Give me the damn source!

10 AM December 4, 2007

After taking a much-needed break, I’m back programming Java. Much to my surprise, I’m enjoying it. However, there is still one wound that time hasn’t healed: JAR files without source.

Oh, the hair I’ve pulled out, staring at Javadoc, trying to divine whether a function returns null or empty array to indicate no-result! The co-workers I’ve disturbed swearing at RuntimeExceptions thrown from ten layers beneath the API! The unwarranted pride I’ve felt correctly guessing a working sequence of method calls!

Fortunately, I have found a partial relief in JadClipse, a Java decompiler for Eclipse. JadClipse not only does a reasonable job of recovering source, it also attempts to match up the line numbers in the generated code with the line numbers in the .class file so I can trace execution in the debugger. JadClipse is much happy-making.

A few notes:

  1. JadClipse relies on a native executable, Jad, to do the decompilation.
  2. Jad does not come with source.
  3. Time spent perusing the JadClipse preferences page is well rewarded.
  4. Be careful what you decompile. Many sourceless packages have licenses that prohibit reverse engineering. One wrong click, and you could be sued.
By alang | # | Comments (1)
(Posted to Software Development and Java)


At 13:10, 04 Dec 2007 Michael Chermside wrote:

I think there is a legitimate question about whether merely viewing the decompiled code counts as "reverse engineering". I would agree that making modifications to the decompiled code and re-compiling to create a new version is clearly reverse-engineering. And examining the decompiled code carefully to determine how they encrypted the communications is certainly reverse-engineering. But just looking to see whether the method is designed to accept nulls or what is the source of the exception?

There is certainly a case to be made that viewing the decompiled source violates the license, but there's a case to be made that it doesn't. You can be sued even if you DON'T view the source (anyone can be sued for anything -- the question is whether the suit will be successful). The most telling point is that no one is LIKELY to sue you just for reading the code. Just don't try to modify it or work out the encryption scheme.

Standard disclaimer: nothing above is advice. If it were advice I would be breaking the law since I'm not a lawyer and am prohibited from giving advice. It's just me speculating.


Add Comment

(Not displayed)

(Leave blank line between paragraphs. URLs converted to links. HTML stripped. Indented source code will be formatted with <pre> tags.)

© 2003-2006 Alan Green