# Private Code Test

This directory provides a mechanism for testing that native does not link in
object files from unwanted directories. The test finds all linker inputs, and
checks that none live inside a list of internal paths.

Original bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1266989

## Determining Internal Directories

This is done by parsing the `.gclient_entries` file for all paths coming from
https://chrome-internal.googlesource.com. I chose this approach since it is
simple.

The main alternative I found was to use `gclient flatten`. Example output:

```
  # src -> src/internal
  "src/internal": {
    "url": "https://chrome-internal.googlesource.com/chrome/src-internal.git@c649c6a155fe65c3730e2d663d7d2058d33bf1f9",
    "condition": 'checkout_src_internal',
  },
```

* Paths could be found in this way by looking for `checkout_src_internal`
  within `condition`, and by looking for the comment line for `recurse_deps`
  that went through an internal repo.

## Determining Linker Inputs

This is done by parsing `build.ninja` to find all inputs to an executable. This
approach is pretty fast & simple, but does not catch the case where a public
`.cc` file has an `#include` a private `.h` file.

Alternatives considered:

1) Dump paths found in debug information.
  * Hard to do cross-platform.
2) Scan a linker map file for input paths.
  * LTO causes paths in linker map to be inaccurate.
3) Use a fake link step to capture all object file inputs
  * Object files paths are relative to GN target, so this does not catch
    internal sources referenced by public GN targets.
4) Query GN / Ninja for transitive inputs
  * This ends up listing non-linker inputs as well, which we do not want.
5) Parse depfiles to find all headers, and add them to the list of inputs
  * Additional work, but would give us full coverage.