Modify by:MG193.7 5 |
My Blog 6 |
My Github 7 |
Base on vld document 8 |
9 |
| Opcode name | 13 |Explanation | 14 |Example (phpdbg) | 15 |
| NOP | 18 |no operation | 19 |NOP | 20 |
| ADD | 23 |Adds "value1" to "value2" and stores the result into "result". | 24 |ADD 1 2 ~0 25 | $a = 1+2; |
26 |
| SUB | 29 |Subtracts "value2" from "value1" and stores the result into "result". | 30 |SUB 2 1 ~0 31 | $a = 2-1; |
32 |
| MUL | 35 |Multiplys "value1" by "value2" and stores the result into "result". | 36 |MUL 1 2 ~0 37 | $a = 1*2; |
38 |
| DIV | 41 |Divides "value1" by "value2" and stores the result into "result". | 42 |DIV 6 3 ~0 43 | $a = 6/3; |
44 |
| MOD | 46 |Makes the value of "result" congruent to "value1" modulo "value2". | 47 |MOD 6 3 ~0 48 | $a = 6%3; |
49 |
| SL | 51 |Shift bits of value1 to the left value2 steps (each step means "multiply by two") | 52 |SL 8 2 ~0 53 | $a = 8<<2; |
54 |
| SR | 56 |Shift bits of value1 to the right value2 steps (each step means "divide by two") | 57 |SR 8 2 ~0 58 | $a = 8>>2; |
59 |
| CONCAT | 61 |Concats string values string1 and string2 | 62 |CONCAT "A" "B" ~0 63 | echo "A"."B"; |
64 |
| BW_OR | 66 |Bit-wise or of value1 and value2 | 67 |BW_OR 1 2 ~0 68 | echo 1|2; |
69 |
| BW_AND | 71 |Bit-wise and of value1 and value2 | 72 |BW_AND 1 2 ~0 73 | echo 1&2; |
74 |
| BW_XOR | 76 |Bit-wise xor of value1 and value2 | 77 |BW_XOR 1 2 ~0 78 | echo 1^2; |
79 |
| BW_NOT | 81 |Bit-wise not of "value" | 82 |BW_NOT 15 ~0 83 | echo ~15; |
84 |
| BOOL_NOT | 86 |Boolean (logical) not of "value" | 87 |BOOL_NOT 1 ~0 88 | echo !1; |
89 |
| BOOL_XOR | 91 |Boolean (logical) xor of value1 | 92 |BOOL 1 2 ~0 93 | echo 1 xor 2; |
94 |
| IS_IDENTICAL | 96 |Compares value1 and value2 to see if they are equal AND have the same type | 97 |IS_IDENTICAL 1 1 ~0 98 | echo (1===1); |
99 |
| IS_NOT_IDENTICAL | 101 |compares value1 and value2 to see if they are unequal or of different types | 102 |IS_NOT_IDENTICAL 1 1 ~0 103 | echo (1!==1); |
104 |
| IS_EQUAL | 106 |compares if value1 and value2 are equal | 107 |IS_EQUAL 1 1 ~0 108 | echo (1==1); |
109 |
| IS_NOT_EQUAL | 111 |compares if value1 and value2 are not equal | 112 |IS_NOT_EQUAL 1 1 ~0 113 | echo (1!=1); |
114 |
| IS_SMALLER | 116 |compares if value1 is less than value2 | 117 |IS_SMALLER1 1 2 ~0 118 | echo (1 < 2); |
119 |
| IS_SMALLER_OR_EQUAL | 121 |compares if value1 is less than or equal to value2 | 122 |IS_SMALLER_OR_EQUAL 2 1 ~0 123 | echo (2<=1); |
124 |
| CAST | 126 |casts value1 as type value2 (type in extended_value) | 127 |CAST<4> 1 ~0 128 | echo (int)1; |
129 |
| QM_ASSIGN | 131 |Question Mark Assign, used twice inside a question mark assign to temporarily assign result as value1 (this is followed up with an ASSIGN bytecode) | 132 |
133 | JMPZ 1 J3 134 | QM_ASSIGN 1 ~0 135 | JMP J4 136 | QM_ASSIGN 2 ~0 137 | ECHO ~0 138 | echo (1?1:2); 139 | |
140 |
| ASSIGN_ADD | 142 |Add value1 to value2 and store in variable indicated by value1 | 143 |ASSIGN_ADD $a 2 144 | $a+=2; |
145 |
| ASSIGN_SUB | 147 |Subtract value1 from value2 and store in variable indicated by value1 | 148 |ASSIGN_SUB $a 2 149 | $a-=2; |
150 |
| ASSIGN_MUL | 152 |Multiply result by value1 and store in variable indicated by result | 153 |ASSIGN_MUL $a 2 154 | $a*=2; |
155 |
| ASSIGN_DIV | 157 |Divide result by value1and store in variable indicated by result. | 158 |ASSIGN_DIV $a 2 159 | $a/=2; |
160 |
| ASSIGN_MOD | 162 |Perform result mod value1 and store in variable indicated by result | 163 |ASSIGN_MOD $a 2 164 | $a%=2; |
165 |
| ASSIGN_SL | 167 |Shift result by value1 bits to left and store in variable indicated by result | 168 |ASSIGN_SL $a 2 169 | $a<<=2; |
170 |
| ASSIGN_SR | 172 |Shift result by value1 bits to right and store in variable indicated by result | 173 |ASSIGN_SR $a 2 174 | $a>>=2; |
175 |
| ASSIGN_CONCAT | 177 |Concats string values result and value1 and store in variable indicated by result | 178 |ASSIGN_CONCAT $a 'z' 179 | $a.='z'; |
180 |
| ASSIGN_BW_OR | 182 |Performs binary OR on result and value1 and stores in variable indicated by result. | 183 |ASSIGN_BW_OR $a 64 184 | $a|=64; |
185 |
| ASSIGN_BW_AND | 187 |Performs binary AND on result and value1 and stores in variable indicated by result. | 188 |ASSIGN_BW_AND $a 64 189 | $a &=64; |
190 |
| ASSIGN_BW_XOR | 192 |Performs binary XOR on result and value1and stores in variable indicated by result. | 193 |ASSIGN_BW_XOR $a 64 194 | $a ^=64; |
195 |
| PRE_INC | 197 |increments variable indicated by value1 by 1 (before performing other operations) and stores in result | 198 |PRE_INC $a 199 | ++$a; |
200 |
| PRE_DEC | 202 |decrements variable indicated by value1 by 1 (before performing other operations) and stores in results | 203 |PRE_DEC $a 204 | --$a; |
205 |
| POST_INC | 207 |increments variable indicated by value1 by 1 (after performing other operations) and stores in result | 208 |POST_INC $a ~0 209 | $a++; |
210 |
| POST_DEC | 212 |decrements variable indicated by value1 by 1 (after performing other operations) and stores in result | 213 |POST_DEC $a ~0 214 | $a--; |
215 |
| ASSIGN | 217 |assigns value1 to result | 218 |ASSIGN $a $b 219 | $a=$b; |
220 |
| ASSIGN_REF | 222 |UNKNOW in phpdbg. 223 | Maybe you could refer to ASSIGN_REF |
224 | UNKNOW | 225 |
| ECHO | 227 |Dump text | 228 |ECHO "hello world" 229 | echo "hello world"; |
230 |
| Same as ECHO? | 233 |ECHO<1> "hello world" 234 | print 'hello world'; 235 | If you want to refer the opcodes in vld, you could see PRINT 236 | |
237 | |
| JMP | 239 |Unconditonally jump to the address | 240 |#0 IS_EQUAL $a "a" ~0 241 | #1 JMPZ ~0 J4 242 | #2 ECHO 1 243 | #3 JMP J5 244 | #4 ECHO 2 245 | #5 RETURN<-1> 1 246 | if($a=="a"){echo 1;}else{echo 2;} |
247 |
| JMPZ | 249 |Jump to the address if the value is zero | 250 |You could see the opcodes in JMP | 251 |
| JMPNZ | 253 |Jump to the address if the value is not zero | 254 |... 255 | JMPNZ ~0 JX 256 | ... 257 | if($b!=0){...} 258 | |
259 |
| JMPZNZ | 261 |Jump to the address given in the operands if the value is zero; jump to the address given in extended data if nonzero. |
262 | UNKNOW in phpdbg 263 | You could refer to JMPZNZ |
264 |
| JMPZ_EX | 266 |Jump to the address if the value is zero. | 267 |#0 JMPZ_EX $a J2 ~0 268 | #1 BOOL true ~0 269 | #2 JMPZ ~0 270 | #3 RETURN<-1> 1 271 | if($a&&true){} |
272 |
| JMPNZ_EX | 274 |Jump to the address if the value is not zero. | 275 |#0 JMPZ_EX $a J2 ~0 276 | #1 BOOL true ~0 277 | #2 JMPZ ~0 278 | #3 RETURN<-1> 1 279 | if($a||true){} |
280 |
| CASE | 282 |UNKNOW | 283 |Do not found CASE opcode in phpdbg, 284 | You could refer to CASE |
285 |
| SWITCH_FREE | 287 |Release the allocated space of "value"? | 288 |Do not found SWITCH_FREE in phpdbg, 289 | You could refer to SWITCH_FREE 290 | |
291 |
| BRK | 293 |It means "break" in vld, But not found this opcode in phpdbg. 294 | If you want to break in while-loop(or something else),phpdbg will simply use JMP opcode jump out the loop,instead of use "BRK" opcode. |
295 | #0 JMP J2 296 | #1 JMP J3 297 | #2 JMPNZ 1 J1 298 | #3 RETURN<-1> 1 299 | while(1){break;} 300 | You also could see BRK |
301 |
| CONT | 303 |Same as BRK opcode, 304 | this opcode means "continue" in vld, 305 | But not found this opcode in phpdbg. 306 | phpdbg still use JMP to control the flow in loop. |
307 | You could refer to CONT | 308 |
| BOOL | 310 |convert value to boolean and store in result | 311 |#0 JMPZ_EX $a J2 ~0 312 | #1 BOOL true ~0 313 | #2 JMPZ ~0 314 | #3 RETURN<-1> 1 315 | if($a&&true){} |
316 |
| ROPE_INIT | 318 |when create a string that cotains variable, 319 | this opcode used to init this string and store the string of begining part to result |
320 | ROPE_INIT<3> "Test" ~1 321 | ROPE_ADD<1> ~1 $a ~1 322 | ROPE_END<2> ~1 " Test" ~0 323 | ECHO ~0 324 | echo "Test$a Test"; |
325 |
| ROPE_ADD | 327 |after ROPE_INIT opcode,continue add a variable to string,and store the string to result. | 328 |Could see ROPE_INIT part | 329 |
| ROPE_END | 331 |after ROPE_INIT opcode,continue add a string to the whole string,and treat the string just added as the end of the whole string. | 332 |Could see ROPE_INIT part | 333 |
| FAST_CONCAT | 335 |concats value1 and value2,than stored it to the result | 336 |
337 | FAST_CONCAT "Test" $a ~0 338 | ECHO ~0 339 | echo "Test$a"; 340 | |
341 |
| BEGIN_SILENCE | 343 |prepare to perform function call without displaying error messages | 344 |BEGIN_SILENCE ~0 345 | INIT_FCALL<1> 96 "file" SEND_VAL"non_existent_file" 1 346 | DO_ICALL @1 347 | END_SILENCE ~0 348 | ASSIGN $a @1 349 | RETURN<-1> 1 350 | $a = @file("non_existent_file"); |
351 |
| END_SILENCE | 353 |no longer surpress error messages | 354 |See BEGIN_SILENCE part | 355 |
| INIT_FCALL | 357 |init a function going to call | 358 |INIT_FCALL<1> 96 "abs" 359 | SEND_VAL 2 1 360 | DO_ICALL 361 | abs(2); |
362 |
| INIT_DYNAMIC_CALL | 364 |call to function dynamicly | 365 |ASSIGN $x "phpinfo" 366 | INIT_DYNAMIC_CALL $x 367 | DO_FCALL 368 | $x = 'phpinfo'; $x(); |
369 |
| INIT_FCALL_BY_NAME | 371 |call to function | 372 |INIT_FCALL_BY_NAME "test" 373 | DO_FCALL @1 374 | ASSIGN $a @1 375 | $a = test(); |
376 |
| DO_FCALL | 378 |Call a function. 379 | If the result of called function was stored to a variable,this opcode must take a result! |
380 | See INIT_DYNAMIC_CALL and INIT_FCALL_BY_NAME part | 381 |
| DO_FCALL_BY_NAME | 383 |Call a function by name. | 384 |UNKNOW in phpdbg, 385 | You could see DO_FCALL_BY_NAME |
386 |
| RETURN | 388 |Return value from a funciton. | 389 |RETURN 1 390 | return 1; |
391 |
| RECV | 393 |Receive the number of functoin arguments | 394 |RECV 1 $a 395 | RETURN<-1> null 396 | function test($a){} |
397 |
| RECV_INIT | 399 |Initialize a function argument with "value" if not received from caller. 400 | Otherwise same as RECV. |
401 | RECV_INIT 1 "test" $t 402 | RETURN<-1> null 403 | function a($t="test"){} |
404 |
| SEND_VAL | 406 |Pass the constant value as an actual parameter to a function. | 407 |INIT_FCALL<2> 112 "hello" 408 | SEND_VAL "world" 1 409 | SEND_VAL "ok" 2 410 | DO_FCALL 411 | hello("world","ok"); |
412 |
| SEND_VAL_EX | 414 |Pass the constant value as an actual parameter to a function.Same as SEND_VAL_EX | 415 |INIT_FCALL_BY_NAME<2> "hello" 416 | SEND_VAL_EX "world" 1 417 | SEND_VAL_EX "ok" 2 418 | DO_FCALL 419 | hello("world","ok"); |
420 |
| SEND_VAR | 422 |Pass the variable value as an actual parameter to a function. | 423 |ASSIGN $a 1 424 | INIT_FCALL<1> 96 "abs" 425 | SEND_VAR $a 1 426 | DO_ICALL 427 | $a=1;abs($a); |
428 |
| SEND_VAR_EX | 430 |Pass the variable value as an actual parameter to a function.Same as SEND_VAR. | 431 |ASSIGN $a 1 432 | INIT_FCALL_BY_NAME<1> "test" 433 | SEND_VAR_EX $a 1 434 | DO_ICALL 435 | $a=1;test($a); |
436 |
| SEND_REF | 438 |Pass the reference value as an actual parameter to a function. | 439 |INIT_FCALL<1> 96 "each" 440 | SEND_REF $a 1 441 | DO_ICALL 442 | @each($a); |
443 |
| NEW | 445 |Construct an instance of "type" and store the reference to the object into "result". | 446 |NEW<2> "A" @1 447 | SEND_VAL_EX "a" 1 448 | DO_FCALL 449 | FREE @1 450 | new A("a"); 451 | |
452 |
| INIT_NS_FCALL_BY_NAME | 454 |No sample in vld or phpdbg. | 455 |UNKNOW | 456 |
| FREE | 458 |Release the allocated space of the value. | 459 |Could see NEW part | 460 |
| INIT_ARRAY | 462 |Allocate a new array with elem-value as the first element of the array. | 463 |UNKNOW in phpdbg, 464 | You could refer to INIT_ARRAY |
465 |
| ADD_ARRAY_ELEMENT | 467 |Add elem-value as an element to array-value | 468 |UNKNOW in phpdbg, 469 | You could refer to ADD_ARRAY_ELEMENT |
470 |
| INCLUDE_OR_EVAL | 472 |Include the file specified by filename and eval it. | 473 |INCLUDE_OR_EVAL<2> "test.php" 474 | INCLUDE_OR_EVAL<1> "echo 1;" 475 | include "test.php"; 476 | eval("echo 1;"); |
477 |
| UNSET_CV | 479 |Unset the variable. | 480 |UNSET_CV $A 481 | unset($A); |
482 |
| UNSET_VAR | 484 |Unset the variable. | 485 |ASSIGN $A "x" 486 | UNSET_VAR<4> $A 487 | $A="x"; 488 | unset($$A); |
489 |
| UNSET_DIM | 491 |Unset the entry of array-value, which is specified by index | 492 |UNSET_DIM $A 0 493 | unset($A[0]); |
494 |
| UNSET_OBJ | 496 |Unset the property of the current object | 497 |UNSET_OBJ<8> $A "test" 498 | unset($A->test); |
499 |
| FE_RESET_R | 501 |Initialize an iterator on array-value. If the array is empty, jump to address. | 502 |#0 ASSIGN $a array(3) 503 | #1 FE_RESET_R $a J5 @1 504 | #2 FE_FETCH_R<96> @1 $num 505 | #3 ECHO<1> $num 506 | #4 JMP J2 507 | #5 FE_FREE @1 508 | $a = array(1,2,3); 509 | foreach($a as $num){ 510 | print $num; } |
511 |
| FE_FETCH_R | 513 |Fetch an element from iterator. If no element is available, jump to the address that FE_RESET_R opcode setted. |
514 | Could see FE_RESET_R part. | 515 |
| EXIT | 517 |Exit running after dumping "message". | 518 |EXIT "foo" 519 | die("foo"); |
520 |
| FETCH_R | 522 |fetch Variable variables. | 523 |ASSIGN $a "x" 524 | FETCH_R<4> $a ~1 525 | ECHO ~1 526 | $a="x"; 527 | echo $$a; |
528 |
| FETCH_DIM_R | 530 |fetch value of variables by index. | 531 |FETCH_R<4> $a ~1 532 | FETCH_DIM_R ~1 0 ~2 533 | ECHO ~2 534 | echo $$a[0]; 535 | FETCH_DIM_R $x 0 536 | $x[0]; |
537 |
| FETCH_OBJ_R | 539 |fetch property value of Variable variables | 540 |FETCH_R<4> $a ~1 541 | FETCH_OBJ_R ~1 "test" ~2 542 | ECHO ~2 543 | echo($$a->test); 544 | |
545 |
| FETCH_W | 547 |fetch Variable variables and make it writable. | 548 |ASSIGN $x 1 549 | ASSIGN $a "x" 550 | FETCH_W<4> $a @2 551 | ASSIGN @2 2 552 | $x=1; 553 | $a="x"; 554 | $$a=2; |
555 |
| FETCH_DIM_W | 557 |fetch Variable variables by index and make it writable. | 558 |FETCH_DIM_W $x 0 @0 559 | ASSIGN_DIM @0 1 560 | OP_DATA 2 561 | $x[0][1]=2; |
562 |
| FETCH_OBJ_W | 564 |fetch property value of Variable variables and make it writable. | 565 |FETCH_OBJ_W $x "t" @0 566 | ASSIGN_OBJ<16> @0 "test" 567 | OP_DATA 1 568 | $x->t->test=1; |
569 |
| FETCH_RW | 571 |fetch value of Variable variables. | 572 |FETCH_RW<4> $a @0 573 | POST_INC @0; 574 | $$a++; |
575 |
| FETCH_DIM_RW | 577 |fetch value of Variable variables by index. | 578 |FETCH_DIM_RW $a 0 @0 579 | POST_INC @0 580 | $a[0]++; |
581 |
| FETCH_OBJ_RW | 583 |fetch property value of Variable variables | 584 |FETCH_OBJ_RW $a "b" @0 585 | POST_INC_OBJ<16> @0 "c" 586 | $a->b->c++; |
587 |
| FETCH_IS | 589 |Fetch the value from variable which is to be used to test if it is set or not, through isset()/isempty(). | 590 |FETCH_IS<2> "_GET" ~0 591 | ISSET_ISEMPTY_DIM_OBJ ~0 0 592 | isset($_GET[0]); |
593 |
| FETCH_DIM_IS | 595 |No php sample. | 596 |597 | |
| FETCH_OBJ_IS | 599 |No php sample. | 600 |601 | |
| FETCH_FUNC_ARG | 603 |fetch value of Variable variables as arg of function | 604 |INIT_FCALL_BY_NAME<1> "test" 605 | CHECK_FUNC_ARG 1 606 | FETCH_FUNC_ARG<4> $a @0 607 | SEND_FUNC_ARG @0 1 608 | DO_FCALL 609 | test($$a); |
610 |
| FETCH_DIM_FUNC_ARG | 612 |fetch value of variable by index as arg of function | 613 |INIT_FCALL_BY_NAME<1> "test" 614 | CHECK_FUNC_ARG 1 615 | FETCH_DIM_FUNC_ARG $a 0 @0 616 | SEND_FUNC_ARG @0 1 617 | DO_FCALL 618 | test($a[0]); |
619 |
| FETCH_OBJ_FUNC_ARG | 621 |fetch property value of variable as arg of function | 622 |INIT_FCALL_BY_NAME<1> "test" 623 | CHECK_FUNC_ARG 1 624 | FETCH_OBJ_FUNC_ARG $a "b" @0 625 | SEND_FUNC_ARG @0 1 626 | DO_FCALL 627 | test($a->b); |
628 |
| FETCH_UNSET | 630 |Fetch a variable for the purpose of unset() operation. | 631 |FETCH_UNSET<4> $A @1 632 | UNSET_DIM @1 0 633 | unset($$A[0]); |
634 |
| FETCH_DIM_UNSET | 636 |Fetch a variable by index for the purpose of unset() operation. | 637 |FETCH_DIM_UNSET $a 0 @0 638 | UNSET_OBJ @0 "b" 639 | unset($a[0]->b); |
640 |
| FETCH_OBJ_UNSET | 642 |Fetch a property value of variable for the purpose of unset() operation. | 643 |FETCH_OBJ_UNSET $a "b" @0 644 | UNSET_OBJ<16> @0 "c" 645 | unset($a->b->c); |
646 |
| FETCH_LIST_R | 648 |Fetch array list. | 649 |FETCH_LIST_R array(2) 0 @0 650 | ASSIGN $x @0 651 | FETCH_LIST_R array(2) 1 @2 652 | ASSIGN $b @2 653 | list($x,$b) = array("x","b"); 654 | |
655 |
| FETCH_DIM_TMP_VAR | 657 |No php sample in phpdbg | 658 |You could refer to FETCH_DIM_TMP_VAR | 659 |
| FETCH_CONSTANT | 661 |fetch value by const name. | 662 |FETCH_CONSTANT "A" ~0 663 | ECHO ~0 664 | echo A; |
665 |
| GOTO | 667 |No sample in phpdbg and vld, 668 | phpdbg use JMP opcode to control flow. |
669 | 670 | |
| EXT_STMT | 672 |No php sample | 673 |674 | |
| EXT_FCALL_BEGIN | 676 |No php sample | 677 |678 | |
| EXT_FCALL_END | 680 |No php sample | 681 |682 | |
| EXT_NOP | 684 |No php sample | 685 |686 | |
| TICKS | 688 |689 | | TICKS<100> 690 | declare(ticks=100); |
691 |
| SEND_VAR_NO_REF | 693 |No php sample | 694 |695 | |
| CATCH | 697 |catch when Exception get throw. | 698 |#0 THROW $t 699 | #1 JMP J4 700 | #2 CATCH<1> "A" $e 701 | #3 ECHO "catch" 702 | #4 RETURN<-1> 1 703 | try{throw $t} 704 | catch(A $e){echo "catch";} 705 | |
706 |
| THROW | 708 |throw some Exception. | 709 |THROW $t 710 | throw $t; |
711 |
| FETCH_CLASS | 713 |fetch static class | 714 |FETCH_CLASS $obj @0 715 | FETCH_CLASS_CONSTANT @0 "a" 716 | $obj::a; |
717 |
| FETCH_CLASS_CONSTANT | 719 |fetch static constant from class | 720 |Could see FETCH_CLASS part. | 721 |
| FETCH_STATIC_PROP_R | 723 |fetch static property value from class | 724 |FETCH_CLASS $obj @0 725 | FETCH_STATIC_PROP_R "a" @0 ~1 726 | $obj::$a; |
727 |
| FETCH_STATIC_PROP_RW | 729 |fetch static property value from class,same as FETCH_STATIC_PROP_R but make it readable and writable. | 730 |FETCH_CLASS $obj @0 731 | FETCH_STATIC_PROP_RW "a" @0 @1 732 | POST_INC @1 ~2 733 | $obj::$a++; |
734 |
| FETCH_STATIC_PROP_W | 736 |fetch static property value from class AND make it writable. | 737 |FETCH_CLASS $obj @0 738 | FETCH_STATIC_PROP_W "a" @0 @1 739 | ASSIGN @1 1 740 | $obj::$a=1; |
741 |
| CLONE | 743 |clone an object | 744 |CLONE $t ~0 745 | clone $t; |
746 |
| RETURN_BY_REF | 748 |No sample in phpdbg | 749 |750 | |
| INIT_METHOD_CALL | 752 |Prepare for a method call. Followed by DO_FCALL. | 753 |INIT_METHOD_CALL $obj "a" 754 | DO_FCALL 755 | $obj->a(); |
756 |
| INIT_STATIC_METHOD_CALL | 758 |Prepare for a static method call. Followed by DO_FCALL. | 759 |FETCH_CLASS $obj @0 760 | INIT_STATIC_METHOD_CALL @0 "a" 761 | DO_FCALL 762 | $obj::a(); |
763 |
| ISSET_ISEMPTY_CV | 765 |check wether a variable is setted and store the result. | 766 |ISSET_ISEMPTY_CV $a ~0 767 | isset($a); |
768 |
| ISSET_ISEMPTY_VAR | 770 |check wether a variable is setted and store the result. | 771 |ISSET_ISEMPTY_VAR<4> $a ~0 772 | isset($$a); |
773 |
| ISSET_ISEMPTY_DIM_OBJ | 775 |check wether a variable is setted by its index and store the result. | 776 |ISSET_ISEMPTY_DIM_OBJ $a 0 ~0 777 | isset($a[0]); |
778 |
| ZEND_SEND_VAL_EX | 780 |781 | | Could see SEND_VAL_EX part. | 782 |
| ZEND_SEND_VAR | 784 |785 | | Could see SEND_VAR part. | 786 |
| ZEND_INIT_USER_CALL | 788 |789 | | 790 | |
| ZEND_SEND_ARRAY | 792 |793 | | 794 | |
| ZEND_SEND_USER | 796 |797 | | 798 | |
| STRLEN | 800 |get length of string and store the result | 801 |STRLEN $a strlen($a); |
802 |
| DEFINED | 804 |805 | | 806 | |
| ZEND_TYPE_CHECK | 808 |809 | | 810 | |
| ZEND_VERIFY_RETURN_TYPE | 812 |813 | | 814 | |
| ZEND_FE_RESET_RW | 816 |817 | | 818 | |
| ZEND_FE_FETCH_RW | 820 |821 | | 822 | |
| ZEND_FE_FREE | 824 |825 | | 826 | |
| ZEND_INIT_DYNAMIC_CALL | 828 |829 | | 830 | |
| ZEND_DO_ICALL | 832 |833 | | 834 | |
| ZEND_DO_UCALL | 836 |837 | | 838 | |
| ZEND_DO_FCALL_BY_NAME | 840 |841 | | 842 | |
| PRE_INC_OBJ | 844 |Same as PRE_INC but operate to an object | 845 |PRE_INC_OBJ $obj "a" 846 | ++$obj->a; |
847 |
| PRE_DEC_OBJ | 849 |Same as PRE_DEC but operate to an object | 850 |PRE_DEC_OBJ $obj "a" --$obj->a; |
851 |
| POST_INC_OBJ | 853 |Same as POST_INC but operate to an object | 854 |POST_INC_OBJ $obj "a" ~0 855 | $obj->a++; |
856 |
| POST_DEC_OBJ | 858 |Same as POST_DEC but operate to an object | 859 |POST_DEC_OBJ $obj "a" ~0 860 | $obj->a--; |
861 |
| ASSIGN_OBJ | 863 |fetch an object and wait for OP_DATA opcode. | 864 |ASSIGN_OBJ $obj "a" 865 | OP_DATA $t 866 | $obj->a=$t; |
867 |
| INSTANCEOF | 869 |870 | | INSTANCEOF $a "A" ~0 871 | $a instanceof A; |
872 |
| DECLARE_CLASS | 874 |declare a class by name | 875 |JMPZ true JX 876 | DECLARE_CLASS "a" @0 877 | if(true){class A{}} |
878 |
| DECLARE_INHERITED_CLASS | 880 |when declare a class by name,if declared class extends other class,will execute this opcode. | 881 |JMPZ true JX 882 | DECLARE_INHERITED_CLASS "a" "C" @0 883 | if(true){ 884 | class a extends C{} } |
885 |
| DECLARE_FUNCTION | 887 |declare function by name | 888 |JMPZ true JX 889 | DECLARE_FUNCTION "test" 890 | if(true){ 891 | function test(){} 892 | } |
893 |
| RAISE_ABSTRACT_ERROR | 895 |896 | | 897 | |
| DECLARE_CONST | 899 |declare a const value | 900 |DECLARE_CONST "a" 1 901 | const a=1; |
902 |
| ADD_INTERFACE | 904 |when declare class by name,if declared class implements other interface,will execute this opcode. | 905 |JMPZ true JX 906 | DECLARE_CLASS "a" @0 907 | ADD_INTERFACE @0 "C" 908 | VERIFY_ABSTRACT_CLASS @0 909 | if(true){ 910 | class a implements C{} } |
911 |
| DECLARE_INHERITED_CLASS_DELAYED | 913 |914 | | 915 | |
| VERIFY_ABSTRACT_CLASS | 917 |918 | | Could see ADD_INTERFACE part. | 919 |
| ASSIGN_DIM | 921 |set value of variable by index,followed by OP_DATA. | 922 |ASSIGN_DIM $x 0 923 | OP_DATA 2 924 | $x[0]=2; |
925 |
| OP_DATA | 927 |set value after "ASSIGN" opcodes(such as ASSIGN_DIM,ASSIGN_OBJ...) executed. | 928 |Could see ASSIGN_DIM part. | 929 |
| ISSET_ISEMPTY_PROP_OBJ | 931 |check wether a property value of an object is setted and store the result | 932 |ISSET_ISEMPTY_PROP_OBJ $a "b" ~0 933 | isset($a->b); |
934 |
| HANDLE_EXCEPTION | 936 |937 | | 938 | |
| USER_OPCODE | 940 |941 | | 942 | |
| ZEND_ASSERT_CHECK | 944 |945 | | 946 | |
| JMP_SET | 948 |set the variable if value is not zero,otherwise jump to address | 949 |JMP_SET $b JX ~0 950 | QM_ASSIGN 2 ~0 951 | ASSIGN $t ~0 952 | $t=$b?:2; |
953 |
| DECLARE_LAMBDA_FUNCTION | 955 |956 | | DECLARE_LAMBDA_FUNCTION "\000{clousre}C:\\"+ ~0 957 | INIT_DYNAMIC_CALL ~0 958 | DO_FCALL 959 | (function(){return "phpinfo";})(); |
960 |
| ADD_TRAIT | 962 |followed by BIND_TRAITS | 963 |DECLARE_CLASS "a" @0 964 | ADD_TRAIT @0 "B" 965 | BIND_TRAITS @0 966 | class A{ 967 | use B; 968 | } |
969 |
| BIND_TRAITS | 971 |bind trait in class. | 972 |Could see ADD_TRAIT part. | 973 |
| ZEND_SEPARATE | 975 |976 | | 977 | |
| ZEND_FETCH_CLASS_NAME | 979 |980 | | 981 | |
| ZEND_CALL_TRAMPOLINE | 983 |984 | | 985 | |
| ZEND_DISCARD_EXCEPTION | 987 |988 | | 989 | |
| ZEND_YIELD | 991 |992 | | 993 | |
| ZEND_GENERATOR_RETURN | 995 |996 | | 997 | |
| ZEND_FAST_CALL | 999 |1000 | | 1001 | |
| ZEND_FAST_RET | 1003 |1004 | | 1005 | |
| ZEND_RECV_VARIADIC | 1007 |1008 | | 1009 | |
| ZEND_SEND_UNPACK | 1011 |1012 | | 1013 | |
| ZEND_POW | 1015 |1016 | | 1017 | |
| ZEND_ASSIGN_POW | 1019 |1020 | | 1021 | |
| ZEND_BIND_GLOBAL(vld) BIND_GLOBAL |
1023 | declare an global variable | 1024 |BIND_GLOBAL $a "a" 1025 | global $a; |
1026 |
| ZEND_COALESCE | 1028 |1029 | | 1030 | |
| ZEND_SPACESHIP | 1032 |1033 | | 1034 | |
| ZEND_DECLARE_ANON_CLASS | 1036 |1037 | | 1038 | |
| ZEND_DECLARE_ANON_INHERITED_CLASS | 1040 |1041 | | 1042 | |
| ZEND_FETCH_STATIC_PROP_R | 1044 |1045 | | 1046 | |
| ZEND_FETCH_STATIC_PROP_W | 1048 |1049 | | 1050 | |
| ZEND_FETCH_STATIC_PROP_RW | 1052 |1053 | | 1054 | |
| ZEND_FETCH_STATIC_PROP_IS | 1056 |1057 | | 1058 | |
| ZEND_FETCH_STATIC_PROP_FUNC_ARG | 1060 |1061 | | 1062 | |
| ZEND_FETCH_STATIC_PROP_UNSET | 1064 |1065 | | 1066 | |
| ZEND_UNSET_STATIC_PROP | 1068 |1069 | | 1070 | |
| ZEND_ISSET_ISEMPTY_STATIC_PROP | 1072 |1073 | | 1074 | |
| ZEND_FETCH_CLASS_CONSTANT | 1076 |1077 | | 1078 | |
| ZEND_BIND_LEXICAL | 1080 |1081 | | 1082 | |
| ZEND_BIND_STATIC | 1084 |1085 | | 1086 | |
| ZEND_FETCH_THIS | 1088 |1089 | | 1090 | |
| ZEND_SEND_FUNC_ARG | 1092 |1093 | | 1094 | |
| ZEND_ISSET_ISEMPTY_THIS | 1096 |1097 | | 1098 | |
| ZEND_SWITCH_LONG | 1100 |1101 | | 1102 | |
| ZEND_SWITCH_STRING | 1104 |1105 | | 1106 | |
| ZEND_IN_ARRAY | 1108 |1109 | | 1110 | |
| ZEND_COUNT | 1112 |1113 | | 1114 | |
| ZEND_GET_CLASS | 1116 |1117 | | 1118 | |
| ZEND_GET_CALLED_CLASS | 1120 |1121 | | 1122 | |
| ZEND_GET_TYPE | 1124 |1125 | | 1126 | |
| ZEND_FUNC_NUM_ARGS | 1128 |1129 | | 1130 | |
| ZEND_FUNC_GET_ARGS | 1132 |1133 | | 1134 | |
| ZEND_UNSET_CV | 1136 |1137 | | 1138 | |
Modify by:MG193.7 6 |
My Blog 7 |
My Github 8 |
Base on vld document 9 |
10 |
| Opcode name | 14 |Explanation | 15 |Example (phpdbg) | 16 |
| NOP | 19 |no operation | 20 |NOP | 21 |
| ADD | 24 |Adds "value1" to "value2" and stores the result into "result". | 25 |ADD 1 2 ~0 26 | $a = 1+2; |
27 |
| SUB | 30 |Subtracts "value2" from "value1" and stores the result into "result". | 31 |SUB 2 1 ~0 32 | $a = 2-1; |
33 |
| MUL | 36 |Multiplys "value1" by "value2" and stores the result into "result". | 37 |MUL 1 2 ~0 38 | $a = 1*2; |
39 |
| DIV | 42 |Divides "value1" by "value2" and stores the result into "result". | 43 |DIV 6 3 ~0 44 | $a = 6/3; |
45 |
| MOD | 47 |Makes the value of "result" congruent to "value1" modulo "value2". | 48 |MOD 6 3 ~0 49 | $a = 6%3; |
50 |
| SL | 52 |Shift bits of value1 to the left value2 steps (each step means "multiply by two") | 53 |SL 8 2 ~0 54 | $a = 8<<2; |
55 |
| SR | 57 |Shift bits of value1 to the right value2 steps (each step means "divide by two") | 58 |SR 8 2 ~0 59 | $a = 8>>2; |
60 |
| CONCAT | 62 |Concats string values string1 and string2 | 63 |CONCAT "A" "B" ~0 64 | echo "A"."B"; |
65 |
| BW_OR | 67 |Bit-wise or of value1 and value2 | 68 |BW_OR 1 2 ~0 69 | echo 1|2; |
70 |
| BW_AND | 72 |Bit-wise and of value1 and value2 | 73 |BW_AND 1 2 ~0 74 | echo 1&2; |
75 |
| BW_XOR | 77 |Bit-wise xor of value1 and value2 | 78 |BW_XOR 1 2 ~0 79 | echo 1^2; |
80 |
| BW_NOT | 82 |Bit-wise not of "value" | 83 |BW_NOT 15 ~0 84 | echo ~15; |
85 |
| BOOL_NOT | 87 |Boolean (logical) not of "value" | 88 |BOOL_NOT 1 ~0 89 | echo !1; |
90 |
| BOOL_XOR | 92 |Boolean (logical) xor of value1 | 93 |BOOL 1 2 ~0 94 | echo 1 xor 2; |
95 |
| IS_IDENTICAL | 97 |Compares value1 and value2 to see if they are equal AND have the same type | 98 |IS_IDENTICAL 1 1 ~0 99 | echo (1===1); |
100 |
| IS_NOT_IDENTICAL | 102 |compares value1 and value2 to see if they are unequal or of different types | 103 |IS_NOT_IDENTICAL 1 1 ~0 104 | echo (1!==1); |
105 |
| IS_EQUAL | 107 |compares if value1 and value2 are equal | 108 |IS_EQUAL 1 1 ~0 109 | echo (1==1); |
110 |
| IS_NOT_EQUAL | 112 |compares if value1 and value2 are not equal | 113 |IS_NOT_EQUAL 1 1 ~0 114 | echo (1!=1); |
115 |
| IS_SMALLER | 117 |compares if value1 is less than value2 | 118 |IS_SMALLER1 1 2 ~0 119 | echo (1 < 2); |
120 |
| IS_SMALLER_OR_EQUAL | 122 |compares if value1 is less than or equal to value2 | 123 |IS_SMALLER_OR_EQUAL 2 1 ~0 124 | echo (2<=1); |
125 |
| CAST | 127 |casts value1 as type value2 (type in extended_value) | 128 |CAST<4> 1 ~0 129 | echo (int)1; |
130 |
| QM_ASSIGN | 132 |Question Mark Assign, used twice inside a question mark assign to temporarily assign result as value1 (this is followed up with an ASSIGN bytecode) | 133 |
134 | JMPZ 1 J3 135 | QM_ASSIGN 1 ~0 136 | JMP J4 137 | QM_ASSIGN 2 ~0 138 | ECHO ~0 139 | echo (1?1:2); 140 | |
141 |
| ASSIGN_ADD | 143 |Add value1 to value2 and store in variable indicated by value1 | 144 |ASSIGN_ADD $a 2 145 | $a+=2; |
146 |
| ASSIGN_SUB | 148 |Subtract value1 from value2 and store in variable indicated by value1 | 149 |ASSIGN_SUB $a 2 150 | $a-=2; |
151 |
| ASSIGN_MUL | 153 |Multiply result by value1 and store in variable indicated by result | 154 |ASSIGN_MUL $a 2 155 | $a*=2; |
156 |
| ASSIGN_DIV | 158 |Divide result by value1and store in variable indicated by result. | 159 |ASSIGN_DIV $a 2 160 | $a/=2; |
161 |
| ASSIGN_MOD | 163 |Perform result mod value1 and store in variable indicated by result | 164 |ASSIGN_MOD $a 2 165 | $a%=2; |
166 |
| ASSIGN_SL | 168 |Shift result by value1 bits to left and store in variable indicated by result | 169 |ASSIGN_SL $a 2 170 | $a<<=2; |
171 |
| ASSIGN_SR | 173 |Shift result by value1 bits to right and store in variable indicated by result | 174 |ASSIGN_SR $a 2 175 | $a>>=2; |
176 |
| ASSIGN_CONCAT | 178 |Concats string values result and value1 and store in variable indicated by result | 179 |ASSIGN_CONCAT $a 'z' 180 | $a.='z'; |
181 |
| ASSIGN_BW_OR | 183 |Performs binary OR on result and value1 and stores in variable indicated by result. | 184 |ASSIGN_BW_OR $a 64 185 | $a|=64; |
186 |
| ASSIGN_BW_AND | 188 |Performs binary AND on result and value1 and stores in variable indicated by result. | 189 |ASSIGN_BW_AND $a 64 190 | $a &=64; |
191 |
| ASSIGN_BW_XOR | 193 |Performs binary XOR on result and value1and stores in variable indicated by result. | 194 |ASSIGN_BW_XOR $a 64 195 | $a ^=64; |
196 |
| PRE_INC | 198 |increments variable indicated by value1 by 1 (before performing other operations) and stores in result | 199 |PRE_INC $a 200 | ++$a; |
201 |
| PRE_DEC | 203 |decrements variable indicated by value1 by 1 (before performing other operations) and stores in results | 204 |PRE_DEC $a 205 | --$a; |
206 |
| POST_INC | 208 |increments variable indicated by value1 by 1 (after performing other operations) and stores in result | 209 |POST_INC $a ~0 210 | $a++; |
211 |
| POST_DEC | 213 |decrements variable indicated by value1 by 1 (after performing other operations) and stores in result | 214 |POST_DEC $a ~0 215 | $a--; |
216 |
| ASSIGN | 218 |assigns value1 to result | 219 |ASSIGN $a $b 220 | $a=$b; |
221 |
| ASSIGN_REF | 223 |UNKNOW in phpdbg. 224 | Maybe you could refer to ASSIGN_REF |
225 | UNKNOW | 226 |
| ECHO | 228 |Dump text | 229 |ECHO "hello world" 230 | echo "hello world"; |
231 |
| Same as ECHO? | 234 |ECHO<1> "hello world" 235 | print 'hello world'; 236 | If you want to refer the opcodes in vld, you could see PRINT 237 | |
238 | |
| JMP | 240 |Unconditonally jump to the address | 241 |#0 IS_EQUAL $a "a" ~0 242 | #1 JMPZ ~0 J4 243 | #2 ECHO 1 244 | #3 JMP J5 245 | #4 ECHO 2 246 | #5 RETURN<-1> 1 247 | if($a=="a"){echo 1;}else{echo 2;} |
248 |
| JMPZ | 250 |Jump to the address if the value is zero | 251 |You could see the opcodes in JMP | 252 |
| JMPNZ | 254 |Jump to the address if the value is not zero | 255 |... 256 | JMPNZ ~0 JX 257 | ... 258 | if($b!=0){...} 259 | |
260 |
| JMPZNZ | 262 |Jump to the address given in the operands if the value is zero; jump to the address given in extended data if nonzero. |
263 | UNKNOW in phpdbg 264 | You could refer to JMPZNZ |
265 |
| JMPZ_EX | 267 |Jump to the address if the value is zero. | 268 |#0 JMPZ_EX $a J2 ~0 269 | #1 BOOL true ~0 270 | #2 JMPZ ~0 271 | #3 RETURN<-1> 1 272 | if($a&&true){} |
273 |
| JMPNZ_EX | 275 |Jump to the address if the value is not zero. | 276 |#0 JMPZ_EX $a J2 ~0 277 | #1 BOOL true ~0 278 | #2 JMPZ ~0 279 | #3 RETURN<-1> 1 280 | if($a||true){} |
281 |
| CASE | 283 |UNKNOW | 284 |Do not found CASE opcode in phpdbg, 285 | You could refer to CASE |
286 |
| SWITCH_FREE | 288 |Release the allocated space of "value"? | 289 |Do not found SWITCH_FREE in phpdbg, 290 | You could refer to SWITCH_FREE 291 | |
292 |
| BRK | 294 |It means "break" in vld, But not found this opcode in phpdbg. 295 | If you want to break in while-loop(or something else),phpdbg will simply use JMP opcode jump out the loop,instead of use "BRK" opcode. |
296 | #0 JMP J2 297 | #1 JMP J3 298 | #2 JMPNZ 1 J1 299 | #3 RETURN<-1> 1 300 | while(1){break;} 301 | You also could see BRK |
302 |
| CONT | 304 |Same as BRK opcode, 305 | this opcode means "continue" in vld, 306 | But not found this opcode in phpdbg. 307 | phpdbg still use JMP to control the flow in loop. |
308 | You could refer to CONT | 309 |
| BOOL | 311 |convert value to boolean and store in result | 312 |#0 JMPZ_EX $a J2 ~0 313 | #1 BOOL true ~0 314 | #2 JMPZ ~0 315 | #3 RETURN<-1> 1 316 | if($a&&true){} |
317 |
| ROPE_INIT | 319 |when create a string that cotains variable, 320 | this opcode used to init this string and store the string of begining part to result |
321 | ROPE_INIT<3> "Test" ~1 322 | ROPE_ADD<1> ~1 $a ~1 323 | ROPE_END<2> ~1 " Test" ~0 324 | ECHO ~0 325 | echo "Test$a Test"; |
326 |
| ROPE_ADD | 328 |after ROPE_INIT opcode,continue add a variable to string,and store the string to result. | 329 |Could see ROPE_INIT part | 330 |
| ROPE_END | 332 |after ROPE_INIT opcode,continue add a string to the whole string,and treat the string just added as the end of the whole string. | 333 |Could see ROPE_INIT part | 334 |
| FAST_CONCAT | 336 |concats value1 and value2,than stored it to the result | 337 |
338 | FAST_CONCAT "Test" $a ~0 339 | ECHO ~0 340 | echo "Test$a"; 341 | |
342 |
| BEGIN_SILENCE | 344 |prepare to perform function call without displaying error messages | 345 |BEGIN_SILENCE ~0 346 | INIT_FCALL<1> 96 "file" SEND_VAL"non_existent_file" 1 347 | DO_ICALL @1 348 | END_SILENCE ~0 349 | ASSIGN $a @1 350 | RETURN<-1> 1 351 | $a = @file("non_existent_file"); |
352 |
| END_SILENCE | 354 |no longer surpress error messages | 355 |See BEGIN_SILENCE part | 356 |
| INIT_FCALL | 358 |init a function going to call | 359 |INIT_FCALL<1> 96 "abs" 360 | SEND_VAL 2 1 361 | DO_ICALL 362 | abs(2); |
363 |
| INIT_DYNAMIC_CALL | 365 |call to function dynamicly | 366 |ASSIGN $x "phpinfo" 367 | INIT_DYNAMIC_CALL $x 368 | DO_FCALL 369 | $x = 'phpinfo'; $x(); |
370 |
| INIT_FCALL_BY_NAME | 372 |call to function | 373 |INIT_FCALL_BY_NAME "test" 374 | DO_FCALL @1 375 | ASSIGN $a @1 376 | $a = test(); |
377 |
| DO_FCALL | 379 |Call a function. 380 | If the result of called function was stored to a variable,this opcode must take a result! |
381 | See INIT_DYNAMIC_CALL and INIT_FCALL_BY_NAME part | 382 |
| DO_FCALL_BY_NAME | 384 |Call a function by name. | 385 |UNKNOW in phpdbg, 386 | You could see DO_FCALL_BY_NAME |
387 |
| RETURN | 389 |Return value from a funciton. | 390 |RETURN 1 391 | return 1; |
392 |
| RECV | 394 |Receive the number of functoin arguments | 395 |RECV 1 $a 396 | RETURN<-1> null 397 | function test($a){} |
398 |
| RECV_INIT | 400 |Initialize a function argument with "value" if not received from caller. 401 | Otherwise same as RECV. |
402 | RECV_INIT 1 "test" $t 403 | RETURN<-1> null 404 | function a($t="test"){} |
405 |
| SEND_VAL | 407 |Pass the constant value as an actual parameter to a function. | 408 |INIT_FCALL<2> 112 "hello" 409 | SEND_VAL "world" 1 410 | SEND_VAL "ok" 2 411 | DO_FCALL 412 | hello("world","ok"); |
413 |
| SEND_VAL_EX | 415 |Pass the constant value as an actual parameter to a function.Same as SEND_VAL_EX | 416 |INIT_FCALL_BY_NAME<2> "hello" 417 | SEND_VAL_EX "world" 1 418 | SEND_VAL_EX "ok" 2 419 | DO_FCALL 420 | hello("world","ok"); |
421 |
| SEND_VAR | 423 |Pass the variable value as an actual parameter to a function. | 424 |ASSIGN $a 1 425 | INIT_FCALL<1> 96 "abs" 426 | SEND_VAR $a 1 427 | DO_ICALL 428 | $a=1;abs($a); |
429 |
| SEND_VAR_EX | 431 |Pass the variable value as an actual parameter to a function.Same as SEND_VAR. | 432 |ASSIGN $a 1 433 | INIT_FCALL_BY_NAME<1> "test" 434 | SEND_VAR_EX $a 1 435 | DO_ICALL 436 | $a=1;test($a); |
437 |
| SEND_REF | 439 |Pass the reference value as an actual parameter to a function. | 440 |INIT_FCALL<1> 96 "each" 441 | SEND_REF $a 1 442 | DO_ICALL 443 | @each($a); |
444 |
| NEW | 446 |Construct an instance of "type" and store the reference to the object into "result". | 447 |NEW<2> "A" @1 448 | SEND_VAL_EX "a" 1 449 | DO_FCALL 450 | FREE @1 451 | new A("a"); 452 | |
453 |
| INIT_NS_FCALL_BY_NAME | 455 |No sample in vld or phpdbg. | 456 |UNKNOW | 457 |
| FREE | 459 |Release the allocated space of the value. | 460 |Could see NEW part | 461 |
| INIT_ARRAY | 463 |Allocate a new array with elem-value as the first element of the array. | 464 |UNKNOW in phpdbg, 465 | You could refer to INIT_ARRAY |
466 |
| ADD_ARRAY_ELEMENT | 468 |Add elem-value as an element to array-value | 469 |UNKNOW in phpdbg, 470 | You could refer to ADD_ARRAY_ELEMENT |
471 |
| INCLUDE_OR_EVAL | 473 |Include the file specified by filename and eval it. | 474 |INCLUDE_OR_EVAL<2> "test.php" 475 | INCLUDE_OR_EVAL<1> "echo 1;" 476 | include "test.php"; 477 | eval("echo 1;"); |
478 |
| UNSET_CV | 480 |Unset the variable. | 481 |UNSET_CV $A 482 | unset($A); |
483 |
| UNSET_VAR | 485 |Unset the variable. | 486 |ASSIGN $A "x" 487 | UNSET_VAR<4> $A 488 | $A="x"; 489 | unset($$A); |
490 |
| UNSET_DIM | 492 |Unset the entry of array-value, which is specified by index | 493 |UNSET_DIM $A 0 494 | unset($A[0]); |
495 |
| UNSET_OBJ | 497 |Unset the property of the current object | 498 |UNSET_OBJ<8> $A "test" 499 | unset($A->test); |
500 |
| FE_RESET_R | 502 |Initialize an iterator on array-value. If the array is empty, jump to address. | 503 |#0 ASSIGN $a array(3) 504 | #1 FE_RESET_R $a J5 @1 505 | #2 FE_FETCH_R<96> @1 $num 506 | #3 ECHO<1> $num 507 | #4 JMP J2 508 | #5 FE_FREE @1 509 | $a = array(1,2,3); 510 | foreach($a as $num){ 511 | print $num; } |
512 |
| FE_FETCH_R | 514 |Fetch an element from iterator. If no element is available, jump to the address that FE_RESET_R opcode setted. |
515 | Could see FE_RESET_R part. | 516 |
| EXIT | 518 |Exit running after dumping "message". | 519 |EXIT "foo" 520 | die("foo"); |
521 |
| FETCH_R | 523 |fetch Variable variables. | 524 |ASSIGN $a "x" 525 | FETCH_R<4> $a ~1 526 | ECHO ~1 527 | $a="x"; 528 | echo $$a; |
529 |
| FETCH_DIM_R | 531 |fetch value of variables by index. | 532 |FETCH_R<4> $a ~1 533 | FETCH_DIM_R ~1 0 ~2 534 | ECHO ~2 535 | echo $$a[0]; 536 | FETCH_DIM_R $x 0 537 | $x[0]; |
538 |
| FETCH_OBJ_R | 540 |fetch property value of Variable variables | 541 |FETCH_R<4> $a ~1 542 | FETCH_OBJ_R ~1 "test" ~2 543 | ECHO ~2 544 | echo($$a->test); 545 | |
546 |
| FETCH_W | 548 |fetch Variable variables and make it writable. | 549 |ASSIGN $x 1 550 | ASSIGN $a "x" 551 | FETCH_W<4> $a @2 552 | ASSIGN @2 2 553 | $x=1; 554 | $a="x"; 555 | $$a=2; |
556 |
| FETCH_DIM_W | 558 |fetch Variable variables by index and make it writable. | 559 |FETCH_DIM_W $x 0 @0 560 | ASSIGN_DIM @0 1 561 | OP_DATA 2 562 | $x[0][1]=2; |
563 |
| FETCH_OBJ_W | 565 |fetch property value of Variable variables and make it writable. | 566 |FETCH_OBJ_W $x "t" @0 567 | ASSIGN_OBJ<16> @0 "test" 568 | OP_DATA 1 569 | $x->t->test=1; |
570 |
| FETCH_RW | 572 |fetch value of Variable variables. | 573 |FETCH_RW<4> $a @0 574 | POST_INC @0; 575 | $$a++; |
576 |
| FETCH_DIM_RW | 578 |fetch value of Variable variables by index. | 579 |FETCH_DIM_RW $a 0 @0 580 | POST_INC @0 581 | $a[0]++; |
582 |
| FETCH_OBJ_RW | 584 |fetch property value of Variable variables | 585 |FETCH_OBJ_RW $a "b" @0 586 | POST_INC_OBJ<16> @0 "c" 587 | $a->b->c++; |
588 |
| FETCH_IS | 590 |Fetch the value from variable which is to be used to test if it is set or not, through isset()/isempty(). | 591 |FETCH_IS<2> "_GET" ~0 592 | ISSET_ISEMPTY_DIM_OBJ ~0 0 593 | isset($_GET[0]); |
594 |
| FETCH_DIM_IS | 596 |No php sample. | 597 |598 | |
| FETCH_OBJ_IS | 600 |No php sample. | 601 |602 | |
| FETCH_FUNC_ARG | 604 |fetch value of Variable variables as arg of function | 605 |INIT_FCALL_BY_NAME<1> "test" 606 | CHECK_FUNC_ARG 1 607 | FETCH_FUNC_ARG<4> $a @0 608 | SEND_FUNC_ARG @0 1 609 | DO_FCALL 610 | test($$a); |
611 |
| FETCH_DIM_FUNC_ARG | 613 |fetch value of variable by index as arg of function | 614 |INIT_FCALL_BY_NAME<1> "test" 615 | CHECK_FUNC_ARG 1 616 | FETCH_DIM_FUNC_ARG $a 0 @0 617 | SEND_FUNC_ARG @0 1 618 | DO_FCALL 619 | test($a[0]); |
620 |
| FETCH_OBJ_FUNC_ARG | 622 |fetch property value of variable as arg of function | 623 |INIT_FCALL_BY_NAME<1> "test" 624 | CHECK_FUNC_ARG 1 625 | FETCH_OBJ_FUNC_ARG $a "b" @0 626 | SEND_FUNC_ARG @0 1 627 | DO_FCALL 628 | test($a->b); |
629 |
| FETCH_UNSET | 631 |Fetch a variable for the purpose of unset() operation. | 632 |FETCH_UNSET<4> $A @1 633 | UNSET_DIM @1 0 634 | unset($$A[0]); |
635 |
| FETCH_DIM_UNSET | 637 |Fetch a variable by index for the purpose of unset() operation. | 638 |FETCH_DIM_UNSET $a 0 @0 639 | UNSET_OBJ @0 "b" 640 | unset($a[0]->b); |
641 |
| FETCH_OBJ_UNSET | 643 |Fetch a property value of variable for the purpose of unset() operation. | 644 |FETCH_OBJ_UNSET $a "b" @0 645 | UNSET_OBJ<16> @0 "c" 646 | unset($a->b->c); |
647 |
| FETCH_LIST_R | 649 |Fetch array list. | 650 |FETCH_LIST_R array(2) 0 @0 651 | ASSIGN $x @0 652 | FETCH_LIST_R array(2) 1 @2 653 | ASSIGN $b @2 654 | list($x,$b) = array("x","b"); 655 | |
656 |
| FETCH_DIM_TMP_VAR | 658 |No php sample in phpdbg | 659 |You could refer to FETCH_DIM_TMP_VAR | 660 |
| FETCH_CONSTANT | 662 |fetch value by const name. | 663 |FETCH_CONSTANT "A" ~0 664 | ECHO ~0 665 | echo A; |
666 |
| GOTO | 668 |No sample in phpdbg and vld, 669 | phpdbg use JMP opcode to control flow. |
670 | 671 | |
| EXT_STMT | 673 |No php sample | 674 |675 | |
| EXT_FCALL_BEGIN | 677 |No php sample | 678 |679 | |
| EXT_FCALL_END | 681 |No php sample | 682 |683 | |
| EXT_NOP | 685 |No php sample | 686 |687 | |
| TICKS | 689 |690 | | TICKS<100> 691 | declare(ticks=100); |
692 |
| SEND_VAR_NO_REF | 694 |No php sample | 695 |696 | |
| CATCH | 698 |catch when Exception get throw. | 699 |#0 THROW $t 700 | #1 JMP J4 701 | #2 CATCH<1> "A" $e 702 | #3 ECHO "catch" 703 | #4 RETURN<-1> 1 704 | try{throw $t} 705 | catch(A $e){echo "catch";} 706 | |
707 |
| THROW | 709 |throw some Exception. | 710 |THROW $t 711 | throw $t; |
712 |
| FETCH_CLASS | 714 |fetch static class | 715 |FETCH_CLASS $obj @0 716 | FETCH_CLASS_CONSTANT @0 "a" 717 | $obj::a; |
718 |
| FETCH_CLASS_CONSTANT | 720 |fetch static constant from class | 721 |Could see FETCH_CLASS part. | 722 |
| FETCH_STATIC_PROP_R | 724 |fetch static property value from class | 725 |FETCH_CLASS $obj @0 726 | FETCH_STATIC_PROP_R "a" @0 ~1 727 | $obj::$a; |
728 |
| FETCH_STATIC_PROP_RW | 730 |fetch static property value from class,same as FETCH_STATIC_PROP_R but make it readable and writable. | 731 |FETCH_CLASS $obj @0 732 | FETCH_STATIC_PROP_RW "a" @0 @1 733 | POST_INC @1 ~2 734 | $obj::$a++; |
735 |
| FETCH_STATIC_PROP_W | 737 |fetch static property value from class AND make it writable. | 738 |FETCH_CLASS $obj @0 739 | FETCH_STATIC_PROP_W "a" @0 @1 740 | ASSIGN @1 1 741 | $obj::$a=1; |
742 |
| CLONE | 744 |clone an object | 745 |CLONE $t ~0 746 | clone $t; |
747 |
| RETURN_BY_REF | 749 |No sample in phpdbg | 750 |751 | |
| INIT_METHOD_CALL | 753 |Prepare for a method call. Followed by DO_FCALL. | 754 |INIT_METHOD_CALL $obj "a" 755 | DO_FCALL 756 | $obj->a(); |
757 |
| INIT_STATIC_METHOD_CALL | 759 |Prepare for a static method call. Followed by DO_FCALL. | 760 |FETCH_CLASS $obj @0 761 | INIT_STATIC_METHOD_CALL @0 "a" 762 | DO_FCALL 763 | $obj::a(); |
764 |
| ISSET_ISEMPTY_CV | 766 |check wether a variable is setted and store the result. | 767 |ISSET_ISEMPTY_CV $a ~0 768 | isset($a); |
769 |
| ISSET_ISEMPTY_VAR | 771 |check wether a variable is setted and store the result. | 772 |ISSET_ISEMPTY_VAR<4> $a ~0 773 | isset($$a); |
774 |
| ISSET_ISEMPTY_DIM_OBJ | 776 |check wether a variable is setted by its index and store the result. | 777 |ISSET_ISEMPTY_DIM_OBJ $a 0 ~0 778 | isset($a[0]); |
779 |
| ZEND_SEND_VAL_EX | 781 |782 | | Could see SEND_VAL_EX part. | 783 |
| ZEND_SEND_VAR | 785 |786 | | Could see SEND_VAR part. | 787 |
| ZEND_INIT_USER_CALL | 789 |790 | | 791 | |
| ZEND_SEND_ARRAY | 793 |794 | | 795 | |
| ZEND_SEND_USER | 797 |798 | | 799 | |
| STRLEN | 801 |get length of string and store the result | 802 |STRLEN $a strlen($a); |
803 |
| DEFINED | 805 |806 | | 807 | |
| ZEND_TYPE_CHECK | 809 |810 | | 811 | |
| ZEND_VERIFY_RETURN_TYPE | 813 |814 | | 815 | |
| ZEND_FE_RESET_RW | 817 |818 | | 819 | |
| ZEND_FE_FETCH_RW | 821 |822 | | 823 | |
| ZEND_FE_FREE | 825 |826 | | 827 | |
| ZEND_INIT_DYNAMIC_CALL | 829 |830 | | 831 | |
| ZEND_DO_ICALL | 833 |834 | | 835 | |
| ZEND_DO_UCALL | 837 |838 | | 839 | |
| ZEND_DO_FCALL_BY_NAME | 841 |842 | | 843 | |
| PRE_INC_OBJ | 845 |Same as PRE_INC but operate to an object | 846 |PRE_INC_OBJ $obj "a" 847 | ++$obj->a; |
848 |
| PRE_DEC_OBJ | 850 |Same as PRE_DEC but operate to an object | 851 |PRE_DEC_OBJ $obj "a" --$obj->a; |
852 |
| POST_INC_OBJ | 854 |Same as POST_INC but operate to an object | 855 |POST_INC_OBJ $obj "a" ~0 856 | $obj->a++; |
857 |
| POST_DEC_OBJ | 859 |Same as POST_DEC but operate to an object | 860 |POST_DEC_OBJ $obj "a" ~0 861 | $obj->a--; |
862 |
| ASSIGN_OBJ | 864 |fetch an object and wait for OP_DATA opcode. | 865 |ASSIGN_OBJ $obj "a" 866 | OP_DATA $t 867 | $obj->a=$t; |
868 |
| INSTANCEOF | 870 |871 | | INSTANCEOF $a "A" ~0 872 | $a instanceof A; |
873 |
| DECLARE_CLASS | 875 |declare a class by name | 876 |JMPZ true JX 877 | DECLARE_CLASS "a" @0 878 | if(true){class A{}} |
879 |
| DECLARE_INHERITED_CLASS | 881 |when declare a class by name,if declared class extends other class,will execute this opcode. | 882 |JMPZ true JX 883 | DECLARE_INHERITED_CLASS "a" "C" @0 884 | if(true){ 885 | class a extends C{} } |
886 |
| DECLARE_FUNCTION | 888 |declare function by name | 889 |JMPZ true JX 890 | DECLARE_FUNCTION "test" 891 | if(true){ 892 | function test(){} 893 | } |
894 |
| RAISE_ABSTRACT_ERROR | 896 |897 | | 898 | |
| DECLARE_CONST | 900 |declare a const value | 901 |DECLARE_CONST "a" 1 902 | const a=1; |
903 |
| ADD_INTERFACE | 905 |when declare class by name,if declared class implements other interface,will execute this opcode. | 906 |JMPZ true JX 907 | DECLARE_CLASS "a" @0 908 | ADD_INTERFACE @0 "C" 909 | VERIFY_ABSTRACT_CLASS @0 910 | if(true){ 911 | class a implements C{} } |
912 |
| DECLARE_INHERITED_CLASS_DELAYED | 914 |915 | | 916 | |
| VERIFY_ABSTRACT_CLASS | 918 |919 | | Could see ADD_INTERFACE part. | 920 |
| ASSIGN_DIM | 922 |set value of variable by index,followed by OP_DATA. | 923 |ASSIGN_DIM $x 0 924 | OP_DATA 2 925 | $x[0]=2; |
926 |
| OP_DATA | 928 |set value after "ASSIGN" opcodes(such as ASSIGN_DIM,ASSIGN_OBJ...) executed. | 929 |Could see ASSIGN_DIM part. | 930 |
| ISSET_ISEMPTY_PROP_OBJ | 932 |check wether a property value of an object is setted and store the result | 933 |ISSET_ISEMPTY_PROP_OBJ $a "b" ~0 934 | isset($a->b); |
935 |
| HANDLE_EXCEPTION | 937 |938 | | 939 | |
| USER_OPCODE | 941 |942 | | 943 | |
| ZEND_ASSERT_CHECK | 945 |946 | | 947 | |
| JMP_SET | 949 |set the variable if value is not zero,otherwise jump to address | 950 |JMP_SET $b JX ~0 951 | QM_ASSIGN 2 ~0 952 | ASSIGN $t ~0 953 | $t=$b?:2; |
954 |
| DECLARE_LAMBDA_FUNCTION | 956 |957 | | DECLARE_LAMBDA_FUNCTION "\000{clousre}C:\\"+ ~0 958 | INIT_DYNAMIC_CALL ~0 959 | DO_FCALL 960 | (function(){return "phpinfo";})(); |
961 |
| ADD_TRAIT | 963 |followed by BIND_TRAITS | 964 |DECLARE_CLASS "a" @0 965 | ADD_TRAIT @0 "B" 966 | BIND_TRAITS @0 967 | class A{ 968 | use B; 969 | } |
970 |
| BIND_TRAITS | 972 |bind trait in class. | 973 |Could see ADD_TRAIT part. | 974 |
| ZEND_SEPARATE | 976 |977 | | 978 | |
| ZEND_FETCH_CLASS_NAME | 980 |981 | | 982 | |
| ZEND_CALL_TRAMPOLINE | 984 |985 | | 986 | |
| ZEND_DISCARD_EXCEPTION | 988 |989 | | 990 | |
| ZEND_YIELD | 992 |993 | | 994 | |
| ZEND_GENERATOR_RETURN | 996 |997 | | 998 | |
| ZEND_FAST_CALL | 1000 |1001 | | 1002 | |
| ZEND_FAST_RET | 1004 |1005 | | 1006 | |
| ZEND_RECV_VARIADIC | 1008 |1009 | | 1010 | |
| ZEND_SEND_UNPACK | 1012 |1013 | | 1014 | |
| ZEND_POW | 1016 |1017 | | 1018 | |
| ZEND_ASSIGN_POW | 1020 |1021 | | 1022 | |
| ZEND_BIND_GLOBAL(vld) BIND_GLOBAL |
1024 | declare an global variable | 1025 |BIND_GLOBAL $a "a" 1026 | global $a; |
1027 |
| ZEND_COALESCE | 1029 |1030 | | 1031 | |
| ZEND_SPACESHIP | 1033 |1034 | | 1035 | |
| ZEND_DECLARE_ANON_CLASS | 1037 |1038 | | 1039 | |
| ZEND_DECLARE_ANON_INHERITED_CLASS | 1041 |1042 | | 1043 | |
| ZEND_FETCH_STATIC_PROP_R | 1045 |1046 | | 1047 | |
| ZEND_FETCH_STATIC_PROP_W | 1049 |1050 | | 1051 | |
| ZEND_FETCH_STATIC_PROP_RW | 1053 |1054 | | 1055 | |
| ZEND_FETCH_STATIC_PROP_IS | 1057 |1058 | | 1059 | |
| ZEND_FETCH_STATIC_PROP_FUNC_ARG | 1061 |1062 | | 1063 | |
| ZEND_FETCH_STATIC_PROP_UNSET | 1065 |1066 | | 1067 | |
| ZEND_UNSET_STATIC_PROP | 1069 |1070 | | 1071 | |
| ZEND_ISSET_ISEMPTY_STATIC_PROP | 1073 |1074 | | 1075 | |
| ZEND_FETCH_CLASS_CONSTANT | 1077 |1078 | | 1079 | |
| ZEND_BIND_LEXICAL | 1081 |1082 | | 1083 | |
| ZEND_BIND_STATIC | 1085 |1086 | | 1087 | |
| ZEND_FETCH_THIS | 1089 |1090 | | 1091 | |
| ZEND_SEND_FUNC_ARG | 1093 |1094 | | 1095 | |
| ZEND_ISSET_ISEMPTY_THIS | 1097 |1098 | | 1099 | |
| ZEND_SWITCH_LONG | 1101 |1102 | | 1103 | |
| ZEND_SWITCH_STRING | 1105 |1106 | | 1107 | |
| ZEND_IN_ARRAY | 1109 |1110 | | 1111 | |
| ZEND_COUNT | 1113 |1114 | | 1115 | |
| ZEND_GET_CLASS | 1117 |1118 | | 1119 | |
| ZEND_GET_CALLED_CLASS | 1121 |1122 | | 1123 | |
| ZEND_GET_TYPE | 1125 |1126 | | 1127 | |
| ZEND_FUNC_NUM_ARGS | 1129 |1130 | | 1131 | |
| ZEND_FUNC_GET_ARGS | 1133 |1134 | | 1135 | |
| ZEND_UNSET_CV | 1137 |1138 | | 1139 | |