ProGuard 3.7 review

by on

ProGuard is a free Java class file shrinker, optimizer, and obfuscator

License: GPL (GNU General Public License)
File size: 0K
Developer: Eric Lafortune
0 stars award from

ProGuard is a free Java class file shrinker, optimizer, and obfuscator. ProGuard project can detect and remove unused classes, fields, methods, and attributes. It can then optimize bytecode and remove unused instructions.

Finally, it can rename the remaining classes, fields, and methods using short meaningless names. The resulting jars are smaller and harder to reverse-engineer.

More compact jar files also means smaller storage requirements, faster transfer of applications across networks, faster loading, and smaller memory footprints.

ProGuard's main advantage compared to other Java obfuscators is probably its compact template-based configuration. A few intuitive command line options or a simple configuration file are usually sufficient. For instance, the following configuration option preserves all applets in a jar:

-keep public class * extends java.applet.Applet

The user manual explains all available options and shows more examples of this powerful configuration style.

ProGuard is fast. It only takes seconds to process programs and libraries of several megabytes. The results section presents actual figures for a number of applications.

ProGuard is a command-line tool with an optional graphical user interface. It also comes with plugins for Ant and for the J2ME Wireless Toolkit.

ProGuard is a Java class file shrinker, optimizer, and obfuscator. The shrinking step detects and removes unused classes, fields, methods, and attributes. The optimization step analyzes and optimizes the bytecode of the methods. The obfuscation step renames the remaining classes, fields, and methods using short meaningless names. The resulting jars are smaller and harder to reverse-engineer.

ProGuard can also be used to list unused fields and methods in an application, and to print out the internal structure of class files.

ProGuard typically reads the input jars (or wars, ears, zips, or directories). It then shrinks, optimizes, and obfuscates them. It then writes the results to one or more output jars (or wars, ears, zips, or directories). The input jars can optionally contain resource files. ProGuard copies all non-class resource files from the input jars to the output jars. Their names and contents remain unchanged.

ProGuard requires the library jars (or wars, ears, zips, or directories) of the input jars to be specified. It can then reconstruct class hierarchies and other class dependencies, which are necessary for proper shrinking, optimization, and obfuscation. The library jars themselves always remain unchanged. You should still put them in the class path of your final application.

In order to determine which code has to be preserved and which code can be discarded or obfuscated, you have to specify one or more entry points to your code. These entry points are typically classes with main methods, applets, midlets, etc.

* In the shrinking step, ProGuard starts from these seeds and recursively determines which classes and class members are used. All other classes and class members are discarded.
* In the optimization step, ProGuard further optimizes the code. Among other optimizations, classes and methods that are not entry points can be made final, and some methods may be inlined.
* In the obfuscation step, ProGuard renames classes and class members that are not entry points. In this entire process, keeping the entry points ensures that they can still be accessed by their original names.

Any classes or class members of your code that are created or invoked dynamically (that is, by name) have to be specified as entry points too. It is generally impossible to determine these cases automatically, but ProGuard will offer some suggestions if keeping some classes or class members appears necessary. For proper results, you should at least be somewhat familiar with the code that you are processing.

ProGuard does handle Class.forName("SomeClass") and SomeClass.class constructs automatically. The referenced classes are preserved in the shrinking phase, and the string arguments are properly replaced in the obfuscation phase. With variable string arguments, it is generally impossible to determine their possible values (they might be read from a configuration file, for instance).

However, as mentioned, ProGuard will note constructs like "(SomeClass)Class.forName(variable).newInstance()". These might be an indication that the class or interface SomeClass and/or its implementations may need to be preserved. You can then adapt your configuration accordingly.

What's New in This Release:
Now accepting Java 6 class files.
Fixed shrinking of partially used annotations.
Improved incremental obfuscation, with new option
Printing more information in case of conflicting configuration and input.
Fixed optimization of repeated array length instruction.
Fixed optimization of subsequent try/catch/finally blocks with return statements.
Fixed optimization of complex stack operations.
Fixed optimization of simple infinite loops.
Fixed optimization of expressions with constant doubles.
Tuned optimization to improve size reduction after preverification.
Fixed overflows of offsets in long code blocks.
Now allowing class names containing dashes.
Updated documentation and examples.

ProGuard 3.7 keywords