xref: /aosp_15_r20/external/angle/build/android/docs/static_analysis.md (revision 8975f5c5ed3d1c378011245431ada316dfb6f244) 
1# Static Analysis
2
3We use several tools for static analysis in chromium.
4
5[TOC]
6
7## [Android Lint](lint.md)
8* Runs as part of normal compilation.
9* Controlled by GN arg: `disable_android_lint` (or `android_static_analysis`).
10* [Useful checks include](https://googlesamples.github.io/android-custom-lint-rules/checks/index.md.html):
11  * `NewApi` (ensureing `Build.VERSION.SDK_INT` checks are in place).
12* A list of disabled checks is found [within `lint.py`].
13  * and [`lint-baseline.xml`] files contain individual suppressions.
14* Custom lint checks [are possible], but we don't have any.
15* Checks run on the entire codebase, not only on changed lines.
16* Does not run when `chromium_code = false` (e.g. for `//third_party`).
17
18[are possible]: https://googlesamples.github.io/android-custom-lint-rules/api-guide.md.html
19[within `lint.py`]: https://source.chromium.org/chromium/chromium/src/+/main:build/android/gyp/lint.py;l=25
20[`lint-baseline.xml`]: https://source.chromium.org/search?q=f:lint-baseline.xml%20-f:third_party
21
22## [ErrorProne](https://errorprone.info/)
23* Runs as part of normal compilation.
24* Controlled by GN arg: `use_errorprone_java_compiler` (or
25  `android_static_analysis`).
26* [Useful checks include](https://errorprone.info/bugpatterns):
27  * Enforcement of `@GuardedBy`, `@CheckReturnValue`, and `@DoNotMock`.
28  * Enforcement of `/* paramName= */` comments.
29* A list of enabled / disabled checks is found [within `compile_java.py`](https://cs.chromium.org/chromium/src/build/android/gyp/compile_java.py?l=30)
30  * Many checks are currently disabled because there is work involved in fixing
31    violations they introduce. Please help!
32* Chrome has [a few custom checks]:
33* Checks run on the entire codebase, not only on changed lines.
34* Does not run when `chromium_code = false` (e.g. for `//third_party`).
35
36[a few custom checks]: /tools/android/errorprone_plugin/src/org/chromium/tools/errorprone/plugin/
37
38## [Checkstyle](https://checkstyle.sourceforge.io/)
39* Mainly used for checking Java formatting & style.
40  * E.g.: Unused imports and naming conventions.
41* Allows custom checks to be added via XML. Here [is ours].
42* Preferred over adding checks via `PRESUBMIT.py` because the tool understands
43  `@SuppressWarnings` annotations.
44* Runs only on changed lines as a part of `PRESUBMIT.py`.
45
46[is ours]:  /tools/android/checkstyle/chromium-style-5.0.xml
47
48## [PRESUBMIT.py](/PRESUBMIT.py):
49* Checks for banned patterns via `_BANNED_JAVA_FUNCTIONS`.
50  * (These should likely be moved to checkstyle).
51* Checks for a random set of things in `ChecksAndroidSpecificOnUpload()`.
52  * Including running Checkstyle.
53* Runs only on changed lines.
54
55## [Bytecode Processor](/build/android/bytecode/)
56* Runs as part of normal compilation.
57* Controlled by GN arg: `android_static_analysis`.
58* Performs a single check:
59  * Enforces that targets do not rely on indirect dependencies to populate
60    their classpath.
61  * In other words: that `deps` are not missing any entries.
62