Of course there is. Just about any professional programmer that can program a PAL via a .jed file can read the PAL contents back into a .jed file.
I have an EEtools TopmaxII and I know it can read a PALs programming into a .jed file that I can then save, and use to verify other PALs against or program blank devices.
Only Provided the security is not blown.
Well yeah of course. If the security fuse is blown on a device, the internal programming will be unreadable.
The only way to determine the functionality of a device with its security fuse blown is a brute force approach, stimulate all inputs, observe all outputs, write equations, and optimize.
Of course this assumes no internal feedback or internal state, which can increase the reverse engineering complexity dramatically.
But my point was that legacy PAL programmers provided the capability to both read and write/program the fuse arrays.
So reading the device on a legacy programmer may produce the fuse programming if it is unsecured, or at worst an all blown and/or all unblown fusemap if it is secured.
In my experience the TL866/T48/T56 (I have the latter two devices) are useful for programming modern EEPROMs and uControllers, or simple RAM or 74xx chip testing.
But they do not support legacy devices like PALs and BIPOLAR PROMs. For those I have my trusty EEtools TopMaxII series device which supports all the old stuff, and most new stuff too.