Now that Apple is running some kind of static analysis to automatically check for private API use, a number of people have been caught because of the Three20 library. I use another third-party library (which I compile myself from code) and I would like to automatically audit it for private API use before I submit to Apple, so I can eliminate/re-write those parts.
既然Apple正在运行某种静态分析来自动检查私有API的使用,那么很多人都因为Three20库被抓住了。我使用另一个第三方库(我自己从代码编译),我想在提交给Apple之前自动审核它以供私有API使用,所以我可以删除/重写这些部分。
If I run nm on my application executable, I get a list of symbols, and I am seeing symbols in there that I don't use. For example I see _AudioServicesPlaySystemSound, and if I search for "AudioServicesPlaySystemSound" in XCode I get no results. Is there any way to automatically discriminate calls to private APIs, for example I notice that Apple has a habit of naming them with an initial underscore.
如果我在我的应用程序可执行文件上运行nm,我会得到一个符号列表,我看到那些我不使用的符号。例如,我看到_AudioServicesPlaySystemSound,如果我在XCode中搜索“AudioServicesPlaySystemSound”,我得不到任何结果。有没有办法自动区分对私有API的调用,例如我注意到Apple习惯用初始下划线命名它们。
However: if I deliberately include a call to a private API it doesn't show up in the output of nm, but it does show up if I run strings on the binary. Based on this, one idea I had was to compile a huge list of all private API calls into a huge table, and automatically search for them in the strings output. I haven't done that yet.
但是:如果我故意包含对私有API的调用,它不会显示在nm的输出中,但如果我在二进制文件上运行字符串,它会显示出来。基于此,我的一个想法是将所有私有API调用的巨大列表编译成一个巨大的表,并在字符串输出中自动搜索它们。我还没有那样做。
Does anyone have any tips on how to automatically catch this stuff so I'm only going through the review process once?
有没有人有关于如何自动捕捉这些东西的任何提示,所以我只进行一次审查过程?
2 个解决方案
#1
5
You could try running nm on the object files instead of the linked executable:
您可以尝试在目标文件上运行nm而不是链接的可执行文件:
nm -g -j *.o | sort | uniq
The objects should be in the build/<app>.build/*/<app>.build/Objects-normal sub-directory.
对象应位于build /
You're seeing a reference to AudioServicesPlaySystemSound because one of the functions you did call in turn calls AudioServicesPlaySystemSound.
您正在看到对AudioServicesPlaySystemSound的引用,因为您调用的其中一个函数依次调用AudioServicesPlaySystemSound。
Objective C calls won't generally show up in nm dumps, you'll need to use otool for that:
目标C调用通常不会出现在nm转储中,您需要使用otool:
otool -ov <object file>
#2
3
Use this dev tool, App Scanner. It scans your .app file for private API methods. A future release will also check for private API instance variables.
使用此开发工具App Scanner。它会扫描您的.app文件以获取私有API方法。未来版本还将检查私有API实例变量。
#1
5
You could try running nm on the object files instead of the linked executable:
您可以尝试在目标文件上运行nm而不是链接的可执行文件:
nm -g -j *.o | sort | uniq
The objects should be in the build/<app>.build/*/<app>.build/Objects-normal sub-directory.
对象应位于build /
You're seeing a reference to AudioServicesPlaySystemSound because one of the functions you did call in turn calls AudioServicesPlaySystemSound.
您正在看到对AudioServicesPlaySystemSound的引用,因为您调用的其中一个函数依次调用AudioServicesPlaySystemSound。
Objective C calls won't generally show up in nm dumps, you'll need to use otool for that:
目标C调用通常不会出现在nm转储中,您需要使用otool:
otool -ov <object file>
#2
3
Use this dev tool, App Scanner. It scans your .app file for private API methods. A future release will also check for private API instance variables.
使用此开发工具App Scanner。它会扫描您的.app文件以获取私有API方法。未来版本还将检查私有API实例变量。