operator names are typically small lowercase words like enter-
loop, leaveloop, last, next, redo etc. Sometimes they are
rather cryptic like gv2cv, i_ncmp and ftsvtx.
an operator tag name (optag)
Operator tags can be used to refer to groups (or sets) of oper-
The opset and opset_to_ops functions can be used to convert
from a list of operators to an opset and vice versa.
Wherever a list of operators can be given you can use one or
more opsets. See also Manipulating Opsets below.
Opcode Functions
The Opcode package contains functions for manipulating operator names
tags and sets. All are available for export by the package.
opcodes In a scalar context opcodes returns the number of opcodes in
this version of perl (around 350 for perl-5.7.0).
In a list context it returns a list of all the operator names.
(Not yet implemented, use @names = opset_to_ops(full_opset).)
opset (OP, ...)
Returns an opset containing the listed operators.
opset_to_ops (OPSET)
Returns a list of operator names corresponding to those opera-
tors in the set.
opset_to_hex (OPSET)
Returns a string representation of an opset. Can be handy for
debugging.
full_opset
Returns an opset which includes all operators.
empty_opset
Returns an opset which contains no operators.
invert_opset (OPSET)
Returns an opset which is the inverse set of the one supplied.
verify_opset (OPSET, ...)
Returns true if the supplied opset looks like a valid opset (is
the right length etc) otherwise it returns false. If an
optional second parameter is true then verify_opset will croak
on an invalid opset instead of returning false.
Most of the other Opcode functions call verify_opset automati-
cally and will croak if given an invalid opset.
define_optag (OPTAG, OPSET)
Define OPTAG as a symbolic name for OPSET. Optag names always
start with a colon ":".
The optag name used must not be defined already (define_optag
will croak if it is already defined). Optag names are global to
the perl process and optag definitions cannot be altered or
opmask Returns an opset corresponding to the current opmask.
opdesc (OP, ...)
This takes a list of operator names and returns the correspond-
ing list of operator descriptions.
opdump (PAT)
Dumps to STDOUT a two column list of op names and op descrip-
tions. If an optional pattern is given then only lines which
match the (case insensitive) pattern will be output.
It's designed to be used as a handy command line utility:
perl -MOpcode=opdump -e opdump
perl -MOpcode=opdump -e 'opdump Eval'
Manipulating Opsets
Opsets may be manipulated using the perl bit vector operators & (and),
| (or), ^ (xor) and ~ (negate/invert).
However you should never rely on the numerical position of any opcode
within the opset. In other words both sides of a bit vector operator
should be opsets returned from Opcode functions.
Also, since the number of opcodes in your current version of perl might
not be an exact multiple of eight, there may be unused bits in the last
byte of an upset. This should not cause any problems (Opcode functions
ignore those extra bits) but it does mean that using the ~ operator
will typically not produce the same 'physical' opset 'string' as the
invert_opset function.
TO DO (maybe)
$bool = opset_eq($opset1, $opset2) true if opsets are logically eqiv
$yes = opset_can($opset, @ops) true if $opset has all @ops set
@diff = opset_diff($opset1, $opset2) => ('foo', '!bar', ...)
Predefined Opcode Tags
:base_core
null stub scalar pushmark wantarray const defined undef
rv2sv sassign
rv2av aassign aelem aelemfast aslice av2arylen
rv2hv helem hslice each values keys exists delete
preinc i_preinc predec i_predec postinc i_postinc postdec i_postdec
int hex oct abs pow multiply i_multiply divide i_divide
modulo i_modulo add i_add subtract i_subtract
cond_expr flip flop andassign orassign and or xor
warn die lineseq nextstate scope enter leave setstate
rv2cv anoncode prototype
entersub leavesub leavesublv return method method_named -- XXX loops via recursion?
leaveeval -- needed for Safe to operate, is safe without entereval
:base_mem
These memory related ops are not included in :base_core because
they can easily be used to implement a resource attack (e.g., con-
sume all available memory).
concat repeat join range
anonlist anonhash
Note that despite the existence of this optag a memory resource
attack may still be possible using only :base_core ops.
Disabling these ops is a very heavy handed way to attempt to pre-
vent a memory resource attack. It's probable that a specific mem-
ory limit mechanism will be added to perl in the near future.
:base_loop
These loop ops are not included in :base_core because they can
easily be used to implement a resource attack (e.g., consume all
available CPU time).
grepstart grepwhile
mapstart mapwhile
enteriter iter
enterloop leaveloop unstack
last next redo
goto
:base_io
These ops enable filehandle (rather than filename) based input and
output. These are safe on the assumption that only pre-existing
filehandles are available for use. To create new filehandles
other ops such as open would need to be enabled.
readline rcatline getc read
formline enterwrite leavewrite
print sysread syswrite send recv
eof tell seek sysseek
sprintf prtf -- can core dump
crypt
tie untie
dbmopen dbmclose
sselect select
pipe_op sockpair
getppid getpgrp setpgrp getpriority setpriority localtime gmtime
entertry leavetry -- can be used to 'hide' fatal errors
custom -- where should this go
:base_math
These ops are not included in :base_core because of the risk of
them being used to generate floating point exceptions (which would
have to be caught using a $SIG{FPE} handler).
atan2 sin cos exp log sqrt
These ops are not included in :base_core because they have an
effect beyond the scope of the compartment.
rand srand
:base_thread
These ops are related to multi-threading.
lock threadsv
:default
A handy tag name for a reasonable default set of ops. (The cur-
rent ops allowed are unstable while development continues. It will
change.)
:base_core :base_mem :base_loop :base_io :base_orig :base_thread
If safety matters to you (and why else would you be using the
Opcode module?) then you should not rely on the definition of
this, or indeed any other, optag!
:filesys_read
stat lstat readlink
ftatime ftblk ftchr ftctime ftdir fteexec fteowned fteread
ftewrite ftfile ftis ftlink ftmtime ftpipe ftrexec ftrowned
ftrread ftsgid ftsize ftsock ftsuid fttty ftzero ftrwrite ftsvtx
A handy tag name for a reasonable default set of ops beyond the
:default optag. Like :default (and indeed all the other optags)
its current definition is unstable while development continues. It
will change.
The :browse tag represents the next step beyond :default. It it a
superset of the :default ops and adds :filesys_read the :sys_db.
The intent being that scripts can access more (possibly sensitive)
information about your system but not be able to change it.
:default :filesys_read :sys_db
:filesys_open
sysopen open close
umask binmode
open_dir closedir -- other dir ops are in :base_io
:filesys_write
link unlink rename symlink truncate
mkdir rmdir
utime chmod chown
fcntl -- not strictly filesys related, but possibly as dangerous?
:subprocess
backtick system
fork
wait waitpid
glob -- access to Cshell via <`rm *`>
:ownprocess
exec exit kill
time tms -- could be used for timing attacks (paranoid?)
:others
This tag holds groups of assorted specialist opcodes that don't
warrant having optags defined for them.
SystemV Interprocess Communications:
msgctl msgget msgrcv msgsnd
semctl semget semop
shmctl shmget shmread shmwrite
require dofile
caller -- get info about calling environment and args
reset
dbstate -- perl -d version of nextstate(ment) opcode
:dangerous
This tag is simply a bucket for opcodes that are unlikely to be
used via a tag name but need to be tagged for completeness and
documentation.
syscall dump chroot
SEE ALSO
ops(3) -- perl pragma interface to Opcode module.
Safe(3) -- Opcode and namespace limited execution compartments
AUTHORS
Originally designed and implemented by Malcolm Beattie, mbeat-
tie@sable.ox.ac.uk as part of Safe version 1.
Split out from Safe module version 1, named opcode tags and other
changes added by Tim Bunce.
perl v5.8.8 2001-09-21 Opcode(3)
Man(1) output converted with
man2html
|