python_opcode

python 23 minutes read (About 3474 words)

把python的opcode在这里记录,便于查表

Opcode

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
/* Auto-generated by Tools/scripts/generate_opcode_h.py from Lib/opcode.py */
#ifndef Py_OPCODE_H
#define Py_OPCODE_H
#ifdef __cplusplus
extern "C" {
#endif


    /* Instruction opcodes for compiled code */
#define POP_TOP                   1
#define ROT_TWO                   2
#define ROT_THREE                 3
#define DUP_TOP                   4
#define DUP_TOP_TWO               5
#define ROT_FOUR                  6
#define NOP                       9
#define UNARY_POSITIVE           10
#define UNARY_NEGATIVE           11
#define UNARY_NOT                12
#define UNARY_INVERT             15
#define BINARY_MATRIX_MULTIPLY   16
#define INPLACE_MATRIX_MULTIPLY  17
#define BINARY_POWER             19
#define BINARY_MULTIPLY          20
#define BINARY_MODULO            22
#define BINARY_ADD               23
#define BINARY_SUBTRACT          24
#define BINARY_SUBSCR            25
#define BINARY_FLOOR_DIVIDE      26
#define BINARY_TRUE_DIVIDE       27
#define INPLACE_FLOOR_DIVIDE     28
#define INPLACE_TRUE_DIVIDE      29
#define RERAISE                  48
#define WITH_EXCEPT_START        49
#define GET_AITER                50
#define GET_ANEXT                51
#define BEFORE_ASYNC_WITH        52
#define END_ASYNC_FOR            54
#define INPLACE_ADD              55
#define INPLACE_SUBTRACT         56
#define INPLACE_MULTIPLY         57
#define INPLACE_MODULO           59
#define STORE_SUBSCR             60
#define DELETE_SUBSCR            61
#define BINARY_LSHIFT            62
#define BINARY_RSHIFT            63
#define BINARY_AND               64
#define BINARY_XOR               65
#define BINARY_OR                66
#define INPLACE_POWER            67
#define GET_ITER                 68
#define GET_YIELD_FROM_ITER      69
#define PRINT_EXPR               70
#define LOAD_BUILD_CLASS         71
#define YIELD_FROM               72
#define GET_AWAITABLE            73
#define LOAD_ASSERTION_ERROR     74
#define INPLACE_LSHIFT           75
#define INPLACE_RSHIFT           76
#define INPLACE_AND              77
#define INPLACE_XOR              78
#define INPLACE_OR               79
#define LIST_TO_TUPLE            82
#define RETURN_VALUE             83
#define IMPORT_STAR              84
#define SETUP_ANNOTATIONS        85
#define YIELD_VALUE              86
#define POP_BLOCK                87
#define POP_EXCEPT               89
#define HAVE_ARGUMENT            90
#define STORE_NAME               90
#define DELETE_NAME              91
#define UNPACK_SEQUENCE          92
#define FOR_ITER                 93
#define UNPACK_EX                94
#define STORE_ATTR               95
#define DELETE_ATTR              96
#define STORE_GLOBAL             97
#define DELETE_GLOBAL            98
#define LOAD_CONST              100
#define LOAD_NAME               101
#define BUILD_TUPLE             102
#define BUILD_LIST              103
#define BUILD_SET               104
#define BUILD_MAP               105
#define LOAD_ATTR               106
#define COMPARE_OP              107
#define IMPORT_NAME             108
#define IMPORT_FROM             109
#define JUMP_FORWARD            110
#define JUMP_IF_FALSE_OR_POP    111
#define JUMP_IF_TRUE_OR_POP     112
#define JUMP_ABSOLUTE           113
#define POP_JUMP_IF_FALSE       114
#define POP_JUMP_IF_TRUE        115
#define LOAD_GLOBAL             116
#define IS_OP                   117
#define CONTAINS_OP             118
#define JUMP_IF_NOT_EXC_MATCH   121
#define SETUP_FINALLY           122
#define LOAD_FAST               124
#define STORE_FAST              125
#define DELETE_FAST             126
#define RAISE_VARARGS           130
#define CALL_FUNCTION           131
#define MAKE_FUNCTION           132
#define BUILD_SLICE             133
#define LOAD_CLOSURE            135
#define LOAD_DEREF              136
#define STORE_DEREF             137
#define DELETE_DEREF            138
#define CALL_FUNCTION_KW        141
#define CALL_FUNCTION_EX        142
#define SETUP_WITH              143
#define EXTENDED_ARG            144
#define LIST_APPEND             145
#define SET_ADD                 146
#define MAP_ADD                 147
#define LOAD_CLASSDEREF         148
#define SETUP_ASYNC_WITH        154
#define FORMAT_VALUE            155
#define BUILD_CONST_KEY_MAP     156
#define BUILD_STRING            157
#define LOAD_METHOD             160
#define CALL_METHOD             161
#define LIST_EXTEND             162
#define SET_UPDATE              163
#define DICT_MERGE              164
#define DICT_UPDATE             165

/* EXCEPT_HANDLER is a special, implicit block type which is created when
   entering an except handler. It is not an opcode but we define it here
   as we want it to be available to both frameobject.c and ceval.c, while
   remaining private.*/
#define EXCEPT_HANDLER 257

#define HAS_ARG(op) ((op) >= HAVE_ARGUMENT)

#ifdef __cplusplus
}
#endif
#endif /* !Py_OPCODE_H */

对应指令的含义如下:

Bytecode Instructions

The Python compiler currently generates the following bytecode instructions.

  • STOP_CODE()

    Indicates end-of-code to the compiler, not used by the interpreter.

  • NOP()

    Do nothing code. Used as a placeholder by the bytecode optimizer.

  • POP_TOP()

    Removes the top-of-stack (TOS) item.

  • ROT_TWO()

    Swaps the two top-most stack items.

  • ROT_THREE()

    Lifts second and third stack item one position up, moves top down to position three.

  • ROT_FOUR()

    Lifts second, third and forth stack item one position up, moves top down to position four.

  • DUP_TOP()

    Duplicates the reference on top of the stack.

Unary Operations take the top of the stack, apply the operation, and push the result back on the stack.

  • UNARY_POSITIVE()

    Implements TOS = +TOS.

  • UNARY_NEGATIVE()

    Implements TOS = -TOS.

  • UNARY_NOT()

    Implements TOS = not TOS.

  • UNARY_CONVERT()

    Implements TOS = TOS``.

  • UNARY_INVERT()

    Implements TOS = ~TOS.

  • GET_ITER()

    Implements TOS = iter(TOS).

Binary operations remove the top of the stack (TOS) and the second top-most stack item (TOS1) from the stack. They perform the operation, and put the result back on the stack.

  • BINARY_POWER()

    Implements TOS = TOS1 ** TOS.

  • BINARY_MULTIPLY()

    Implements TOS = TOS1 * TOS.

  • BINARY_DIVIDE()

    Implements TOS = TOS1 / TOS when from __future__ import division is not in effect.

  • BINARY_FLOOR_DIVIDE()

    Implements TOS = TOS1 // TOS.

  • BINARY_TRUE_DIVIDE()

    Implements TOS = TOS1 / TOS when from __future__ import division is in effect.

  • BINARY_MODULO()

    Implements TOS = TOS1 % TOS.

  • BINARY_ADD()

    Implements TOS = TOS1 + TOS.

  • BINARY_SUBTRACT()

    Implements TOS = TOS1 - TOS.

  • BINARY_SUBSCR()

    Implements TOS = TOS1[TOS].

  • BINARY_LSHIFT()

    Implements TOS = TOS1 << TOS.

  • BINARY_RSHIFT()

    Implements TOS = TOS1 >> TOS.

  • BINARY_AND()

    Implements TOS = TOS1 & TOS.

  • BINARY_XOR()

    Implements TOS = TOS1 ^ TOS.

  • BINARY_OR()

    Implements TOS = TOS1 | TOS.

In-place operations are like binary operations, in that they remove TOS and TOS1, and push the result back on the stack, but the operation is done in-place when TOS1 supports it, and the resulting TOS may be (but does not have to be) the original TOS1.

  • INPLACE_POWER()

    Implements in-place TOS = TOS1 ** TOS.

  • INPLACE_MULTIPLY()

    Implements in-place TOS = TOS1 * TOS.

  • INPLACE_DIVIDE()

    Implements in-place TOS = TOS1 / TOS when from __future__ import division is not in effect.

  • INPLACE_FLOOR_DIVIDE()

    Implements in-place TOS = TOS1 // TOS.

  • INPLACE_TRUE_DIVIDE()

    Implements in-place TOS = TOS1 / TOS when from __future__ import division is in effect.

  • INPLACE_MODULO()

    Implements in-place TOS = TOS1 % TOS.

  • INPLACE_ADD()

    Implements in-place TOS = TOS1 + TOS.

  • INPLACE_SUBTRACT()

    Implements in-place TOS = TOS1 - TOS.

  • INPLACE_LSHIFT()

    Implements in-place TOS = TOS1 << TOS.

  • INPLACE_RSHIFT()

    Implements in-place TOS = TOS1 >> TOS.

  • INPLACE_AND()

    Implements in-place TOS = TOS1 & TOS.

  • INPLACE_XOR()

    Implements in-place TOS = TOS1 ^ TOS.

  • INPLACE_OR()

    Implements in-place TOS = TOS1 | TOS.

The slice opcodes take up to three parameters.

  • SLICE+0()

    Implements TOS = TOS[:].

  • SLICE+1()

    Implements TOS = TOS1[TOS:].

  • SLICE+2()

    Implements TOS = TOS1[:TOS].

  • SLICE+3()

    Implements TOS = TOS2[TOS1:TOS].

Slice assignment needs even an additional parameter. As any statement, they put nothing on the stack.

  • STORE_SLICE+0()

    Implements TOS[:] = TOS1.

  • STORE_SLICE+1()

    Implements TOS1[TOS:] = TOS2.

  • STORE_SLICE+2()

    Implements TOS1[:TOS] = TOS2.

  • STORE_SLICE+3()

    Implements TOS2[TOS1:TOS] = TOS3.

  • DELETE_SLICE+0()

    Implements del TOS[:].

  • DELETE_SLICE+1()

    Implements del TOS1[TOS:].

  • DELETE_SLICE+2()

    Implements del TOS1[:TOS].

  • DELETE_SLICE+3()

    Implements del TOS2[TOS1:TOS].

  • STORE_SUBSCR()

    Implements TOS1[TOS] = TOS2.

  • DELETE_SUBSCR()

    Implements del TOS1[TOS].

Miscellaneous opcodes.

  • PRINT_EXPR()

    Implements the expression statement for the interactive mode. TOS is removed from the stack and printed. In non-interactive mode, an expression statement is terminated with POP_TOP.

  • PRINT_ITEM()

    Prints TOS to the file-like object bound to sys.stdout. There is one such instruction for each item in the print statement.

  • PRINT_ITEM_TO()

    Like PRINT_ITEM, but prints the item second from TOS to the file-like object at TOS. This is used by the extended print statement.

  • PRINT_NEWLINE()

    Prints a new line on sys.stdout. This is generated as the last operation of a print statement, unless the statement ends with a comma.

  • PRINT_NEWLINE_TO()

    Like PRINT_NEWLINE, but prints the new line on the file-like object on the TOS. This is used by the extended print statement.

  • BREAK_LOOP()

    Terminates a loop due to a break statement.

  • CONTINUE_LOOP(target)

    Continues a loop due to a continue statement. target is the address to jump to (which should be a FOR_ITER instruction).

  • LIST_APPEND(i)

    Calls list.append(TOS[-i], TOS). Used to implement list comprehensions. While the appended value is popped off, the list object remains on the stack so that it is available for further iterations of the loop.

  • LOAD_LOCALS()

    Pushes a reference to the locals of the current scope on the stack. This is used in the code for a class definition: After the class body is evaluated, the locals are passed to the class definition.

  • RETURN_VALUE()

    Returns with TOS to the caller of the function.

  • YIELD_VALUE()

    Pops TOS and yields it from a generator.

  • IMPORT_STAR()

    Loads all symbols not starting with '_' directly from the module TOS to the local namespace. The module is popped after loading all names. This opcode implements from module import *.

  • EXEC_STMT()

    Implements exec TOS2,TOS1,TOS. The compiler fills missing optional parameters with None.

  • POP_BLOCK()

    Removes one block from the block stack. Per frame, there is a stack of blocks, denoting nested loops, try statements, and such.

  • END_FINALLY()

    Terminates a finally clause. The interpreter recalls whether the exception has to be re-raised, or whether the function returns, and continues with the outer-next block.

  • BUILD_CLASS()

    Creates a new class object. TOS is the methods dictionary, TOS1 the tuple of the names of the base classes, and TOS2 the class name.

  • SETUP_WITH(delta)

    This opcode performs several operations before a with block starts. First, it loads __exit__() from the context manager and pushes it onto the stack for later use by WITH_CLEANUP. Then, __enter__() is called, and a finally block pointing to delta is pushed. Finally, the result of calling the enter method is pushed onto the stack. The next opcode will either ignore it (POP_TOP), or store it in (a) variable(s) (STORE_FAST, STORE_NAME, or UNPACK_SEQUENCE).

  • WITH_CLEANUP()

    Cleans up the stack when a with statement block exits. On top of the stack are 1–3 values indicating how/why the finally clause was entered:TOP = None(TOP, SECOND) = (WHY_{RETURN,CONTINUE}), retvalTOP = WHY_*; no retval below it(TOP, SECOND, THIRD) = exc_info()Under them is EXIT, the context manager’s __exit__() bound method.In the last case, EXIT(TOP, SECOND, THIRD) is called, otherwise EXIT(None, None, None).EXIT is removed from the stack, leaving the values above it in the same order. In addition, if the stack represents an exception, and the function call returns a ‘true’ value, this information is “zapped”, to prevent END_FINALLY from re-raising the exception. (But non-local gotos should still be resumed.)

All of the following opcodes expect arguments. An argument is two bytes, with the more significant byte last.

  • STORE_NAME(namei)

    Implements name = TOS. namei is the index of name in the attribute co_names of the code object. The compiler tries to use STORE_FAST or STORE_GLOBAL if possible.

  • DELETE_NAME(namei)

    Implements del name, where namei is the index into co_names attribute of the code object.

  • UNPACK_SEQUENCE(count)

    Unpacks TOS into count individual values, which are put onto the stack right-to-left.

  • DUP_TOPX(count)

    Duplicate count items, keeping them in the same order. Due to implementation limits, count should be between 1 and 5 inclusive.

  • STORE_ATTR(namei)

    Implements TOS.name = TOS1, where namei is the index of name in co_names.

  • DELETE_ATTR(namei)

    Implements del TOS.name, using namei as index into co_names.

  • STORE_GLOBAL(namei)

    Works as STORE_NAME, but stores the name as a global.

  • DELETE_GLOBAL(namei)

    Works as DELETE_NAME, but deletes a global name.

  • LOAD_CONST(consti)

    Pushes co_consts[consti] onto the stack.

  • LOAD_NAME(namei)

    Pushes the value associated with co_names[namei] onto the stack.

  • BUILD_TUPLE(count)

    Creates a tuple consuming count items from the stack, and pushes the resulting tuple onto the stack.

  • BUILD_LIST(count)

    Works as BUILD_TUPLE, but creates a list.

  • BUILD_SET(count)

    Works as BUILD_TUPLE, but creates a set.New in version 2.7.

  • BUILD_MAP(count)

    Pushes a new dictionary object onto the stack. The dictionary is pre-sized to hold count entries.

  • LOAD_ATTR(namei)

    Replaces TOS with getattr(TOS, co_names[namei]).

  • COMPARE_OP(opname)

    Performs a Boolean operation. The operation name can be found in cmp_op[opname].

  • IMPORT_NAME(namei)

    Imports the module co_names[namei]. TOS and TOS1 are popped and provide the fromlist and level arguments of __import__(). The module object is pushed onto the stack. The current namespace is not affected: for a proper import statement, a subsequent STORE_FAST instruction modifies the namespace.

  • IMPORT_FROM(namei)

    Loads the attribute co_names[namei] from the module found in TOS. The resulting object is pushed onto the stack, to be subsequently stored by a STORE_FAST instruction.

  • JUMP_FORWARD(delta)

    Increments bytecode counter by delta.

  • POP_JUMP_IF_TRUE(target)

    If TOS is true, sets the bytecode counter to target. TOS is popped.

  • POP_JUMP_IF_FALSE(target)

    If TOS is false, sets the bytecode counter to target. TOS is popped.

  • JUMP_IF_TRUE_OR_POP(target)

    If TOS is true, sets the bytecode counter to target and leaves TOS on the stack. Otherwise (TOS is false), TOS is popped.

  • JUMP_IF_FALSE_OR_POP(target)

    If TOS is false, sets the bytecode counter to target and leaves TOS on the stack. Otherwise (TOS is true), TOS is popped.

  • JUMP_ABSOLUTE(target)

    Set bytecode counter to target.

  • FOR_ITER(delta)

    TOS is an iterator. Call its next() method. If this yields a new value, push it on the stack (leaving the iterator below it). If the iterator indicates it is exhausted TOS is popped, and the bytecode counter is incremented by delta.

  • LOAD_GLOBAL(namei)

    Loads the global named co_names[namei] onto the stack.

  • SETUP_LOOP(delta)

    Pushes a block for a loop onto the block stack. The block spans from the current instruction with a size of delta bytes.

  • SETUP_EXCEPT(delta)

    Pushes a try block from a try-except clause onto the block stack. delta points to the first except block.

  • SETUP_FINALLY(delta)

    Pushes a try block from a try-except clause onto the block stack. delta points to the finally block.

  • STORE_MAP()

    Store a key and value pair in a dictionary. Pops the key and value while leaving the dictionary on the stack.

  • LOAD_FAST(var_num)

    Pushes a reference to the local co_varnames[var_num] onto the stack.

  • STORE_FAST(var_num)

    Stores TOS into the local co_varnames[var_num].

  • DELETE_FAST(var_num)

    Deletes local co_varnames[var_num].

  • LOAD_CLOSURE(i)

    Pushes a reference to the cell contained in slot i of the cell and free variable storage. The name of the variable is co_cellvars[i] if i is less than the length of co_cellvars. Otherwise it is co_freevars[i - len(co_cellvars)].

  • LOAD_DEREF(i)

    Loads the cell contained in slot i of the cell and free variable storage. Pushes a reference to the object the cell contains on the stack.

  • STORE_DEREF(i)

    Stores TOS into the cell contained in slot i of the cell and free variable storage.

  • SET_LINENO(lineno)

    This opcode is obsolete.

  • RAISE_VARARGS(argc)

    Raises an exception. argc indicates the number of arguments to the raise statement, ranging from 0 to 3. The handler will find the traceback as TOS2, the parameter as TOS1, and the exception as TOS.

  • CALL_FUNCTION(argc)

    Calls a callable object. The low byte of argc indicates the number of positional arguments, the high byte the number of keyword arguments. The stack contains keyword arguments on top (if any), then the positional arguments below that (if any), then the callable object to call below that. Each keyword argument is represented with two values on the stack: the argument’s name, and its value, with the argument’s value above the name on the stack. The positional arguments are pushed in the order that they are passed in to the callable object, with the right-most positional argument on top. CALL_FUNCTION pops all arguments and the callable object off the stack, calls the callable object with those arguments, and pushes the return value returned by the callable object.

  • MAKE_FUNCTION(argc)

    Pushes a new function object on the stack. TOS is the code associated with the function. The function object is defined to have argc default parameters, which are found below TOS.

  • MAKE_CLOSURE(argc)

    Creates a new function object, sets its func_closure slot, and pushes it on the stack. TOS is the code associated with the function, TOS1 the tuple containing cells for the closure’s free variables. The function also has argc default parameters, which are found below the cells.

  • BUILD_SLICE(argc)

    Pushes a slice object on the stack. argc must be 2 or 3. If it is 2, slice(TOS1, TOS) is pushed; if it is 3, slice(TOS2, TOS1, TOS) is pushed. See the slice() built-in function for more information.

  • EXTENDED_ARG(ext)

    Prefixes any opcode which has an argument too big to fit into the default two bytes. ext holds two additional bytes which, taken together with the subsequent opcode’s argument, comprise a four-byte argument, ext being the two most-significant bytes.

  • CALL_FUNCTION_VAR(argc)

    Calls a callable object, similarly to CALL_FUNCTION. argc represents the number of keyword and positional arguments, identically to CALL_FUNCTION. The top of the stack contains an iterable object containing additional positional arguments. Below that are keyword arguments (if any), positional arguments (if any) and a callable object, identically to CALL_FUNCTION. Before the callable object is called, the iterable object is “unpacked” and its contents are appended to the positional arguments passed in. The iterable object is ignored when computing the value of argc.

  • CALL_FUNCTION_KW(argc)

    Calls a callable object, similarly to CALL_FUNCTION. argc represents the number of keyword and positional arguments, identically to CALL_FUNCTION. The top of the stack contains a mapping object containing additional keyword arguments. Below that are keyword arguments (if any), positional arguments (if any) and a callable object, identically to CALL_FUNCTION. Before the callable is called, the mapping object at the top of the stack is “unpacked” and its contents are appended to the keyword arguments passed in. The mapping object at the top of the stack is ignored when computing the value of argc.

  • CALL_FUNCTION_VAR_KW(argc)

    Calls a callable object, similarly to CALL_FUNCTION_VAR and CALL_FUNCTION_KW. argc represents the number of keyword and positional arguments, identically to CALL_FUNCTION. The top of the stack contains a mapping object, as per CALL_FUNCTION_KW. Below that is an iterable object, as per CALL_FUNCTION_VAR. Below that are keyword arguments (if any), positional arguments (if any) and a callable object, identically to CALL_FUNCTION. Before the callable is called, the mapping object and iterable object are each “unpacked” and their contents passed in as keyword and positional arguments respectively, identically to CALL_FUNCTION_VAR and CALL_FUNCTION_KW. The mapping object and iterable object are both ignored when computing the value of argc.

  • HAVE_ARGUMENT()

    This is not really an opcode. It identifies the dividing line between opcodes which don’t take arguments < HAVE_ARGUMENT and those which do >= HAVE_ARGUMENT.

#查表 #python #opcode
b01lersCTF-2020-wp 攻防世界-re部分题解(五)

Comments

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×