Python JIT thautwarm The “Restrain” 目录 CONTENTS Preview 和其他JIT的比较 实现原理 如何参与开发 1 Preview 并行计算: SIMD并行, true threading 避开解释器开销: for-loop 避免嵌套函数开销: native function pointer, inline “All Add 2” restrain_jit/test/test_functional.py “All Add 2” JIT version: 局部函数无开销 “All Add 2” JIT using SIMD: “All Add 2” Benchmark: “All Add 2” Benchmark: Method Time Pure Python 7.71 JIT 0.089 JIT + SIMD SIMD 0.098 2 和其他JIT的比较 我们知道有Numba, hope JIT, Graal Python, 但Restrain 是不同的。 我把Restrain的特性称为“CPython Compatible” Working With Existing And Prospective C-Extensions 兼容C extensions, 尽管不能优化, 但可以做到调用的开销尽可能接近CPython

解放Python的 表达力，性能和安全性 Thautwarm 目录 CONTENTS 语法和语义扩展 JIT 静态类型 语法和语义扩展 表达力的扩展， 可用性的保留，白来的午餐？ 演示一小部分: 模式匹配, Quick Lambda, Pipe运算 语言决定思维模型 GNU-APL C++ Haskell 说 到 质 数 � 人 们 想 到 什 么 � 语言决定思维模型 Just In Time The Restrain Python JIT 为什么编译器从字节码开始着手? 栈机(stack machine)语义的优化问题？ Julia后端和Cython后端的差别？ 栈机到基于寄存器(register based)的 语义，控制流分析，SSA 和 Φ 节点和 栈机语义消除。 Cython JIT 基础架构。 为什么编译器从字节码开始着手? 因为运行时一旦开始你是拿不到源代码的。 来谈后端的问题。 Julia Cython 常见性能提升 100x 1-10x 小函数JIT 比Python慢1000倍 比Python快50% 启动时间 10s以上, “JAOT” 没有，调编译器快 循环折叠 有 有 Debug现场？ 每次打log等待30s 瞬秒(ms级) JIT 后端问题 同时， 由于Julia端目前固有的问题，不支持动态链接编译的 Python(例如Anaconda

x86_64. The last number stands for the features: 0: No anti-debug, JIT, advanced mode features, high speed 7: Include anti-debug, JIT, advanced mode features, high security It’s possible to obfuscate --list pyarmor download --list windows pyarmor download --list windows.x86_64 pyarmor download --list JIT pyarmor download --list armv7 After pyarmor is upgraded, however these downloaded dynamic libraries Each feature has its own bit 1: Anti-Debug 2: JIT 4: ADV, advanced mode 8: SUPER, super mode For example, windows.x86_64.7 means anti-debug(1), JIT(2) and advanced mode(4) supported, windows.x86_64

x86_64. The last number stands for the features: 0: No anti-debug, JIT, advanced mode features, high speed 7: Include anti-debug, JIT, advanced mode features, high security It’s possible to obfuscate --list pyarmor download --list windows pyarmor download --list windows.x86_64 pyarmor download --list JIT pyarmor download --list armv7 After pyarmor is upgraded, however these downloaded dynamic libraries Each feature has its own bit 1: Anti-Debug 2: JIT 4: ADV, advanced mode 8: SUPER, super mode For example, windows.x86_64.7 means anti-debug(1), JIT(2) and advanced mode(4) supported, windows.x86_64

0: No anti-debug, JIT, advanced mode features, high speed 3.4. Distributing Obfuscated Scripts To Other Platform 13 PyArmor Documentation, Release 6.2.0 • 7: Include anti-debug, JIT, advanced mode features --list pyarmor download --list windows pyarmor download --list windows.x86_64 pyarmor download --list JIT pyarmor download --list armv7 After pyarmor is upgraded, however these downloaded dynamic libraries feature has its own bit • 1: Anti-Debug • 2: JIT • 4: ADV, advanced mode • 8: SUPER, super mode For example, windows.x86_64.7 means anti-debug(1), JIT(2) and advanced mode(4) supported, windows. x86_64

x86_64. The last number stands for the features: • 0: No anti-debug, JIT, advanced mode features, high speed • 7: Include anti-debug, JIT, advanced mode features, high security It’s possible to obfuscate --list pyarmor download --list windows pyarmor download --list windows.x86_64 pyarmor download --list JIT pyarmor download --list armv7 After pyarmor is upgraded, however these downloaded dynamic libraries own bit • 1: Anti-Debug • 2: JIT • 4: ADV, advanced mode • 8: SUPER, super mode • 16: VM, vm protection mode For example, windows.x86_64.7 means anti-debug(1), JIT(2) and advanced mode(4) supported

scripts, use these options to get more security: $ pyarmor gen --enable-jit --mix-str --assert-call --private foo.py Using --enable-jit tells Pyarmor processes some sentensive data by c function generated protect package For package, remove --private and append 2 extra options: $ pyarmor gen --enable-jit --mix-str --assert-call --assert-import -- restrict joker/ Using --assert-import prevents obfsucated more times, for example, importing a plain script about 1 ms, but bcc module about 200 ms --enable-jit prevents from static decompilation --enable-themida prevents from most of debuggers, only available

scripts, use these options to get more security: $ pyarmor gen --enable-jit --mix-str --assert-call --private foo.py Using --enable-jit tells Pyarmor processes some sensitive data by c function generated protect package For package, remove --private and append 2 extra options: $ pyarmor gen --enable-jit --mix-str --assert-call --assert-import -- restrict joker/ Using --assert-import prevents obfuscated may be a little faster than a plain script, but it consumes more memory to load binary code --enable-jit prevents static decompilation --enable-themida prevents most of debuggers, only available in Windows

x86_64. The last number stands for the features: • 0: No anti-debug, JIT, advanced mode features, high speed • 7: Include anti-debug, JIT, advanced mode features, high security It’s possible to obfuscate --list pyarmor download --list windows pyarmor download --list windows.x86_64 pyarmor download --list JIT pyarmor download --list armv7 After pyarmor is upgraded, however these downloaded dynamic libraries with feature number suffix combines an unique name. For example, windows.x86_64.7 means anti-debug, JIT and andvanced mode supported, windows.x86_64.0 means no any feature. Note that the dynamic library

functions of PyArmor are written by c in the dynamic library _pytransform. _pytransform protects itself by JIT technical, and the obfuscated scripts is protected by _pytransform. On the other hand, the dynamic sure it’s not changed. This is called Cross Protection. The dynamic library _pytransform.so uses JIT technical to achieve two tasks: Keep the des key used to encrypt python scripts from tracing by any change instruction JZ to JNZ, so that _pytransform.so can execute even if checking license failed How JIT works? First PyArmor defines an instruction set based on GNU lightning. Then write some core functions