Google Git
Sign in
chromium / chromium / src.git / main / . / build / android / docs / static_analysis.md
blob: 181cbafb0930eff595268ecaafc9d9cf98ec50b9 [file] [log] [blame] [view]
Andrew Grieveec8284602023-10-16 15:53:25[diff] [blame]1# Static Analysis
2
3We use several tools for static analysis in chromium.
4
5[TOC]
6
Mohamed Heikalb8aa857e2025-03-26 14:59:31[diff] [blame]7## Autoninja Integration
8
9You can set `android_static_analysis = "build_server"` in your gn args to run
10static analysis tasks in the background. This will change the build as follows:
11* `autoninja` will not wait for static analysis jobs to complete.
12 * This means the build will succeed but static analysis might fail later.
13 * If there are background tasks still running, autoninja will say so at the end of the build.
14 * Leads to [30-50% improvement in build times][cbuild- speed improvement] when building debug.
15* If a background static analysis task fails, the failure output is printed onto the terminal that ran `autoninja`.
16 * The output is preceded by an emoji like ⏩.
17 * If the output gets mixed in with what you are doing so it is no longer clear, you can check the task output in the logfile.
18 * E.g.: `out/Default/buildserver.log.0`.
19* Changes the terminal title to keep live track of remaining analysis tasks.
20
21[cbuild- speed improvement]: https://dashboards.corp.google.com/clank_build_speed?f=commit:bt:1411615,1422246&f=benchmark:in:base_sig_compile,chrome_nosig_compile&f=server:in:true,false&f=emulator:in:None,api31
22
Andrew Grieveec8284602023-10-16 15:53:25[diff] [blame]23## [Android Lint](lint.md)
24* Runs as part of normal compilation.
25* Controlled by GN arg: `disable_android_lint` (or `android_static_analysis`).
26* [Useful checks include](https://googlesamples.github.io/android-custom-lint-rules/checks/index.md.html):
27 * `NewApi` (ensureing `Build.VERSION.SDK_INT` checks are in place).
28* A list of disabled checks is found [within `lint.py`].
29 * and [`lint-baseline.xml`] files contain individual suppressions.
30* Custom lint checks [are possible], but we don't have any.
31* Checks run on the entire codebase, not only on changed lines.
32* Does not run when `chromium_code = false` (e.g. for `//third_party`).
33
34[are possible]: https://googlesamples.github.io/android-custom-lint-rules/api-guide.md.html
35[within `lint.py`]: https://source.chromium.org/chromium/chromium/src/+/main:build/android/gyp/lint.py;l=25
36[`lint-baseline.xml`]: https://source.chromium.org/search?q=f:lint-baseline.xml%20-f:third_party
37
Andrew Grieve19c214d2025-01-14 20:50:06[diff] [blame]38## [ErrorProne]
Andrew Grieveec8284602023-10-16 15:53:25[diff] [blame]39* Runs as part of normal compilation.
40* Controlled by GN arg: `use_errorprone_java_compiler` (or
41 `android_static_analysis`).
Andrew Grieve19c214d2025-01-14 20:50:06[diff] [blame]42* [Useful checks include]:
43 * Checking correctness of [nullable annotations] (via NullAway plugin).
Andrew Grieveec8284602023-10-16 15:53:25[diff] [blame]44 * Enforcement of `@GuardedBy`, `@CheckReturnValue`, and `@DoNotMock`.
45 * Enforcement of `/* paramName= */` comments.
Andrew Grieve19c214d2025-01-14 20:50:06[diff] [blame]46* A list of enabled / disabled checks is found [within `compile_java.py`]
Andrew Grieveec8284602023-10-16 15:53:25[diff] [blame]47 * Many checks are currently disabled because there is work involved in fixing
48 violations they introduce. Please help!
Andrew Grieve19c214d2025-01-14 20:50:06[diff] [blame]49* Chrome has [a few custom checks].
Andrew Grieveec8284602023-10-16 15:53:25[diff] [blame]50* Checks run on the entire codebase, not only on changed lines.
51* Does not run when `chromium_code = false` (e.g. for `//third_party`).
52
Andrew Grieve19c214d2025-01-14 20:50:06[diff] [blame]53[ErrorProne]: https://errorprone.info/
54[Useful checks include]: https://errorprone.info/bugpatterns
55[nullable annotations]: /styleguide/java/nullaway.md
56[within `compile_java.py`]: https://source.chromium.org/chromium/chromium/src/+/main:build/android/gyp/compile_java.py;l=46;drc=5dc479e73c3c9c03b59f324b2e349b8bd008401f
Andrew Grieveec8284602023-10-16 15:53:25[diff] [blame]57[a few custom checks]: /tools/android/errorprone_plugin/src/org/chromium/tools/errorprone/plugin/
58
59## [Checkstyle](https://checkstyle.sourceforge.io/)
60* Mainly used for checking Java formatting & style.
61 * E.g.: Unused imports and naming conventions.
62* Allows custom checks to be added via XML. Here [is ours].
63* Preferred over adding checks via `PRESUBMIT.py` because the tool understands
64 `@SuppressWarnings` annotations.
65* Runs only on changed lines as a part of `PRESUBMIT.py`.
66
67[is ours]: /tools/android/checkstyle/chromium-style-5.0.xml
68
69## [PRESUBMIT.py](/PRESUBMIT.py):
70* Checks for banned patterns via `_BANNED_JAVA_FUNCTIONS`.
71 * (These should likely be moved to checkstyle).
72* Checks for a random set of things in `ChecksAndroidSpecificOnUpload()`.
73 * Including running Checkstyle.
74* Runs only on changed lines.
75
76## [Bytecode Processor](/build/android/bytecode/)
77* Runs as part of normal compilation.
78* Controlled by GN arg: `android_static_analysis`.
79* Performs a single check:
80 * Enforces that targets do not rely on indirect dependencies to populate
81 their classpath.
82 * In other words: that `deps` are not missing any entries.