feat(errorprone): enforce no-java.lang.Math rule at compile time#130
feat(errorprone): enforce no-java.lang.Math rule at compile time#130halibobo1205 wants to merge 2 commits into
Conversation
Replace the regex-based .github/workflows/math-check.yml scan with a custom ErrorProne BugChecker (ForbidJavaLangMath) in the :errorprone module. It resolves symbols on the type-attributed AST, so it catches every usage form (direct, fully-qualified, statically-imported, method references, field access) with no string/comment false positives. java.lang.StrictMath remains allowed. - add ForbidJavaLangMath BugChecker (auto-registered via @autoservice) - enable -Xep:ForbidJavaLangMath:ERROR in build.gradle - exempt the canonical x86 MathWrapper via @SuppressWarnings - delete .github/workflows/math-check.yml Note: ErrorProne runs only on JDK 11+, so the rule is no longer enforced on the JDK 8 (x86_64) build path.
|
CodeAnt AI is reviewing your PR. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
@codex: review |
codeant-ai
Bot
added
the
size:L
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5d66743805
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
![codeant-ai[bot]](https://avatars.githubusercontent.com/in/646884?s=60&v=4){kind=small}
|
CodeAnt AI finished reviewing your PR. |
matchMemberSelect only handled VarSymbol members, so the class literal Math.class (and java.lang.Math.class) resolved to the Math ClassSymbol and slipped through, leaving a reflective back door to java.lang.Math. Detect .class selects whose qualifier is java.lang.Math explicitly. Addresses codeant-ai review on ForbidJavaLangMath.java.
|
@codex: review |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
@CodeAnt-AI: review |
|
CodeAnt AI is running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
codeant-ai
Bot
added
size:L
Sequence DiagramThis PR replaces the GitHub Actions regex scanner with an ErrorProne BugChecker that blocks direct java.lang.Math usage during compilation, while allowing explicitly suppressed wrapper code. The diagram shows how the checker participates in the build to either fail or pass compilation based on detected Math usage. sequenceDiagram
participant Developer
participant Build as Build tool
participant JavaCompiler
participant Checker as ForbidJavaLangMath
participant Source as Java source file
Developer->>Build: Run Java build
Build->>JavaCompiler: Compile sources with ErrorProne enabled
JavaCompiler->>Checker: Invoke ForbidJavaLangMath on each source AST
Checker->>Source: Inspect symbols for java.lang.Math usage
alt Forbidden Math usage without suppression
Checker-->>JavaCompiler: Report ForbidJavaLangMath error
JavaCompiler-->>Developer: Build fails with error
else Only allowed or suppressed usages
Checker-->>JavaCompiler: No violations
JavaCompiler-->>Developer: Build succeeds
end
Generated by CodeAnt AI |
|
CodeAnt AI finished running the review. Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
1 participant
User description
Replace the regex-based .github/workflows/math-check.yml scan with a custom ErrorProne BugChecker (ForbidJavaLangMath) in the :errorprone module. It resolves symbols on the type-attributed AST, so it catches every usage form (direct, fully-qualified, statically-imported, method references, field access) with no string/comment false positives. java.lang.StrictMath remains allowed.
@AutoService)@SuppressWarningsNote: ErrorProne runs only on JDK 11+, so the rule is no longer enforced on the JDK 8 (x86_64) build path.
CodeAnt-AI Description
Enforce the no-
java.lang.Mathrule during Java builds and close a reflection bypassWhat Changed
java.lang.Mathis now rejected during compilation, covering normal calls, fully qualified calls, static imports, method references, and field accessMath.classis now also blocked, sojava.lang.Mathcan’t be reached through reflectionjava.lang.StrictMathstays allowed, and the canonical x86 math wrapper is explicitly exemptedImpact
✅ Earlier detection of forbidden Math usage✅ Fewer false alarms from comments and string text✅ Less chance of consensus-breaking math slipping through💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.