#!/usr/bin/env python # Copyright (c) 2012 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Makes sure that files include headers from allowed directories. Checks DEPS files in the source tree for rules, and applies those rules to "#include" commands in source files. Any source file including something not permitted by the DEPS files will fail. The format of the deps file: First you have the normal module-level deps. These are the ones used by gclient. An example would be: deps = { "base":"http://foo.bar/trunk/base" } DEPS files not in the top-level of a module won't need this. Then you have any additional include rules. You can add (using "+") or subtract (using "-") from the previously specified rules (including module-level deps). You can also specify a path that is allowed for now but that we intend to remove, using "!"; this is treated the same as "+" when check_deps is run by our bots, but a presubmit step will show a warning if you add a new include of a file that is only allowed by "!". Note that for .java files, there is currently no difference between "+" and "!", even in the presubmit step. include_rules = { # Code should be able to use base (it's specified in the module-level # deps above), but nothing in "base/evil" because it's evil. "-base/evil", # But this one subdirectory of evil is OK. "+base/evil/not", # And it can include files from this other directory even though there is # no deps rule for it. "+tools/crime_fighter", # This dependency is allowed for now but work is ongoing to remove it, # so you shouldn't add further dependencies on it. "!base/evil/ok_for_now.h", } If you have certain include rules that should only be applied for some files within this directory and subdirectories, you can write a section named specific_include_rules that is a hash map of regular expressions to the list of rules that should apply to files matching them. Note that such rules will always be applied before the rules from 'include_rules' have been applied, but the order in which rules associated with different regular expressions is applied is arbitrary. specific_include_rules = { ".*_(unit|browser|api)test\.cc": [ "+libraries/testsupport", ], } DEPS files may be placed anywhere in the tree. Each one applies to all subdirectories, where there may be more DEPS files that provide additions or subtractions for their own sub-trees. There is an implicit rule for the current directory (where the DEPS file lives) and all of its subdirectories. This prevents you from having to explicitly allow the current directory everywhere. This implicit rule is applied first, so you can modify or remove it using the normal include rules. The rules are processed in order. This means you can explicitly allow a higher directory and then take away permissions from sub-parts, or the reverse. Note that all directory separators must be slashes (Unix-style) and not backslashes. All directories should be relative to the source root and use only lowercase. """ import os import optparse import re import subprocess import sys import copy import cpp_checker import java_checker import results from rules import Rule, Rules # Variable name used in the DEPS file to add or subtract include files from # the module-level deps. INCLUDE_RULES_VAR_NAME = 'include_rules' # Variable name used in the DEPS file to add or subtract include files # from module-level deps specific to files whose basename (last # component of path) matches a given regular expression. SPECIFIC_INCLUDE_RULES_VAR_NAME = 'specific_include_rules' # Optionally present in the DEPS file to list subdirectories which should not # be checked. This allows us to skip third party code, for example. SKIP_SUBDIRS_VAR_NAME = 'skip_child_includes' def NormalizePath(path): """Returns a path normalized to how we write DEPS rules and compare paths. """ return path.lower().replace('\\', '/') def _IsTestFile(filename): """Does a rudimentary check to try to skip test files; this could be improved but is good enough for now. """ return re.match('(test|mock|dummy)_.*|.*_[a-z]*test\.(cc|mm|java)', filename) class DepsChecker(object): """Parses include_rules from DEPS files and can verify files in the source tree against them. """ def __init__(self, base_directory=None, verbose=False, being_tested=False, ignore_temp_rules=False, skip_tests=False): """Creates a new DepsChecker. Args: base_directory: OS-compatible path to root of checkout, e.g. C:\chr\src. verbose: Set to true for debug output. being_tested: Set to true to ignore the DEPS file at tools/checkdeps/DEPS. """ self.base_directory = base_directory self.verbose = verbose self._under_test = being_tested self._ignore_temp_rules = ignore_temp_rules self._skip_tests = skip_tests if not base_directory: self.base_directory = os.path.abspath( os.path.join(os.path.abspath(os.path.dirname(__file__)), '..', '..')) self.results_formatter = results.NormalResultsFormatter(verbose) self.git_source_directories = set() self._AddGitSourceDirectories() # Map of normalized directory paths to rules to use for those # directories, or None for directories that should be skipped. self.directory_rules = {} self._ApplyDirectoryRulesAndSkipSubdirs(Rules(), self.base_directory) def Report(self): """Prints a report of results, and returns an exit code for the process.""" if self.results_formatter.GetResults(): self.results_formatter.PrintResults() return 1 print '\nSUCCESS\n' return 0 def _ApplyRules(self, existing_rules, includes, specific_includes, cur_dir): """Applies the given include rules, returning the new rules. Args: existing_rules: A set of existing rules that will be combined. include: The list of rules from the "include_rules" section of DEPS. specific_includes: E.g. {'.*_unittest\.cc': ['+foo', '-blat']} rules from the "specific_include_rules" section of DEPS. cur_dir: The current directory, normalized path. We will create an implicit rule that allows inclusion from this directory. Returns: A new set of rules combining the existing_rules with the other arguments. """ rules = copy.deepcopy(existing_rules) # First apply the implicit "allow" rule for the current directory. if cur_dir.startswith( NormalizePath(os.path.normpath(self.base_directory))): relative_dir = cur_dir[len(self.base_directory) + 1:] source = relative_dir if len(source) == 0: source = 'top level' # Make the help string a little more meaningful. rules.AddRule('+' + relative_dir, 'Default rule for ' + source) else: raise Exception('Internal error: base directory is not at the beginning' + ' for\n %s and base dir\n %s' % (cur_dir, self.base_directory)) def ApplyOneRule(rule_str, dependee_regexp=None): """Deduces a sensible description for the rule being added, and adds the rule with its description to |rules|. If we are ignoring temporary rules, this function does nothing for rules beginning with the Rule.TEMP_ALLOW character. """ if self._ignore_temp_rules and rule_str.startswith(Rule.TEMP_ALLOW): return rule_block_name = 'include_rules' if dependee_regexp: rule_block_name = 'specific_include_rules' if not relative_dir: rule_description = 'the top level %s' % rule_block_name else: rule_description = relative_dir + "'s %s" % rule_block_name rules.AddRule(rule_str, rule_description, dependee_regexp) # Apply the additional explicit rules. for (_, rule_str) in enumerate(includes): ApplyOneRule(rule_str) # Finally, apply the specific rules. for regexp, specific_rules in specific_includes.iteritems(): for rule_str in specific_rules: ApplyOneRule(rule_str, regexp) return rules def _ApplyDirectoryRules(self, existing_rules, dir_name): """Combines rules from the existing rules and the new directory. Any directory can contain a DEPS file. Toplevel DEPS files can contain module dependencies which are used by gclient. We use these, along with additional include rules and implicit rules for the given directory, to come up with a combined set of rules to apply for the directory. Args: existing_rules: The rules for the parent directory. We'll add-on to these. dir_name: The directory name that the deps file may live in (if it exists). This will also be used to generate the implicit rules. This is a non-normalized path. Returns: A tuple containing: (1) the combined set of rules to apply to the sub-tree, and (2) a list of all subdirectories that should NOT be checked, as specified in the DEPS file (if any). """ norm_dir_name = NormalizePath(dir_name) # Check for a .svn directory in this directory or check this directory is # contained in git source direcotries. This will tell us if it's a source # directory and should be checked. if not (os.path.exists(os.path.join(dir_name, ".svn")) or (norm_dir_name in self.git_source_directories)): return (None, []) # Check the DEPS file in this directory. if self.verbose: print 'Applying rules from', dir_name def FromImpl(_unused, _unused2): pass # NOP function so "From" doesn't fail. def FileImpl(_unused): pass # NOP function so "File" doesn't fail. class _VarImpl: def __init__(self, local_scope): self._local_scope = local_scope def Lookup(self, var_name): """Implements the Var syntax.""" if var_name in self._local_scope.get('vars', {}): return self._local_scope['vars'][var_name] raise Exception('Var is not defined: %s' % var_name) local_scope = {} global_scope = { 'File': FileImpl, 'From': FromImpl, 'Var': _VarImpl(local_scope).Lookup, } deps_file = os.path.join(dir_name, 'DEPS') # The second conditional here is to disregard the # tools/checkdeps/DEPS file while running tests. This DEPS file # has a skip_child_includes for 'testdata' which is necessary for # running production tests, since there are intentional DEPS # violations under the testdata directory. On the other hand when # running tests, we absolutely need to verify the contents of that # directory to trigger those intended violations and see that they # are handled correctly. if os.path.isfile(deps_file) and ( not self._under_test or not os.path.split(dir_name)[1] == 'checkdeps'): execfile(deps_file, global_scope, local_scope) elif self.verbose: print ' No deps file found in', dir_name # Even if a DEPS file does not exist we still invoke ApplyRules # to apply the implicit "allow" rule for the current directory include_rules = local_scope.get(INCLUDE_RULES_VAR_NAME, []) specific_include_rules = local_scope.get(SPECIFIC_INCLUDE_RULES_VAR_NAME, {}) skip_subdirs = local_scope.get(SKIP_SUBDIRS_VAR_NAME, []) return (self._ApplyRules(existing_rules, include_rules, specific_include_rules, norm_dir_name), skip_subdirs) def _ApplyDirectoryRulesAndSkipSubdirs(self, parent_rules, dir_path): """Given |parent_rules| and a subdirectory |dir_path| from the directory that owns the |parent_rules|, add |dir_path|'s rules to |self.directory_rules|, and add None entries for any of its subdirectories that should be skipped. """ directory_rules, excluded_subdirs = self._ApplyDirectoryRules(parent_rules, dir_path) self.directory_rules[NormalizePath(dir_path)] = directory_rules for subdir in excluded_subdirs: self.directory_rules[NormalizePath( os.path.normpath(os.path.join(dir_path, subdir)))] = None def GetDirectoryRules(self, dir_path): """Returns a Rules object to use for the given directory, or None if the given directory should be skipped. This takes care of first building rules for parent directories (up to self.base_directory) if needed. Args: dir_path: A real (non-normalized) path to the directory you want rules for. """ norm_dir_path = NormalizePath(dir_path) if not norm_dir_path.startswith( NormalizePath(os.path.normpath(self.base_directory))): dir_path = os.path.join(self.base_directory, dir_path) norm_dir_path = NormalizePath(dir_path) parent_dir = os.path.dirname(dir_path) parent_rules = None if not norm_dir_path in self.directory_rules: parent_rules = self.GetDirectoryRules(parent_dir) # We need to check for an entry for our dir_path again, in case we # are at a path e.g. A/B/C where A/B/DEPS specifies the C # subdirectory to be skipped; in this case, the invocation to # GetDirectoryRules(parent_dir) has already filled in an entry for # A/B/C. if not norm_dir_path in self.directory_rules: if not parent_rules: # If the parent directory should be skipped, then the current # directory should also be skipped. self.directory_rules[norm_dir_path] = None else: self._ApplyDirectoryRulesAndSkipSubdirs(parent_rules, dir_path) return self.directory_rules[norm_dir_path] def CheckDirectory(self, start_dir): """Checks all relevant source files in the specified directory and its subdirectories for compliance with DEPS rules throughout the tree (starting at |self.base_directory|). |start_dir| must be a subdirectory of |self.base_directory|. On completion, self.results_formatter has the results of processing, and calling Report() will print a report of results. """ java = java_checker.JavaChecker(self.base_directory, self.verbose) cpp = cpp_checker.CppChecker(self.verbose) checkers = dict( (extension, checker) for checker in [java, cpp] for extension in checker.EXTENSIONS) self._CheckDirectoryImpl(checkers, start_dir) def _CheckDirectoryImpl(self, checkers, dir_name): rules = self.GetDirectoryRules(dir_name) if rules == None: return # Collect a list of all files and directories to check. files_to_check = [] dirs_to_check = [] contents = os.listdir(dir_name) for cur in contents: full_name = os.path.join(dir_name, cur) if os.path.isdir(full_name): dirs_to_check.append(full_name) elif os.path.splitext(full_name)[1] in checkers: if not self._skip_tests or not _IsTestFile(cur): files_to_check.append(full_name) # First check all files in this directory. for cur in files_to_check: checker = checkers[os.path.splitext(cur)[1]] file_status = checker.CheckFile(rules, cur) if file_status.HasViolations(): self.results_formatter.AddError(file_status) # Next recurse into the subdirectories. for cur in dirs_to_check: self._CheckDirectoryImpl(checkers, cur) def CheckAddedCppIncludes(self, added_includes): """This is used from PRESUBMIT.py to check new #include statements added in the change being presubmit checked. Args: added_includes: ((file_path, (include_line, include_line, ...), ...) Return: A list of tuples, (bad_file_path, rule_type, rule_description) where rule_type is one of Rule.DISALLOW or Rule.TEMP_ALLOW and rule_description is human-readable. Empty if no problems. """ cpp = cpp_checker.CppChecker(self.verbose) problems = [] for file_path, include_lines in added_includes: # TODO(joi): Make this cover Java as well. if not cpp.IsCppFile(file_path): pass rules_for_file = self.GetDirectoryRules(os.path.dirname(file_path)) if rules_for_file: for line in include_lines: is_include, violation = cpp.CheckLine( rules_for_file, line, file_path, True) if violation: rule_type = violation.violated_rule.allow if rule_type != Rule.ALLOW: violation_text = results.NormalResultsFormatter.FormatViolation( violation, self.verbose) problems.append((file_path, rule_type, violation_text)) return problems def _AddGitSourceDirectories(self): """Adds any directories containing sources managed by git to self.git_source_directories. """ if not os.path.exists(os.path.join(self.base_directory, '.git')): return popen_out = os.popen('cd %s && git ls-files --full-name .' % subprocess.list2cmdline([self.base_directory])) for line in popen_out.readlines(): dir_name = os.path.join(self.base_directory, os.path.dirname(line)) # Add the directory as well as all the parent directories. Use # forward slashes and lower case to normalize paths. while dir_name != self.base_directory: self.git_source_directories.add(NormalizePath(dir_name)) dir_name = os.path.dirname(dir_name) self.git_source_directories.add(NormalizePath(self.base_directory)) def PrintUsage(): print """Usage: python checkdeps.py [--root ] [tocheck] --root ROOT Specifies the repository root. This defaults to "../../.." relative to the script file. This will be correct given the normal location of the script in "/tools/checkdeps". --(others) There are a few lesser-used options; run with --help to show them. tocheck Specifies the directory, relative to root, to check. This defaults to "." so it checks everything. Examples: python checkdeps.py python checkdeps.py --root c:\\source chrome""" def main(): option_parser = optparse.OptionParser() option_parser.add_option( '', '--root', default='', dest='base_directory', help='Specifies the repository root. This defaults ' 'to "../../.." relative to the script file, which ' 'will normally be the repository root.') option_parser.add_option( '', '--ignore-temp-rules', action='store_true', dest='ignore_temp_rules', default=False, help='Ignore !-prefixed (temporary) rules.') option_parser.add_option( '', '--generate-temp-rules', action='store_true', dest='generate_temp_rules', default=False, help='Print rules to temporarily allow files that fail ' 'dependency checking.') option_parser.add_option( '', '--count-violations', action='store_true', dest='count_violations', default=False, help='Count #includes in violation of intended rules.') option_parser.add_option( '', '--skip-tests', action='store_true', dest='skip_tests', default=False, help='Skip checking test files (best effort).') option_parser.add_option( '-v', '--verbose', action='store_true', default=False, help='Print debug logging') options, args = option_parser.parse_args() deps_checker = DepsChecker(options.base_directory, verbose=options.verbose, ignore_temp_rules=options.ignore_temp_rules, skip_tests=options.skip_tests) # Figure out which directory we have to check. start_dir = deps_checker.base_directory if len(args) == 1: # Directory specified. Start here. It's supposed to be relative to the # base directory. start_dir = os.path.abspath( os.path.join(deps_checker.base_directory, args[0])) elif len(args) >= 2 or (options.generate_temp_rules and options.count_violations): # More than one argument, or incompatible flags, we don't handle this. PrintUsage() return 1 print 'Using base directory:', deps_checker.base_directory print 'Checking:', start_dir if options.generate_temp_rules: deps_checker.results_formatter = results.TemporaryRulesFormatter() elif options.count_violations: deps_checker.results_formatter = results.CountViolationsFormatter() deps_checker.CheckDirectory(start_dir) return deps_checker.Report() if '__main__' == __name__: sys.exit(main())