[erlang-questions] Re: how hard is it to rewrite code in a .beam file?

Kostis Sagonas <>
Sat Aug 28 00:15:37 CEST 2010

Matthias Lang wrote:
> Mostly answering my own question:
> Hacking .beam files isn't very hard, getting into it takes a few
> hours.  beam_disasm.erl, beam_asm.erl, compile.erl and beam_lib.erl
> are useful references.
> For me, the spanner in the works was ordinary additions, i.e.  the
> .beam made by R10B contains:
>   {m_plus,[{f,0},{x,0},{i,2},{x,0}]},      % erlang code: X + 2
> but m_plus is long gone, R13B generates this instead:
>   {gc_bif2,[{f,0},{u,1},{u,0},{x,0},{i,2},{x,0}]},
> I don't completely understand the arguments lists. In the first case,
> the arguments are
>   {m_plus,[{f,0},   %% what's this?
>            {x,0},   %% source register
>            {i,2},   %% source immediate integer value 2
>            {x,0},   %% destination register
> So I don't know exactly what {f,0} and {u,1} and {u,0} are. I think
> they tell beam which function I want and supply some liveness
> information, whatever exactly that is. Clues, please?

You are mostly right.

The {f,L} args denote labels -- possibly where to go upon failure.
The {u,N} args denote unsigned integers N.

If you look into beam_disasm, the relevant entry reads:

resolve_inst({gc_bif2,Args},Imports,_,_) ->
     [F,Live,Bif,A1,A2,Reg] = resolve_args(Args),
     {extfunc,_Mod,BifName,_Arity} = lookup(Bif+1,Imports),

and the names give you clues about what the two u args are.
For example, the Bif arg ({u,0}) corresponds to binary +.


More information about the erlang-questions mailing list