1# Static Analysis 2 3We use several tools for static analysis in chromium. 4 5[TOC] 6 7## [Android Lint](lint.md) 8* Runs as part of normal compilation. 9* Controlled by GN arg: `disable_android_lint` (or `android_static_analysis`). 10* [Useful checks include](https://googlesamples.github.io/android-custom-lint-rules/checks/index.md.html): 11 * `NewApi` (ensureing `Build.VERSION.SDK_INT` checks are in place). 12* A list of disabled checks is found [within `lint.py`]. 13 * and [`lint-baseline.xml`] files contain individual suppressions. 14* Custom lint checks [are possible], but we don't have any. 15* Checks run on the entire codebase, not only on changed lines. 16* Does not run when `chromium_code = false` (e.g. for `//third_party`). 17 18[are possible]: https://googlesamples.github.io/android-custom-lint-rules/api-guide.md.html 19[within `lint.py`]: https://source.chromium.org/chromium/chromium/src/+/main:build/android/gyp/lint.py;l=25 20[`lint-baseline.xml`]: https://source.chromium.org/search?q=f:lint-baseline.xml%20-f:third_party 21 22## [ErrorProne] 23* Runs as part of normal compilation. 24* Controlled by GN arg: `use_errorprone_java_compiler` (or 25 `android_static_analysis`). 26* [Useful checks include]: 27 * Checking correctness of [nullable annotations] (via NullAway plugin). 28 * Enforcement of `@GuardedBy`, `@CheckReturnValue`, and `@DoNotMock`. 29 * Enforcement of `/* paramName= */` comments. 30* A list of enabled / disabled checks is found [within `compile_java.py`] 31 * Many checks are currently disabled because there is work involved in fixing 32 violations they introduce. Please help! 33* Chrome has [a few custom checks]. 34* Checks run on the entire codebase, not only on changed lines. 35* Does not run when `chromium_code = false` (e.g. for `//third_party`). 36 37[ErrorProne]: https://errorprone.info/ 38[Useful checks include]: https://errorprone.info/bugpatterns 39[nullable annotations]: /styleguide/java/nullaway.md 40[within `compile_java.py`]: https://source.chromium.org/chromium/chromium/src/+/main:build/android/gyp/compile_java.py;l=46;drc=5dc479e73c3c9c03b59f324b2e349b8bd008401f 41[a few custom checks]: /tools/android/errorprone_plugin/src/org/chromium/tools/errorprone/plugin/ 42 43## [Checkstyle](https://checkstyle.sourceforge.io/) 44* Mainly used for checking Java formatting & style. 45 * E.g.: Unused imports and naming conventions. 46* Allows custom checks to be added via XML. Here [is ours]. 47* Preferred over adding checks via `PRESUBMIT.py` because the tool understands 48 `@SuppressWarnings` annotations. 49* Runs only on changed lines as a part of `PRESUBMIT.py`. 50 51[is ours]: /tools/android/checkstyle/chromium-style-5.0.xml 52 53## [PRESUBMIT.py](/PRESUBMIT.py): 54* Checks for banned patterns via `_BANNED_JAVA_FUNCTIONS`. 55 * (These should likely be moved to checkstyle). 56* Checks for a random set of things in `ChecksAndroidSpecificOnUpload()`. 57 * Including running Checkstyle. 58* Runs only on changed lines. 59 60## [Bytecode Processor](/build/android/bytecode/) 61* Runs as part of normal compilation. 62* Controlled by GN arg: `android_static_analysis`. 63* Performs a single check: 64 * Enforces that targets do not rely on indirect dependencies to populate 65 their classpath. 66 * In other words: that `deps` are not missing any entries. 67