Programming Tools Group

A transformation toolkit for the .NET intermediate language

Participants: Oege de Moor, Ganesh Sittampalam, Stephen Drape

Building on previous work in the group on imperative program transformation, this project is funded by a gift from Microsoft Corporation to develop a transformation toolkit for the intermediate language of their new .NET intermediate language, with particular application to obfuscation, that is transformations which make decompiling difficult.

We are building a system in which transformations can be expressed in a declarative manner, which we hope will make it easy to quickly implement new transformations.

Obfuscation is of interest to many software vendors, who wish to prevent people from stealing their ideas. As well as transferring existing work on obfuscation to the .NET platform, we hope to develop new methods that are provably hard to undo.

Apart from obfuscation, we would like to apply this system to specialisation of library calls. The external interface presented by libraries is often specialised to allow clients to call it in an optimal manner. However, changes in the internal implementation of the library might cause this "optimal manner" to change, which creates a code maintenance problem. Instead, we would like library interfaces to be written in a generic way, but with any particular implementation also exporting more functions that enable the library to be used more optimally, together with transformations that can be applied to client programs to specialise uses of the generic interface to uses of these functions where possible.

For example, a sets library might export the methods elemOf and insert, to check whether something was a member of a set and to insert it into a set. To be safe, the implementation of insert would have to first do the elemOf test (to avoid adding a duplicate element to the set). However, the client program might already have done this test, in which case it could be omitted. The library could define insertNoTest, together with a transformation that checked client programs for uses of insert where no test was required (e.g. in the scenario outlined above, or where the set had just been initialised to empty), and changed them to insertNoTest.

Useful links

Christian Collberg's Obfuscation and Watermarking resources