Static Analysis
We use several tools for static analysis in chromium.
- Runs as part of normal compilation.
- Controlled by GN arg:
disable_android_lint (or android_static_analysis). - Useful checks include:
NewApi (ensureing Build.VERSION.SDK_INT checks are in place).
- A list of disabled checks is found within
lint.py. - Custom lint checks are possible, but we don't have any.
- Checks run on the entire codebase, not only on changed lines.
- Does not run when
chromium_code = false (e.g. for //third_party).
- Runs as part of normal compilation.
- Controlled by GN arg:
use_errorprone_java_compiler (or android_static_analysis). - Useful checks include:
- Enforcement of
@GuardedBy, @CheckReturnValue, and @DoNotMock. - Enforcement of
/* paramName= */ comments.
- A list of enabled / disabled checks is found within
compile_java.py- Many checks are currently disabled because there is work involved in fixing violations they introduce. Please help!
- Chrome has a few custom checks:
- Checks run on the entire codebase, not only on changed lines.
- Does not run when
chromium_code = false (e.g. for //third_party).
- Mainly used for checking Java formatting & style.
- E.g.: Unused imports and naming conventions.
- Allows custom checks to be added via XML. Here is ours.
- Preferred over adding checks via
PRESUBMIT.py because the tool understands @SuppressWarnings annotations. - Runs only on changed lines as a part of
PRESUBMIT.py.
- Checks for banned patterns via
_BANNED_JAVA_FUNCTIONS.- (These should likely be moved to checkstyle).
- Checks for a random set of things in
ChecksAndroidSpecificOnUpload().- Including running Checkstyle.
- Runs only on changed lines.
- Runs as part of normal compilation.
- Controlled by GN arg:
android_static_analysis. - Performs a single check:
- Enforces that targets do not rely on indirect dependencies to populate their classpath.
- In other words: that
deps are not missing any entries.