We use several tools for static analysis in chromium.
[TOC]
- Runs as part of normal compilation.
- Controlled by GN arg:
disable_android_lint(orandroid_static_analysis). - Useful checks include:
NewApi(ensureingBuild.VERSION.SDK_INTchecks are in place).
- A list of disabled checks is found within
lint.py.- and
lint-baseline.xmlfiles contain individual suppressions.
- and
- Custom lint checks are possible, but we don't have any.
- Checks run on the entire codebase, not only on changed lines.
- Does not run when
chromium_code = false(e.g. for//third_party).
- Runs as part of normal compilation.
- Controlled by GN arg:
use_errorprone_java_compiler(orandroid_static_analysis). - Useful checks include:
- Enforcement of
@GuardedBy,@CheckReturnValue, and@DoNotMock. - Enforcement of
/* paramName= */comments.
- Enforcement of
- A list of enabled / disabled checks is found within
compile_java.py- Many checks are currently disabled because there is work involved in fixing violations they introduce. Please help!
- Chrome has a few custom checks:
- Checks run on the entire codebase, not only on changed lines.
- Does not run when
chromium_code = false(e.g. for//third_party).
- Mainly used for checking Java formatting & style.
- E.g.: Unused imports and naming conventions.
- Allows custom checks to be added via XML. Here is ours.
- Preferred over adding checks via
PRESUBMIT.pybecause the tool understands@SuppressWarningsannotations. - Runs only on changed lines as a part of
PRESUBMIT.py.
- Checks for banned patterns via
_BANNED_JAVA_FUNCTIONS.- (These should likely be moved to checkstyle).
- Checks for a random set of things in
ChecksAndroidSpecificOnUpload().- Including running Checkstyle.
- Runs only on changed lines.
- Runs as part of normal compilation.
- Controlled by GN arg:
android_static_analysis. - Performs a single check:
- Enforces that targets do not rely on indirect dependencies to populate their classpath.
- In other words: that
depsare not missing any entries.