12

The specific example I have in mind involves the currently-alpha game Minecraft, but this is a general question that I think warrants some conversation.

Minecraft is written in Java, and stack traces usually look like this (real example):

java.lang.NullPointerException
    at d.a(SourceFile:247)
    at gi.b(SourceFile:92)
    at bd.a(SourceFile:33)
    at bn.a(SourceFile:69)
    at bn.e(SourceFile:115)
    at bn.d(SourceFile:103)
    at net.minecraft.client.Minecraft.i(SourceFile:1007)
    at net.minecraft.client.Minecraft.run(SourceFile:596)
    at java.lang.Thread.run(Unknown Source)

Obviously these are not the real package and method names that the developer uses when he writes. Since he is in an alpha stage, it seems that the developer should like to be able to make sense of his stack traces, especially if someone is able to provide one for a bug report. As this stands, it's mostly meaningless.

What advantage could one possibly hope to gain by obfuscating his code like this that overcomes the drawbacks of more difficult bug identification?

StrixVaria
  • 223
  • 2
  • 7
  • 1
    Simply put, obfuscation [changes the economics](http://stackoverflow.com/a/6018904/42473) of reverse engineering your code, nothing more. – Mark Booth Jan 10 '12 at 11:34

2 Answers2

22

We obfuscate our Java code too....

The advantage is that it makes it harder to reverse-engineer (if you are worried about someone stealing your code base and using it as a base to create a similar competing product, for example, etc).

You can get the original stack trace back: there are obfuscation tools out there which create special reference files which you can use to run the obfuscated stack traces through, and it comes out with the original source stack trace. These are generated by the obfuscation process itself, so you can't get the original stack trace back unless you have your hands on the reference file that you used to obfuscate the code in the first place.

This has no disadvantages really. :)

Bobby Tables
  • 20,516
  • 7
  • 54
  • 79
  • 3
    Interesting, I never knew they came with "stack trace un-obfuscation" (having never used an obfuscator)... what a neat idea :-) – Dean Harding Nov 09 '10 at 22:35
  • 1
    The only drawback that I've ever run into is occasionally an obfuscator (a .NET one in this case) obfuscated it to the point where the jitter couldn't even read it (illegal instructions). Massive fail. – vcsjones Nov 09 '10 at 22:48
  • @vcsjones: That's not really obfuscation then... – configurator Jul 06 '11 at 23:20
4
  • protecting you intellectual property

Most obfuscator also optimize your code, remove unuseful metadata or not used code, compression, dead code elimination or duplicate elimination.

  • If one has to use an obfuscator for such optimzations, the compiler in use must be a really lazy piece of software. – phresnel Jul 06 '11 at 12:17
  • @phresnel: Yes obfuscator can do a pretty good job –  Jul 06 '11 at 12:24
  • @phresnel: incomplete, probably, but crappy... –  Jul 06 '11 at 12:37
  • You are right. Let me repost. – phresnel Jul 06 '11 at 13:01
  • (repost for lack of edit): Therefore, either the compiler does not do optimization well, or the obfuscator applies non-sanctioned optimizations. Usually, all the optimizations you have put in the list are already employed by the compiler. At least this is the case for non-public classes / functions, at least when using a compiler with modern optimizations, like gcc. – phresnel Jul 06 '11 at 13:03
  • @phresnel: I just had a quick look at the kind of optimization provided by .NET obfuscators: dead code elimination (reduce size of DLL, save memory), merging of string literal duplicates, sealing of terminal classes, string compression, etc. –  Jul 06 '11 at 13:09
  • 1
    It's not that I don't believe you; I do! But all those optimizations are usually also exercised by modern compilers. At least I know gcc has them all. So my opinion is: If an obfuscator does really give you a significant speedup, than either the compiler [vendor] did not try hard enough, or it wasn't given appropriate optimization flags. – phresnel Jul 06 '11 at 13:15