Binary compatibility validator

The tool allows dumping binary API of a JVM part of a Kotlin library that is public in the sense of Kotlin visibilities and ensures that the public binary API wasn't changed in a way that makes this change binary incompatible.

Contents

• Requirements
• Setup
  • Tasks
  • Optional parameters
  • Workflow
  • Experimental KLib ABI validation support
• What constitutes the public API
  • Classes
  • Members
• What makes an incompatible change to the public binary API
  • Class changes
  • Class member changes
• Building locally

Requirements

Binary compatibility validator plugin requires Gradle 6.1.1 or newer.

Kotlin version 1.6.20 or newer.

Setup

Binary compatibility validator is a Gradle plugin that can be added to your build in the following way:

• in build.gradle.kts

  plugins {
  id("org.jetbrains.kotlinx.binary-compatibility-validator") version "0.16.3"
  }

• in build.gradle

plugins {
    id 'org.jetbrains.kotlinx.binary-compatibility-validator' version '0.16.3'
}

It is enough to apply the plugin only to the root project build file; all sub-projects will be configured automatically.

Tasks

The plugin provides two tasks:

• apiDump — builds the project and dumps its public API in project api subfolder. API is dumped in a human-readable format. If API dump already exists, it will be overwritten.
• apiCheck — builds the project and checks that project's public API is the same as golden value in project api subfolder. This task is automatically inserted into check pipeline, so both build and check tasks will start checking public API upon their execution.

For projects with multiple JVM targets, multiple subfolders will be created, e.g. api/jvm and api/android

Optional parameters

Binary compatibility validator can be additionally configured with the following DSL:

Groovy

apiValidation {
    /**
     * Packages that are excluded from public API dumps even if they
     * contain public API. 
     */
    ignoredPackages += ["kotlinx.coroutines.internal"]

    /**
     * Sub-projects that are excluded from API validation 
     */
    ignoredProjects += ["benchmarks", "examples"]

    /**
     * Classes (fully qualified) that are excluded from public API dumps even if they
     * contain public API.
     */
    ignoredClasses += ["com.company.BuildConfig"]

    /**
     * Set of annotations that exclude API from being public.
     * Typically, it is all kinds of `@InternalApi` annotations that mark 
     * effectively private API that cannot be actually private for technical reasons.
     */
    nonPublicMarkers += ["my.package.MyInternalApiAnnotation"]

    /**
     * Flag to programmatically disable compatibility validator
     */
    validationDisabled = true

    /**
     * A path to a subdirectory inside the project root directory where dumps should be stored.
     */
    apiDumpDirectory = "api"
}

Kotlin

apiValidation {
    /**
     * Packages that are excluded from public API dumps even if they
     * contain public API.
     */
    ignoredPackages.add("kotlinx.coroutines.internal")

    /**
     * Sub-projects that are excluded from API validation
     */
    ignoredProjects.addAll(listOf("benchmarks", "examples"))

    /**
     * Classes (fully qualified) that are excluded from public API dumps even if they
     * contain public API.
     */
    ignoredClasses.add("com.company.BuildConfig")

    /**
     * Set of annotations that exclude API from being public.
     * Typically, it is all kinds of `@InternalApi` annotations that mark
     * effectively private API that cannot be actually private for technical reasons.
     */
    nonPublicMarkers.add("my.package.MyInternalApiAnnotation")

    /**
     * Flag to programmatically disable compatibility validator
     */
    validationDisabled = false

    /**
     * A path to a subdirectory inside the project root directory where dumps should be stored.
     */
    apiDumpDirectory = "aux/validation"
}

Producing dump of a jar

By default, binary compatibility validator analyzes project output class files from build/classes directory when building an API dump. If you pack these classes into an output jar not in a regular way, for example, by excluding certain classes, applying shadow plugin, and so on, the API dump built from the original class files may no longer reflect the resulting jar contents accurately. In that case, it makes sense to use the resulting jar as an input of the apiBuild task:

Kotlin

tasks {
    apiBuild {
        // "jar" here is the name of the default Jar task producing the resulting jar file
        // in a multiplatform project it can be named "jvmJar"
        // if you applied the shadow plugin, it creates the "shadowJar" task that produces the transformed jar
        inputJar.value(jar.flatMap { it.archiveFile })
    }
}

Workflow

When starting to validate your library public API, we recommend the following workflow:

• Preparation phase (one-time action):

  • As the first step, apply the plugin, configure it and execute apiDump.
  • Validate your public API manually.
  • Commit .api files to your VCS.
  • At this moment, default check task will validate public API along with test run and will fail the build if API differs.

• Regular workflow

  • When doing code changes that do not imply any changes in public API, no additional actions should be performed. check task on your CI will validate everything.
  • When doing code changes that imply changes in public API, whether it is a new API or adjustments in existing one, check task will start to fail. apiDump should be executed manually, the resulting diff in .api file should be verified: only signatures you expected to change should be changed.
  • Commit the resulting .api diff along with code changes.

Experimental KLib ABI validation support

The KLib validation support is experimental and is a subject to change (applies to both an API and the ABI dump format). A project has to use Kotlin 1.9.20 or newer to use this feature.

To validate public ABI of a Kotlin library (KLib) corresponding option should be enabled explicitly:

apiValidation {
    @OptIn(kotlinx.validation.ExperimentalBCVApi::class)
    klib {
        enabled = true
    }
}

When enabled, KLib support adds additional dependencies to existing apiDump and apiCheck tasks. Generate KLib ABI dumps are places alongside JVM dumps (in api subfolder, by default) in files named <project name>.klib.api. The dump file combines all dumps generated for individual targets with declarations specific to some targets being annotated with corresponding target names. During the validation phase, that file is compared to the dump extracted from the latest version of the library, and any differences between these two files are reported as errors.

Currently, all options described in Optional parameters section are supported for klibs too. The only caveat here is that all class names should be specified in the JVM-format, like package.name.ClassName$SubclassName.

Please refer to a design document for details on the format and rationale behind the current implementation.

KLib ABI dump generation and validation on Linux and Windows hosts

Currently, compilation to Apple-specific targets (like iosArm64 or watchosX86) supported only on Apple hosts. To ease the development on Windows and Linux hosts, binary compatibility validator does not validate ABI for targets not supported on the current host, even if .klib.api file contains declarations for these targets.

This behavior could be altered to force an error when klibs for some targets could not be compiled:

apiValidation {
    @OptIn(kotlinx.validation.ExperimentalBCVApi::class)
    klib {
        enabled = true
        // treat a target being unsupported on a host as an error
        strictValidation = true
    }
}

When it comes to dump generation (apiDump task) on non-Apple hosts, binary compatibility validator attempts to infer an ABI from dumps generated for supported targets and an old dump from project's api folder (if any). Inferred dump may not match an actual dump, and it is recommended to update a dump on hosts supporting all required targets, if possible.

What constitutes the public API

Classes

A class is considered to be effectively public if all the following conditions are met:

• it has public or protected JVM access (ACC_PUBLIC or ACC_PROTECTED)
• it has one of the following visibilities in Kotlin:
  • no visibility (means no Kotlin declaration corresponds to this compiled class)
  • public
  • protected
  • internal, only in case if the class is annotated with PublishedApi
• it isn't a local class
• it isn't a synthetic class with mappings for when tableswitches ($WhenMappings)
• it contains at least one effectively public member, in case if the class corresponds to a kotlin file with top-level members or a multifile facade
• in case if the class is a member in another class, it is contained in the effectively public class
• in case if the class is a protected member in another class, it is contained in the non-final class

Members

A member of the class (i.e. a field or a method) is considered to be effectively public if all the following conditions are met:

• it has public or protected JVM access (ACC_PUBLIC or ACC_PROTECTED)

• it has one of the following visibilities in Kotlin:

  • no visibility (means no Kotlin declaration corresponds to this class member)
  • public
  • protected
  • internal, only in case if the class is annotated with PublishedApi

  Note that Kotlin visibility of a field exposed by lateinit property is the visibility of its setter.

• in case if the member is protected, it is contained in non-final class
• it isn't a synthetic access method for a private field

What makes an incompatible change to the public binary API

Class changes

For a class a binary incompatible change is:

• changing the full class name (including package and containing classes)
• changing the superclass, so that the class no longer has the previous superclass in the inheritance chain
• changing the set of implemented interfaces so that the class no longer implements interfaces it had implemented before
• changing one of the following access flags:
  • ACC_PUBLIC, ACC_PROTECTED, ACC_PRIVATE — lessening the class visibility
  • ACC_FINAL — making non-final class final
  • ACC_ABSTRACT — making non-abstract class abstract
  • ACC_INTERFACE — changing class to interface and vice versa
  • ACC_ANNOTATION — changing annotation to interface and vice versa

Class member changes

For a class member a binary incompatible change is:

• changing its name
• changing its descriptor (erased return type and parameter types for methods); this includes changing field to method and vice versa
• changing one of the following access flags:
  • ACC_PUBLIC, ACC_PROTECTED, ACC_PRIVATE — lessening the member visibility
  • ACC_FINAL — making non-final field or method final
  • ACC_ABSTRACT — making non-abstract method abstract
  • ACC_STATIC — changing instance member to static and vice versa

Building the project locally

In order to build and run tests in the project in IDE, two prerequisites are required:

• Java 11 or above in order to use the latest ASM
• All build actions in the IDE should be delegated to Gradle

Contributing

Read the Contributing Guidelines.