Usage

To run ProGuard, just type:

java -jar proguard.jar options ...

You can find the ProGuard jar in the lib directory of the ProGuard distribution. Options can also be put in one or more configuration files. Typically, you'll put most options in a configuration file (say, myconfig.pro), and just call:

java -jar proguard.jar @myconfig.pro

You can combine command line options and options from configuration files, for instance:

java -jar proguard.jar @myconfig.pro -verbose

In a configuration file, a # sign and all remaining characters on that line are ignored, allowing you to add comments.

Extra whitespace between words and delimiters is ignored. To specify file names with spaces or special characters, words can be quoted with single or double quotes. Note that the quotes may need to be escaped when used on the command line, to avoid them being gobbled by the shell.

Options can be grouped arbitrarily in arguments on the command line and in lines in configuration files. This means that you can quote any arbitrary section of command line options, to avoid shell expansion of special characters, for instance.

The order of the options is generally irrelevant. They can be abbreviated to their first unique characters.

The sections below provide more details:

 

Input/Output Options

@filename
Short for '-include filename'.
-include filename
Recursively reads configuration options from the given file filename.
-basedirectory directoryname
Specifies the base directory for all subsequent relative file names in these configuration arguments or this configuration file.
-injars class_path
Specifies the input jars (or wars, ears, zips, or directories) of the application to be processed. The class files in these jars will be processed and written to the output jars. By default, any non-class files will be copied without changes. Please be aware of any temporary files (e.g. created by IDEs), especially if you are reading your input files straight from directories. The entries in the class path can be filtered, as explained in the filters section. For better readability, class path entries can be specified using multiple -injars options.
-outjars class_path
Specifies the names of the output jars (or wars, ears, zips, or directories). The processed input of the preceding -injars options will be written to the named jars. This allows you to collect the contents of groups of input jars into corresponding groups of output jars. In addition, the output entries can be filtered, as explained in the filters section. Each processed class file or resource file is then written to the first output entry with a matching filter, within the group of output jars.

You must avoid letting the output files overwrite any input files. For better readability, class path entries can be specified using multiple -outjars options. Without any -outjars options, no jars will be written.

-libraryjars class_path
Specifies the library jars (or wars, ears, zips, or directories) of the application to be processed. The files in these jars will not be included in the output jars. The specified library jars should at least contain the class files that are extended by application class files. Library class files that are only called needn't be present, although their presence can improve the results of the optimization step. The entries in the class path can be filtered, as explained in the filters section. For better readability, class path entries can be specified using multiple -libraryjars options.

Please note that the boot path and the class path set for running ProGuard are not considered when looking for library classes. This means that you explicitly have to specify the run-time jar that your code will use. Although this may seem cumbersome, it allows you to process applications targeted at different run-time environments. For example, you can process J2SE applications as well as JME midlets, just by specifying the appropriate run-time jar.

-dontskipnonpubliclibraryclasses
Specifies not to ignore non-public library classes. By default, non-public library classes are skipped while parsing library jars. The classes are typically not relevant during processing, since they don't affect the actual program code in the input jars. Ignoring them reduces memory usage and processing time. Occasionally, a badly designed library may contain a non-public library class that is extended/implemented by a public library class. If the latter library class in turn is extended/implemented by a program class, ProGuard will complain that it can't find the non-public library class, which it had ignored during parsing. This option will overcome that problem, at the cost of greater memory usage and longer processing time.
-dontskipnonpubliclibraryclassmembers
Specifies not to ignore package visible library class members (fields and methods). By default, these class members are skipped while parsing library classes, as program classes will generally not refer to them. Sometimes however, program classes reside in the same packages as library classes, and they do refer to their package visible class members. In those cases, it can be useful to actually read the class members, in order to make sure the processed code remains consistent.
-target version
Specifies the version number to be set in the processed class files. The version number can be one of 1.0, 1.1, 1.2, 1.3, 1.4, 1.5 (or just 5), or 1.6 (or just 6). By default, the version numbers of the class files are left unchanged. For example, you may want to upgrade class files to Java 6, by changing their version numbers and having them preverified.
-forceprocessing
Specifies to process the input, even if the output seems up to date. The up-to-dateness test is based on a comparison of the date stamps of the specified input, output, and configuration files or directories.

 

Keep Options

-keep [,modifier,...] class_specification
Specifies classes and class members (fields and methods) to be preserved as entry points to your code. For example, in order to keep an application, you can specify the main class along with its main method. In order to process a library, you should specify all publicly accessible elements.
-keepclassmembers [,modifier,...] class_specification
Specifies class members to be preserved, if their classes are preserved as well. For example, you may want to keep all serialization fields and methods of classes that implement the Serializable interface.
-keepclasseswithmembers [,modifier,...] class_specification
Specifies classes and class members to be preserved, on the condition that all of the specified class members are present. For example, you may want to keep all applications that have a main method, without having to list them explicitly.
-keepnames class_specification
Short for -keep,allowshrinking class_specification

Specifies classes and class members whose names are to be preserved, if they aren't removed in the shrinking phase. For example, you may want to keep all class names of classes that implement the Serializable interface, so that the processed code remains compatible with any originally serialized classes. Classes that aren't used at all can still be removed. Only applicable when obfuscating.

-keepclassmembernames class_specification
Short for -keepclassmembers,allowshrinking class_specification

Specifies class members whose names are to be preserved, if they aren't removed in the shrinking phase. For example, you may want to preserve the name of the synthetic class$ methods when processing a library, so obfuscators can detect it again when processing an application that uses the processed library (although ProGuard itself doesn't need this). Only applicable when obfuscating.

-keepclasseswithmembernames class_specification
Short for -keepclasseswithmembers,allowshrinking class_specification

Specifies classes and class members whose names are to be preserved, on the condition that all of the specified class members are present after the shrinking phase. For example, you may want to keep all native method names and the names of their classes, so that the processed code can still link with the native library code. Native methods that aren't used at all can still be removed. If a class file is used, but none of its native methods are, its name will still be obfuscated. Only applicable when obfuscating.

-printseeds [filename]
Specifies to exhaustively list classes and class members matched by the various -keep options. The list is printed to the standard output or to the given file. The list can be useful to verify if the intended class members are really found, especially if you're using wildcards. For example, you may want to list all the applications or all the applets that you are keeping.

 

Shrinking Options

-dontshrink
Specifies not to shrink the input class files. By default, shrinking is applied; all classes and class members are removed, except for the ones listed by the various -keep options, and the ones on which they depend, directly or indirectly. A shrinking step is also applied after each optimization step, since some optimizations may open the possibility to remove more classes and class members.
-printusage [filename]
Specifies to list dead code of the input class files. The list is printed to the standard output or to the given file. For example, you can list the unused code of an application. Only applicable when shrinking.
-whyareyoukeeping class_specification
Specifies to print details on why the given classes and class members are being kept in the shrinking step. This can be useful if you are wondering why some given element is present in the output. In general, there can be many different reasons. This option prints the shortest chain of methods to a specified seed or entry point, for each specified class and class member. In the current implementation, the shortest chain that is printed out may sometimes contain circular deductions -- these do not reflect the actual shrinking process. If the -verbose option if specified, the traces include full field and method signatures. Only applicable when shrinking.

 

Optimization Options

-dontoptimize
Specifies not to optimize the input class files. By default, optimization is enabled; all methods are optimized at a bytecode level.
-optimizationpasses n
Specifies the number of optimization passes to be performed. By default, a single pass is performed. Multiple passes may result in further improvements. If no improvements are found after an optimization pass, the optimization is ended. Only applicable when optimizing.
-assumenosideeffects class_specification
Specifies methods that don't have any side effects (other than maybe returning a value). In the optimization step, ProGuard will then remove calls to such methods, if it can determine that the return values aren't used. Note that ProGuard will analyze your program code to find such methods automatically. It will not analyze library code, for which this option can thus be useful. For example, you could specify the method System.currentTimeMillis(), so that any idle calls to it will be removed. Note that ProGuard applies the option to the entire hierarchy of the specified methods. Only applicable when optimizing. In general, making assumptions can be dangerous; you can easily break the processed code. Only use this option if you know what you're doing!
-allowaccessmodification
Specifies that the access modifiers of classes and class members may be broadened during processing. This can improve the results of the optimization step. For instance, when inlining a public getter, it may be necessary to make the accessed field public too. Although Java's binary compatibility specifications formally do not require this (cfr. The Java Language Specification, Second Edition, Section 13.4.6), some virtual machines would have problems with the processed code otherwise. Only applicable when optimizing (and when obfuscating with the -repackageclasses option).

Counter-indication: you probably shouldn't use this option when processing code that is to be used as a library, since classes and class members that weren't designed to be public in the API may become public.

-mergeinterfacesaggressively
Specifies that interfaces may be merged, even if their implementing classes don't implement all interface methods. This can reduce the size of the output by reducing the total number of classes. Note that Java's binary compatibility specifications allow such constructs (cfr. The Java Language Specification, Second Edition, Section 13.5.3), even if they are not allowed in the Java language (cfr. The Java Language Specification, Second Edition, Section 8.1.4). Only applicable when optimizing.

Counter-indication: setting this option can reduce the performance of the processed code on some JVMs, since advanced just-in-time compilation tend to favor more interfaces with fewer implementing classes.

 

Obfuscation Options

-dontobfuscate
Specifies not to obfuscate the input class files. By default, obfuscation is applied; classes and class members receive new short random names, except for the ones listed by the various -keep options. Internal attributes that are useful for debugging, such as source files names, variable names, and line numbers are removed.
-printmapping [filename]
Specifies to print the mapping from old names to new names for classes and class members that have been renamed. The mapping is printed to the standard output or to the given file. For example, it is required for subsequent incremental obfuscation, or if you ever want to make sense again of obfuscated stack traces. Only applicable when obfuscating.
-applymapping filename
Specifies to reuse the given name mapping that was printed out in a previous obfuscation run of ProGuard. Classes and class members that are listed in the mapping file receive the names specified along with them. Classes and class members that are not mentioned receive new names. The mapping may refer to input classes as well as library classes. This option can be useful for incremental obfuscation, i.e. processing add-ons or small patches to an existing piece of code. In such cases, you should consider whether you also need the option -useuniqueclassmembernames. Only applicable when obfuscating.
-obfuscationdictionary filename
Specifies a text file from which all valid words are used as obfuscated field and method names. By default, short names like 'a', 'b', etc. are used as obfuscated names. With an obfuscation dictionary, you can specify a list of reserved key words, or identifiers with foreign characters, for instance. White space, punctuation characters, duplicate words, and comments after a # sign are ignored. Note that an obfuscation dictionary hardly improves the obfuscation. Decent compilers can automatically replace them, and the effect can fairly simply be undone by obfuscating again with simpler names. The most useful application is specifying strings that are typically already present in class files (such as 'Code'), thus reducing the class file sizes just a little bit more. Only applicable when obfuscating.
-classobfuscationdictionary filename
Specifies a text file from which all valid words are used as obfuscated class names. The obfuscation dictionary is similar to the one of the option -obfuscationdictionary. Only applicable when obfuscating.
-packageobfuscationdictionary filename
Specifies a text file from which all valid words are used as obfuscated package names. The obfuscation dictionary is similar to the one of the option -obfuscationdictionary. Only applicable when obfuscating.
-overloadaggressively
Specifies to apply aggressive overloading while obfuscating. Multiple fields and methods can then get the same names, as long as their arguments and return types are different (not just their arguments). This option can make the processed code even smaller (and less comprehensible). Only applicable when obfuscating.

Counter-indication: the resulting class files fall within the Java bytecode specification (cfr. The Java Virtual Machine Specification, Second Edition, first paragraphs of Section 4.5 and Section 4.6), even though this kind of overloading is not allowed in the Java language (cfr. The Java Language Specification, Second Edition, Section 8.3 and Section 8.4.7). Still, some tools have problems with it. Notably:

-useuniqueclassmembernames
Specifies to assign the same obfuscated names to class members that have the same names, and different obfuscated names to class members that have different names (for each given class member signature). Without the option, more class members can be mapped to the same short names like 'a', 'b', etc. The option therefore increases the size of the resulting code slightly, but it ensures that the saved obfuscation name mapping can always be respected in subsequent incremental obfuscation steps.

For instance, consider two distinct interfaces containing methods with the same name and signature. Without this option, these methods may get different obfuscated names in a first obfuscation step. If a patch is then added containing a class that implements both interfaces, ProGuard will have to enforce the same method name for both methods in an incremental obfuscation step. The original obfuscated code is changed, in order to keep the resulting code consistent. With this option in the initial obfuscation step, such renaming will never be necessary.

This option is only applicable when obfuscating. In fact, if you are planning on performing incremental obfuscation, you probably want to avoid shrinking and optimization altogether, since these steps could remove or modify parts of your code that are essential for later additions.

-dontusemixedcaseclassnames
Specifies not to generate mixed-case class names while obfuscating. By default, obfuscated class names can contain a mix of upper-case characters and lower-case characters. This creates perfectly acceptable and usable jars. Only if a jar is unpacked on a platform with a case-insensitive filing system (say, Windows), the unpacking tool may let similarly named class files overwrite each other. Code that self-destructs when it's unpacked! Developers who really want to unpack their jars on Windows can use this option to switch off this behavior. Note that the obfuscated jars will become larger as a result. Only applicable when obfuscating.
-flattenpackagehierarchy [package_name]
Specifies to repackage all packages that are renamed, by moving them into the single given parent package. Without argument or with an empty string (''), the packages are moved into the root package. This option is one example of further obfuscating package names. It can make the processed code smaller and less comprehensible. Only applicable when obfuscating.
-repackageclasses [package_name]
Specifies to repackage all class files that are renamed, by moving them into the single given package. Without argument or with an empty string (''), the package is removed completely. This option option overrides the -flattenpackagehierarchy option. It is another example of further obfuscating package names. It can make the processed code even smaller and less comprehensible. Its deprecated name is -defaultpackage. Only applicable when obfuscating.

Counter-indication: classes that look for resource files in their package directories will no longer work properly if they are moved elsewhere. When in doubt, just leave the packaging untouched by not using this option.

-keepattributes [attribute_name,...]
Specifies any optional attributes to be preserved. The attributes can be specified with one or more -keepattributes directives. Multiple attributes should be separated by commas. An empty list preserves all attributes. Attribute names can contain ? and * wildcards, and they can be preceded by the ! negator (much like file name filters). Typical optional attributes are Exceptions, Signature, Deprecated, SourceFile, SourceDir, LineNumberTable, LocalVariableTable, LocalVariableTypeTable, Synthetic, EnclosingMethod, RuntimeVisibleAnnotations, RuntimeInvisibleAnnotations, RuntimeVisibleParameterAnnotations, RuntimeInvisibleParameterAnnotations, and AnnotationDefault. The InnerClasses attribute name can be specified as well, referring to the source name part of this attribute. For example, you should at least keep the Exceptions, InnerClasses, and Signature attributes when processing a library. As another example, you should keep the SourceFile and LineNumberTable attributes for producing useful obfuscated stack traces. Only applicable when obfuscating.
-renamesourcefileattribute [string]
Specifies a constant string to be put in the SourceFile attributes (and SourceDir attributes) of the class files. Note that the attribute has to be present to start with, so it also has to be preserved explicitly using the -keepattributes directive. For example, you may want to have your processed libraries and applications produce useful obfuscated stack traces. Only applicable when obfuscating.
-adaptresourcefilenames [filter]
Specifies the resource files to be renamed, based on the obfuscated names of the corresponding class files (if any). Without a filter, all resource files that correspond to class files are renamed. With a filter, only matching files are renamed. For example, see processing resource files. Only applicable when obfuscating.
-adaptresourcefilecontents [filter]
Specifies the resource files whose contents are to be updated. Any class names mentioned in the resource files are renamed, based on the obfuscated names of the corresponding class files (if any). Without a filter, the contents of all resource files updated. With a filter, only matching files are updated. For example, see processing resource files. Only applicable when obfuscating.

 

Preverification Options

-dontpreverify
Specifies not to preverify the processed class files. By default, class files are preverified if they are targeted at Java Micro Edition or at Java 6 or higher. For Java Micro Edition, preverification is required, so you will need to run an external preverifier on the processed code if you specify this option. For Java 6, preverification is not required (yet), but it improves the efficiency of the class loading in the Java Virtual Machine.
-microedition
Specifies that the processed class files are targeted at Java Micro Edition. The preverifier will then add the appropriate StackMap attributes, which are different from the default StackMapTable attributes for Java Standard Edition. For example, you will need this option if you are processing midlets.

 

General Options

-verbose
Specifies to write out some more information during processing. If the program terminates with an exception, this option will print out the entire stack trace, instead of just the exception message.
-dontnote
Specifies not to print notes about potential mistakes or omissions in the configuration, like typos in class names, or missing options that might be useful.
-dontwarn
Specifies not to warn about unresolved references and other important problems at all. Ignoring warnings can be dangerous. For instance, if the unresolved classes or class members are indeed required for processing, the processed code will not function properly. Only use this option if you know what you're doing!
-ignorewarnings
Specifies to print any warnings about unresolved references and other important problems, but to continue processing in any case. Ignoring warnings can be dangerous. For instance, if the unresolved classes or class members are indeed required for processing, the processed code will not function properly. Only use this option if you know what you're doing!
-printconfiguration [filename]
Specifies to write out the entire configuration that has been parsed, with included files and replaced variables. The structure is printed to the standard output or to the given file. This can sometimes be useful for debugging configurations, or for converting XML configurations into a more readable format.
-dump [filename]
Specifies to write out the internal structure of the class files, after any processing. The structure is printed to the standard output or to the given file. For example, you may want to write out the contents of a given jar file, without processing it at all.

 

Class Paths

ProGuard accepts a generalization of class paths to specify input files and output files. A class path consists of entries, separated by the traditional path separator (e.g. ':' on Unix, or ';' on Windows platforms). The order of the entries determines their priorities, in case of duplicates.

Each input entry can be:

The paths of directly specified class files and resource files is ignored, so class files should generally be part of a jar file, a war file, an ear file, a zip file, or a directory. In addition, the paths of class files should not have any additional directory prefixes inside the archives or directories.

Each output entry can be:

When writing output entries, ProGuard will generally package the results in a sensible way, reconstructing the input entries as much as required. Writing everything to an output directory is the most straightforward option: the output directory will contain a complete reconstruction of the input entries. The packaging can be almost arbitrarily complex though: you could process an entire application, packaged in a zip file along with its documentation, writing it out as a zip file again. The Examples section shows a few ways to restructure output archives.

Files and directories can be specified as discussed in the section on file names below.

In addition, the individual class patch entries and their contents can be filtered, as explained in the filters section below. This allows for an almost infinite number of packaging and repackaging possibilities.

 

File Names

ProGuard accepts absolute paths and relative paths for the various file names and directory names. A relative path is interpreted as follows:

The names can contain Java system properties delimited by '<' and '>'. The system properties are automatically replaced by their respective values.

For example, <java.home>/lib/rt.jar will automatically be expanded to something like /usr/local/java/jdk/jre/lib/rt.jar. Similarly, <user.home> will be expanded to the user's home directory, and <user.dir> will be expanded to the current working directory.

Names with special characters like spaces and parentheses must be quoted with single or double quotes. Note that each file name in a list of names has to be quoted individually. Also note that the quotes themselves may need to be escaped when used on the command line, to avoid them being gobbled by the shell.

For example, on the command line, you could use an option like '-injars "my program.jar":"/your directory/your program.jar"'.

 

Filters

ProGuard provides the possibility to filter the class path entries and their contents, based on their full relative file names. Each class path entry can be followed by up to 5 types of filters between parentheses, separated by semi-colons:

If fewer than 5 filters are specified, they are assumed to be the latter filters. Any empty filters are ignored. More formally, a filtered class path entry looks like this:

classpathentry([[[[zipfilter;]earfilter;]warfilter;]jarfilter;]filefilter)

Square brackets "[]" mean that their contents are optional.

A filter consists of one or more comma-separated file names that can contain wildcards. Only files with matching file names are read (in the case of input jars), or written (in the case of output jars). The following wildcards are supported:
? matches any single character in a file name.
* matches any part of a filename not containing the directory separator.
** matches any part of a filename, possibly containing any number of directory separators.
For example, "rt.jar(java/**.class,javax/**.class)" matches all class files in the java and javax directories inside the rt jar.

Furthermore, a file name can be preceded by an exclamation mark '!' to exclude the file name from further attempts to match with subsequent file names. You can think of the filtering mechanism as a conveyor belt, with pushers that accept or reject files as they pass by.

For example, "input.jar(!**.gif,images/**)" matches all files in the images directory inside the input jar, except gif files.

Note that the different filters are applied to all corresponding file types, irrespective of their nesting levels in the input; they are orthogonal.

For example, "input.war(lib/**.jar,support/**.jar;**.class,**.gif)" only considers jar files in the lib and support directories in the input war, not any other jar files. It then matches all class files and gif files that are encountered.

The Examples section provides a few more examples for filtering input and output.  

Overview of Keep Options

The various -keep options for shrinking and obfuscation may seem a bit confusing at first, but there's actually a pattern behind them. The following table summarizes how they are related:

Keep From being removed or renamed From being renamed
Classes and class members -keep -keepnames
Class members only -keepclassmembers -keepclassmembernames
Classes and class members, if class members present -keepclasseswithmembers -keepclasseswithmembernames

Each of these -keep options is of course followed by a specification of the classes and class members (fields and methods) to which it should be applied.

If you're not sure which option you need, you should probably simply use -keep. It will make sure the specified classes and class members are not removed in the shrinking step, and not renamed in the obfuscation step.

attention Always remember:
  • Specifying a class without class members only preserves the class as an entry point — any class members may then still be removed, optimized, or obfuscated.
  • Specifying a class member only preserves the class member as an entry point — any associated code may still be optimized and adapted.

 

Keep Option Modifiers

allowshrinking
Specifies that the entry points specified in the -keep option may be shrunk, even if they have to be preserved otherwise. That is, the entry points may be removed in the shrinking step, but if they are necessary after all, they may not be optimized or obfuscated.
allowoptimization
Specifies that the entry points specified in the -keep option may be optimized, even if they have to be preserved otherwise. That is, the entry points may be altered in the optimization step, but they may not be removed or obfuscated. This modifier is only useful for achieving unusual requirements.
allowobfuscation
Specifies that the entry points specified in the -keep option may be obfuscated, even if they have to be preserved otherwise. That is, the entry points may be renamed in the obfuscation step, but they may not be removed or optimized. This modifier is only useful for achieving unusual requirements.

 

Class Specifications

A class specification is a template of classes and class members (fields and methods). It is used in the various -keep options and in the -assumenosideeffects option. The corresponding option is only applied to classes and class members that match the template.

The template was designed to look very Java-like, with some extensions for wildcards. To get a feel for the syntax, you should probably look at the examples, but this is an attempt at a complete formal definition:

[@annotationtype] [[!]public|final|abstract|@ ...] [!]interface|class|enum classname
    [extends|implements [@annotationtype] classname]
[{
    [@annotationtype] [[!]public|private|protected|static|volatile|transient ...] <fields> |
                                                                      (fieldtype fieldname);
    [@annotationtype] [[!]public|private|protected|static|synchronized|native|abstract|strictfp ...] <methods> |
                                                                                           <init>(argumenttype,...) |
                                                                                           classname(argumenttype,...) |
                                                                                           (returntype methodname(argumenttype,...));
    [@annotationtype] [[!]public|private|protected|static ... ] *;
    ...
}]

Square brackets "[]" mean that their contents are optional. Ellipsis dots "..." mean that any number of the preceding items may be specified. A vertical bar "|" delimits two alternatives. Non-bold parentheses "()" just group parts of the specification that belong together. The indentation tries to clarify the intended meaning, but white-space is irrelevant in actual configuration files.


Copyright © 2002-2008 Eric Lafortune.