Decompiling a function?

From: Vincent Foley
Subject: Decompiling a function?
Date: Thu, 10 Apr 2003 14:30:06 +0000
Message-ID: <Odfla.533$4I6.17914@weber.videotron.net>

Hi CLL,

There's a feature in some Forth implementation that I rather like, a
'see' word.  It allows you to see the definition of a function.  For
instance, in Gforth:

[code]
see .s
: .s
  ." <" depth 0 .r
  ." > " depth 0 max maxdepth-.s @ min dup 0
  ?DO    dup i - pick .
  LOOP
  drop ; ok
: hello ." Hello" CR ;  ok
see hello
: hello
  ." Hello" cr ; ok
[/code]


I was wondering if Lisp had something like that?

Vincent.

-- 

Vincent Foley-Bourgon
Email: ········@iquebec.com
Homepage: http://darkhost.mine.nu:81

Re: Decompiling a function? Duane Rettig
- Re: Decompiling a function? Duane Rettig
Re: Decompiling a function? Peter Seibel
Re: Decompiling a function? Barry Margolin

From: Duane Rettig
Subject: Re: Decompiling a function?
Date: Thu, 10 Apr 2003 15:49:10 +0000
Message-ID: <47ka25p55.fsf@beta.franz.com>

Vincent Foley <········@iquebec.com> writes:

> Hi CLL,
> 
> There's a feature in some Forth implementation that I rather like, a
> 'see' word.  It allows you to see the definition of a function.  For
> instance, in Gforth:
> 
> [code]
> see .s
> : .s
>   ." <" depth 0 .r
>   ." > " depth 0 max maxdepth-.s @ min dup 0
>   ?DO    dup i - pick .
>   LOOP
>   drop ; ok
> : hello ." Hello" CR ;  ok
> see hello
> : hello
>   ." Hello" cr ; ok
> [/code]

The subject line of this article doesn't make sense to me,
based on the "decompilation" shown.  It's been a long time
since I've worked with (and written) Forth, but the above
doesn't look like a word that could have been compiled to
native code.  But I could be wrong, and the above might truly
represent decompilation from native code (and I would be duly
impressed).  So you'll have to distinguish whether you are
looking for a re-assembly of the words that make up the
dictionary entry of .s, or in fact a true decompilation of
native code.

> I was wondering if Lisp had something like that?

Something like that, depending on whether it is compiled or
interpreted:

CL-USER(1): (defun foo (x)
               (declare (optimize speed (safety 0) (debug 0)) (fixnum x))
               (bar (1+ x)))
FOO
CL-USER(2): (function-lambda-expression #'foo)
(LAMBDA (X)
  (DECLARE (OPTIMIZE SPEED (SAFETY 0) (DEBUG 0)) (FIXNUM X))
  (BLOCK FOO (BAR (1+ X))))
NIL
FOO
CL-USER(3): 

Of course, this is simply spitting back the internal representation of
the source, as it is read and massaged into its internal interpreted
Lisp format in the function.  If you want to see the same thing when 
the function is compiled in Allegro CL, you have to ask for it to
be saved, otherwise it is not normally saved:

CL-USER(3): *save-function-lambda-expression*
NIL
CL-USER(4): (setq *save-function-lambda-expression* t)
T
CL-USER(5): (compile 'foo)
Warning: While compiling these undefined functions were referenced: BAR.
FOO
NIL
NIL
CL-USER(6): (function-lambda-expression #'foo)
(LAMBDA (X)
  (DECLARE (OPTIMIZE SPEED (SAFETY 0) (DEBUG 0)) (FIXNUM X))
  (BLOCK FOO (BAR (1+ X))))
NIL
FOO
CL-USER(7): 

Of course, this is not really a decompilation of the function, but
is instead a saving of the previously interpreted definition.

Finally, the closest thing which comes to decompilation, and a
function whose presence is mandated by CL, is disassemble:

CL-USER(7): (disassemble 'foo)
;; disassembly of #<Function FOO>
;; formals: X
;; constant vector:
0: BAR

;; code start: #x7161820c:
   0: 83 c0 04    addl	eax,$4
   3: 8b 5e 12    movl	ebx,[esi+18]    ; BAR
   6: b1 01       movb	cl,$1
   8: ff e7       jmp	*edi
CL-USER(8): 

I remember hearing of true decompilers long ago in Fortran days;
these would key off of patterns in the assembler code to figure
out what probable source code had resulted in that pattern.  I
had never actually seen one in operation, and instead I had learned
to read the 360/370 asm code from the disassembler - it was easy
enough to see what was going on from there without seeing the source
code - such decompiled source would have no relevant comments anyway.

I am surprised to see a large number of hits when googling for
"decompiler", mostly for VB and Java in the first page or so, and
I also got many hits for "lisp decompiler" but none seemed relevant
(there were false hits, and _requests_ for lisp decompilers, but
none offered that I could see in a cursory scan).  I think that
the reason for this is precisely because CL specifies the presence
of a disassembler, which tends to be "goof enough" to see what
needs to be seen.

-- 
Duane Rettig    ·····@franz.com    Franz Inc.  http://www.franz.com/
555 12th St., Suite 1450               http://www.555citycenter.com/
Oakland, Ca. 94607        Phone: (510) 452-2000; Fax: (510) 452-0182

From: Duane Rettig
Subject: Re: Decompiling a function?
Date: Thu, 10 Apr 2003 15:53:23 +0000
Message-ID: <43ckq5oy4.fsf@beta.franz.com>

Duane Rettig <·····@franz.com> writes:

> the reason for this is precisely because CL specifies the presence
> of a disassembler, which tends to be "goof enough" to see what
===========================================^

Freudian slip?  Obviously, I meant "good enough"...

-- 
Duane Rettig    ·····@franz.com    Franz Inc.  http://www.franz.com/
555 12th St., Suite 1450               http://www.555citycenter.com/
Oakland, Ca. 94607        Phone: (510) 452-2000; Fax: (510) 452-0182

From: Peter Seibel
Subject: Re: Decompiling a function?
Date: Thu, 10 Apr 2003 15:28:13 +0000
Message-ID: <m3llyil6h8.fsf@javamonkey.com>

Vincent Foley <········@iquebec.com> writes:

> Hi CLL,
> 
> There's a feature in some Forth implementation that I rather like, a
> 'see' word.  It allows you to see the definition of a function.  For
> instance, in Gforth:
> 
> [code]
> see .s
> : .s
>   ." <" depth 0 .r
>   ." > " depth 0 max maxdepth-.s @ min dup 0
>   ?DO    dup i - pick .
>   LOOP
>   drop ; ok
> : hello ." Hello" CR ;  ok
> see hello
> : hello
>   ." Hello" cr ; ok
> [/code]
> 
> 
> I was wondering if Lisp had something like that?

Not guaranteed to work in all situations but:

  CL-USER(2): (defun foo (x) (+ 2 x))
  FOO
  CL-USER(15): (function-lambda-expression #'foo)
  (LAMBDA (X) (BLOCK FOO (+ 2 X)))
  NIL
  FOO

-Peter

-- 
Peter Seibel                                      ·····@javamonkey.com

  The intellectual level needed   for  system design is  in  general
  grossly  underestimated. I am  convinced  more than ever that this
  type of work is very difficult and that every effort to do it with
  other than the best people is doomed to either failure or moderate
  success at enormous expense. --Edsger Dijkstra

From: Barry Margolin
Subject: Re: Decompiling a function?
Date: Thu, 10 Apr 2003 15:31:18 +0000
Message-ID: <97gla.5$gc2.346@paloalto-snr1.gtei.net>

In article <···················@weber.videotron.net>,
Vincent Foley  <········@iquebec.com> wrote:
>Hi CLL,
>
>There's a feature in some Forth implementation that I rather like, a
>'see' word.  It allows you to see the definition of a function.  For
>instance, in Gforth:

FUNCTION-LAMBDA-EXPRESSION and DISASSEMBLE.

Note that a compiled function is not required to remember the original
source code that produced it, so FUNCTION-LAMBDA-EXPRESSION may return NIL.

-- 
Barry Margolin, ··············@level3.com
Genuity Managed Services, a Level(3) Company, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.