Dissassembly of Forth code words with 'see'

Asked 17/5, 2017 at 1:59 Answered 5/4, 2021 at 8:52

I am preparing overall knowledge on building a Forth interpreter and want to disassemble some of the generic Forth code words such as +, -, *, etc.

My Gforth (I currently have version 0.7.3, installed on Ubuntu Linux) will allow me to disassemble colon definitions that I make with the command see, as well as the single code word .. But when I try it with other code words, see + or see /, I get an error that says, Code +, and then I'm not able to type in my terminal anymore, even when I press control-c.

I should be able to decompile/disassemble the code words, as shown by the Gforth manual: https://www.complang.tuwien.ac.at/forth/gforth/Docs-html/Decompilation-Tutorial.html

Has anyone else had this issue, and do you know how to fix it?

Playboy answered 17/5, 2017 at 1:59 Comment(14)

I think it is printing the actual binary values of the word - and binary data will mess up your terminal. – Pali 17/5, 2017 at 2:38

I checked on Windows. see + displays the line Code +, followed by a disassembly of that word. GForth 0.7.0 on Windows. I guess there is a bug in the disassembler of GForth 0.7.3 on Ubuntu. – Oceanid 19/5, 2017 at 13:39

I also checked on Ubuntu 16.04. I had GForth 0.7.2 and the same happened: Code + was displayed and the terminal locked up. Very likely a bug, either in see, or, more likely, in the disassembler. – Oceanid 19/5, 2017 at 13:51

And I tried on the Mac (GForth 0.7.3). I got the line Code + again, followed by the error message sh: line 0: type: gdb: not found. Probably it tried to use gdb in a script to disassemble. But that was then followed, after a few seconds, by a hexdump and end-code. No lock-up of the terminal, but not a disassembly either. – Oceanid 19/5, 2017 at 13:58

One last comment: It finally worked on Ubuntu when I started gforth with sudo gforth. I generally don't recommend this, but it really seems that gforth uses gdb to disassemble, and somehow, if not started with sudo, gdb won't start or waits for permission or some such. Hmmm... – Oceanid 19/5, 2017 at 14:10

Why do you need to disassemble or see it? Gforth comes with full source. Just change what you don't like. – Orchitis 22/5, 2017 at 19:17

@Marcel: while that is true, it still means that see doesn't work properly. – Oceanid 23/5, 2017 at 10:40

0.7.3 works in Fedora here, but not in Xubuntu. It seems there is an error that is awaiting console input from the disassembler. Ctrl-D will give you control back, along with an error message about Error in sourced command file: Cannot access memory at. But at least Ctrl-D gives you your gforth prompt back. – Manor 1/6, 2017 at 19:6

0.7.3 is quite outdated although "stable", you can try the most recent version from github – Aldosterone 30/7, 2017 at 22:22

@PhilKrylov, Re "most recent version from github": Without a URL it's not obvious which version you're referring to. This github gforth page seems to indicate that v0.7.3 (from 2014) is the latest. Yet the gforth changelog hasn't been updated since 2008. (Some of the files and directories there have been updated in the last month however.) – Barathea 9/9, 2017 at 11:14

@Barathea Oh well, I was referring to git HEAD. – Aldosterone 21/9, 2017 at 20:0

@PhilKrylov, Please provide a bit more detail as to what "git HEAD" refers to in this context. That is, what a reader a few years from now might need to know to see the identical code you've cited. – Barathea 22/9, 2017 at 9:51

@Barathea Unfortunately, Stack Overflow forbids to insert lmgtfy . com links. Anyway, this thread is not about what git HEAD means. – Aldosterone 25/9, 2017 at 14:47

I understand dissassembling can be your interest also, but otherwise, why not look for gforth source code? I mean, it's GNU/GPL, so the source code is public and available for free. For example github.com/forthy42/gforth. BTW, when I'm stuck at Code <word>, I type Control-D and it print some hexadecimal dump, which I guess is the code of the word, and it then gets back to the gforth interpreter. No need to kill it. – Malnourished 10/4, 2021 at 12:50

Reverting to the old ptrace method did it for me.

First, from the command line as user root run:

echo 0 >/proc/sys/kernel/yama/ptrace_scope

After which see should disassemble whatever it can't decompile. Command line example (need not be root):

gforth -e "see +  bye"

Output:

Code +  
   0x000055a9bf6dad66 <gforth_engine+2454>: mov    %r14,0x21abf3(%rip)        # 0x55a9bf8f5960 <saved_ip>
   0x000055a9bf6dad6d <gforth_engine+2461>: lea    0x8(%r13),%rax
   0x000055a9bf6dad71 <gforth_engine+2465>: mov    0x0(%r13),%rdx
   0x000055a9bf6dad75 <gforth_engine+2469>: add    $0x8,%r14
   0x000055a9bf6dad79 <gforth_engine+2473>: add    %rdx,(%rax)
   0x000055a9bf6dad7c <gforth_engine+2476>: mov    %rax,%r13
   0x000055a9bf6dad7f <gforth_engine+2479>: mov    -0x8(%r14),%rcx
   0x000055a9bf6dad83 <gforth_engine+2483>: jmpq   *%rcx
end-code

Credit: Anton Ertl

Nessim answered 10/9, 2017 at 19:3 Comment(0)

Most versions of SEE that I've seen are meant only for decompiling colon definitions. + and / and other arithmetic operations are usually written in assembly code and SEE doesn't know what to do with them. That's why you were getting the CODE error message: they're written in code, not Forth. There are several Forth implementations I've seen that have built in assemblers, but I don't think I've ever seen a dis-assembler. Your best bet for seeing the inner workings of + or / or other such words might be to use DUMP or another such word to get a list of the bytes in the word and either disassemble the word by hand or feed the data into an external disassembler. Or see if you can find the source code for your implementation or a similar one.

Godard answered 28/1, 2019 at 3:2 Comment(0)

SEE is a word that has not a tightly controlled behaviour. It is a kind of best effort to show the code of a word X if invoked as

SEE X

It behaves slightly different according how difficult it is to do this. If you defined the word yourself in the session, you're pretty much guaranteed to get your code back. If it is a built in word, especially if it is a very elementary word like + , it is harder. It may look nothing much like the original definition, because of optimisation or compilation into machine code.

Specifically for gforth, if it gets hard gforth invokes the standard tools that are present on the system to analyse object files. So it may be necessary to install gdb and/or investigate how gforth tries to connect to it. For the concrete example of Ubuntu and gforth 0.7.3 Lutz Mueller gives a recipee.

Hanley answered 17/12, 2018 at 15:25 Comment(0)

I think SEE does it's job as designed. There are words in FORTH defined in machine code (often called as primitives) and also there is a possibility to define machine code via assembler by the user ie.: : MYCODE assembler memonics ;CODE

So the output of SEE shows not Code error, but that (ie.) + word was defined as machine code and one can see the disassembled mnenonics on the right of it's output.

Condottiere answered 5/4, 2021 at 8:52 Comment(0)

Recommended topics

Hot tags