[Openmcl-devel] CCL images, consumer apps, and piracy

Bill St. Clair wws at clozure.com
Sun Apr 10 06:29:57 PDT 2011 

On 04/09/11 23:55, Brandon Van Every wrote:
> On Sat, Apr 9, 2011 at 11:02 PM, Andrew Shalit <alms at clozure.com> wrote:
>>
>> But perhaps we're still not understanding what your concern.  If you could state more specifically why you think it would be easier to hijack and repurpose a CCL application than an application written in another language, we might be able to respond more fully.
> 
> It is trivially easy to decompile a bytecoded language such as Java or
> C#.  At present I don't know how much of CCL's operation is based on
> bytecode or native code.  I don't know what compilation information is
> retained or lost in the resulting image.  I don't know what its
> equivalents of stripping symbols or removing debugging information
> are.  I don't know how function or module linkage is performed.  I
> know how these things are done in C/C++ and roughly what to expect
> from a security / piracy / reverse engineering standpoint.

CCL is fully compiled to machine code, but, as someone else said
earlier, it saves lots of information that is usually compiled out of a
C program. You can mitigate that, for your delivered application, by
turning off some of that information, while compiling for final build.
The information is there to aid debugging, so you probably want to keep
it on during development. Personally, I find informative backtraces from
customers who have encountered bugs to be more important than protecting
against piracy, so I leave them on for delivery, but that's up to you.

CL-USER> (apropos "*save" :ccl)
     *SAVE-ARGLIST-INFO*,  Value: T
     *SAVE-DEFINITIONS*,  Value: NIL
     *SAVE-DOC-STRINGS*,  Value: T
     *SAVE-EXIT-FUNCTIONS*,  Value: NIL
CCL::*SAVE-INTERACTIVE-SOURCE-LOCATIONS*,  Value: T
     *SAVE-LOCAL-SYMBOLS*,  Value: T
     *SAVE-SOURCE-LOCATIONS*,  Value: T
CCL::*SAVED-REGISTER-COUNT*,  Value: 4
CCL::*SAVED-REGISTER-NAMES*,  Value: #(CCL::SAVE3 CCL::SAVE2 CCL::SAVE1
CCL::SAVE0)

I don't see these documented anywhere, but some of them have
DOCUMENTATION, e.g. (documentation '*save-source-locations* 'variable),
but setting all the exported vars to NIL will make it harder to analyze,
and debug, your code (*save-exit-functions* is a list, not a flag, so
don't mess with it). You might also consider setting
*record-source-file* to nil.

-Bill

More information about the Openmcl-devel mailing list