ultimate architecture enforcement
play

Ultimate Architecture Enforcement Write Your Own Rules and Enforce - PowerPoint PPT Presentation

May 12, 2023 •221 likes •776 views

Ultimate Architecture Enforcement Write Your Own Rules and Enforce Them Continuously SATURN May 2017 Paulo Merson Brazilian Federal Court of Accounts Agenda Architecture conformance Custom checks lab Sonarqube Custom checks at TCU Lessons

  1. Ultimate Architecture Enforcement Write Your Own Rules and Enforce Them Continuously SATURN May 2017 Paulo Merson Brazilian Federal Court of Accounts

  2. Agenda Architecture conformance Custom checks lab Sonarqube Custom checks at TCU Lessons learned 2

  3. Exercise 0 – setup Open www.dontpad.com/saturn17 Follow the steps for “Exercise 0” Pre-requisites for all exercises: • JDK 1.7+ • Java IDE of your choice • maven 3

  4. Consequences of lack of conformance Lower maintainability, mainly because of undesired dependencies • Code becomes brittle, hard to understand and change Possible negative effect • on reliability, portability, performance, interoperability, security, and other qualities • caused by deviation from design decisions that addressed these quality requirements 4

  5. Factors that influence architecture conformance How effective the architecture documentation is Turnover among developers Haste to fix bugs or implement features Size of the system Distributed teams (outsourcing, offshoring) Accountability for violating design constraints 5

  6. How to avoid code and architecture disparity? 1) Communicate the architecture to developers • Create multiple views • Structural diagrams + behavior diagrams • Capture rationale Not the focus of this tutorial 6

  7. How to avoid code and architecture disparity? 2) Automate architecture conformance analysis • Often done with static analysis tools 7

  8. Built-in checks and custom checks Static analysis tools come with many built-in checks • They are useful to spot bugs and improve your overall code quality • But they’re oblivious to your design constraints and project-specific named layers and other elements Custom checks (aka custom rules) can enforce your architecture • Some static analysis tools offer APIs for that 8

  9. Agenda Architecture conformance Custom checks lab Sonarqube Custom checks at TCU Lessons learned 9

  10. Checkstyle It is a free open source static code analysis tool It offers a mature Java API for creating checks Checks use the Visitor pattern The API gives you access to the entire AST of a Java file 10

  11. Exercise 1 – AST GUI Follow the steps for “Exercise 1” (www.dontpad.com/saturn17) Pre-requisites for all exercises: • JDK 1.7+ • Java IDE of your choice • maven 11

  12. Adventure Builder reference application Old J2EE application created by Sun as an example of Web Services application Over 250 source files Approximately 14 KLOC (Java) We have documented its architecture: • wiki.sei.cmu.edu/sad/index.php/The_Adventure_Builder_SAD 12

  13. Checkstyle analyzer Class com.puppycrawl.tools.checkstyle.Main Executes checks configured in an xml file Where’s the analyzed file in this diagram? 13

  14. A usage dependency rule Rule: c ode in processmanager cannot use code in opc • How do we identify code that belongs to processmanager? • How do we identify use of modules that belong to opc? • What tokens do we need to visit? 14

  15. 15

  16. Exercise 2 – CheckProcessManagerCallsOpc There is an exception to the rule: • processmanager may use utils inside opc Follow the steps for “Exercise 2” on dontpad Homework assignment: 1) Extend the check to consider static imports 2) Extend the check to find processmanager  opc references that don’t use import 16

  17. Check for a mandatory generalization Adventure Builder uses a web framework called “ waf ” In “ waf ” a class that handles web page requests is an “html action” So, “HTML action” is a special type of module in the architecture Rule: html action classes must extend HTMLActionSupport • How do we identify an HTML action module? 17

  18. Architecturally-evident coding style* An architecturally-evident coding style encourages you to embed hints in the source code that makes the architecture evident to a developer who reads the code * George Fairbanks. Just Enough Software Architecture . Marshall & Brainerd, 2010. 18

  19. Architecturally-evident coding style in practice (in Java) • Naming conventions (e.g., “ HTMLAction ” suffix) • Annotations (e.g., @HtmlAction) • Package namespace (e.g., “*.actions.*”) • Interfaces and abstract classes • Comments 19

  20. Essential checkstyle API methods 20 From: http://checkstyle.sourceforge.net/apidocs

  21. Extending the API see super class tutorial.checks.CustomCheck 21

  22. Exercise 3 – CheckHtmlAction ExtendsHtmlActionSupport There’s an exception to the rule: • extends not needed if html action class implements HTMLAction Follow the steps for “Exercise 3” on dontpad Homework assignment: Improve method extendsHtmlActionSupport to work when the superclass uses the fully qualified class name 22

  23. JUnit tests for custom checks In general, custom checks require “integration tests” rather than simple “unit tests” • Create an input file (.java) with violations at specific locations • Run your check against the input file • In your test assert the violation was reported (stdout) • Also test non-violation situations when necessary 23

  24. Exercise 4 – CheckHtmlAction ExtendsHtmlActionSupportTest Method testWhenHtmlActionHasImport tests classes that implements HTMLAction It asserts the absence of violations Follow the steps for “Exercise 4” on dontpad Homework assignment: Enable CheckProcessManagerCallsOpcTest and adapt it to test all situations in input test file: “InputCheckProcessManagerCallsOpcTest.java” 24

  25. Agenda Architecture conformance Custom checks lab Sonarqube Custom checks at TCU Lessons learned 25

  26. Sonarqube integration Sonarqube is a pluggable platform for code quality analysis Checkstyle custom checks can be packaged as a sonarqube plug-in Sonarqube analyses will then show violations found by your checks For each check you can configure • Severity (blocker, critical, major, minor, info) • Type (bug, vulnerability, code smell) • Message to developer 26

  27. Sonarqube Java API Sonarqube also offers a Java API to create custom checks Should I use it instead of checkstyle to create my checks? • It depends on how much is your analysis tied to sonarqube https://blog.sonarsource.com/already-158-checkstyle-and-pmd-rules-deprecated-by-sonarqube-java-rules/ 27

  28. Checkstyle API vs sonarqube API Checkstyle API (checkstyle v6.19) Sonarqube API (sonarqube v6.0) JUnit tests are easier to implement  Setup for JUnit integration tests is complex Checks can run on SonarLint (plugin for IDEs)  No SonarLint support checkstyle.gui.Main  No GUI to visualize syntax tree Single type for all tokens ( DetailAST ) Multiple types for various kinds of tokens Convenience methods for each kind of token  Generic methods basically for navigating the AST Full access to entire AST  Can’t easily navigate entire tree from a given token Java API is well documented  Java API is not well documented Can run via command line with different arguments  Requires Sonarqube platform to run XML report (convertible to html)  No embedded reporting capability Can analyze Java, JavaScript, COBOL, PHP, and RPG  Can analyze Java 28

  29. Agenda Architecture conformance Custom checks lab Sonarqube Custom checks at TCU Lessons learned 29

  30. Process to define, implement, and enable a custom check 30

  31. Custom checks at TCU We’ve created 51 custom checks • 27 checks for architecture conformance • 14 checks for coding guidelines • 10 checks for application security 31

  32. Architecture conformance checks Enforce • the layered architecture • placement of UI, business, data access logic • mandated generalizations • naming of software elements • use of infrastructure/util modules • design standards in reference architectures 32

  33. Coding guideline checks Check proper coding of • Exception handling • Resource release • Thread programming • JUnit tests • REST and SOAP services 33

  34. Application security checks Prevent vulnerabilities, such as: • SQL injection (JDBC and Hibernate) • Execution of external programs in web apps • Hard-coded passwords • Subclassing/overriding security critical classes or methods • Lack of authentication/authorization at entry points 34

  35. Agenda Architecture conformance Custom checks lab Sonarqube Custom checks at TCU Lessons learned 35

  36. Lessons learned (1) Add custom checks to sonarqube analysis And run analysis in your continuous integration 36

  37. Lessons learned (2) Adopt an architecturally-evident coding style An architecturally-evident coding style encourages you to embed hints in the source code that makes the architecture evident to a developer who reads the code 37

  38. Lessons learned (3) Let developers know about the custom checks and suggest changes and improvements Let architects understand the potential of the custom checks 38

  39. Lessons learned (4) Be careful not to become the “architecture police” Be the “architecture mentors” 39

  40. Lessons learned (5) Create a mechanism to easily trump a check in exceptional cases 40

  41. Lessons learned (6) Automate • the way violations are reported to developers • email with further clarification about a denied commit attempt 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PHASE IA PLAN ULTIMATE PLAN 13 PHASE IB PLAN ULTIMATE PLAN 14 ULTIMATE PLAN ULTIMATE PLAN

PHASE IA PLAN ULTIMATE PLAN 13 PHASE IB PLAN ULTIMATE PLAN 14 ULTIMATE PLAN ULTIMATE PLAN

PHASE IA PLAN ULTIMATE PLAN 13 PHASE IB PLAN ULTIMATE PLAN 14 ULTIMATE PLAN ULTIMATE PLAN 15 FOR ILLUSTRATIVE PURPOSES ONLY - - - FIGURE 11 - Leeward Community College Station Area Illustrative Plan 52

74 views • 4 slides
Ultimate Media What is the utility of an industry Ultimate Media Media Access and Information

Ultimate Media What is the utility of an industry Ultimate Media Media Access and Information

Ultimate Media What is the utility of an industry Ultimate Media Media Access and Information in a context of rich data, social interaction, infinite bandwidth, and no silos Narrative, news and spectacle Ultimate Media Explore Visual

333 views • 22 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
Ultimate Referee, Ultimate Automizer, and Incremental Verification Matthias Heizmann University

Ultimate Referee, Ultimate Automizer, and Incremental Verification Matthias Heizmann University

Ultimate Referee, Ultimate Automizer, and Incremental Verification Matthias Heizmann University of Freiburg CPAchecker Workshop 2019 Outline Running Example and Floyd-Hoare Annotations Ultimate Referee A strict proof checker.

775 views • 65 slides
in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

Monitoring of enforcement in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order Ordering enforcement Authorities court notary public Enforcement order certificate of enforcement

540 views • 12 slides
Preliminary Calculations of CPA Properties of G10 Ultimate stress 32000 psi ultimate psi

Preliminary Calculations of CPA Properties of G10 Ultimate stress 32000 psi ultimate psi

Preliminary Calculations of CPA Properties of G10 Ultimate stress 32000 psi ultimate psi kg kg Density 1800 G10 m 3 Modulus 19.1 GPa E G10 GPa 9.6 10 6 cm cm Coefficient of thermal expansion

167 views • 5 slides
ULTIMATE-Subaru \ ULTIMATE-SUBARU PROJECT OVERVIEW SUBARU STRATEGIC PLAN TOWARD 2020 AND BEYOND

ULTIMATE-Subaru \ ULTIMATE-SUBARU PROJECT OVERVIEW SUBARU STRATEGIC PLAN TOWARD 2020 AND BEYOND

() ULTIMATE-Subaru Christophe Clergeon,

439 views • 24 slides
The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg

The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg

This Document Does Not Contain Controlled Technology or Technical Data Draper Proprietary The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg Sullivan (Draper) (presenting), Andr DeHon (UPenn), Eli

432 views • 19 slides
Architecture Rules Enforcement and Governance Using Aspects Srini Penchikala SATURN 2009 About

Architecture Rules Enforcement and Governance Using Aspects Srini Penchikala SATURN 2009 About

4/27/09 Architecture Rules Enforcement and Governance Using Aspects Srini Penchikala SATURN 2009 About the Speaker Enterprise Architect Writer, Speaker, Editor (InfoQ) Detroit Java User Group Leader Working with Java since 1996,

435 views • 32 slides
14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10%

1.12k views • 45 slides
JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

Assistant Commander Brandi Reeder Law Enforcement Division - Fisheries Law Administrator JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement Agreement One of the most effective programs in NOAAs

600 views • 30 slides
230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10% of

889 views • 55 slides
Planning practice and the purpose of the enforcement system Remedy the effects of

Planning practice and the purpose of the enforcement system Remedy the effects of

30/06/2016 Progress in planning: regression in enforcement? Stephen Mc Kay Director of Planning Education School of Planning, Architecture and Civil Engineering Queen's University, Belfast Planning practice and the purpose of the

480 views • 20 slides
ULTIMATE: AN EMERGING SPORT VERMONTS EXPERIENCE BOB JOHNSON ASSOC. EXECUTIVE DIRECTOR VERMONT

ULTIMATE: AN EMERGING SPORT VERMONTS EXPERIENCE BOB JOHNSON ASSOC. EXECUTIVE DIRECTOR VERMONT

ULTIMATE: AN EMERGING SPORT VERMONTS EXPERIENCE BOB JOHNSON ASSOC. EXECUTIVE DIRECTOR VERMONT PRINCIPALS ASSOC . ULTIMATE NOT FRISBEE!!!!!!! How did we get started? Summer 2014 approached by VT Youth Ultimate League (VYUL)

474 views • 11 slides
Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles & non-road engines in the District of Columbia Kelly Crawford Chief, Compliance and Enforcement Branch Air Quality Division Department of Energy &

132 views • 10 slides
1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims

1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims

1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims Simon London Evasion Stats vs Boat Numbers 14 3500 12 3000 10 2500 No of Boats Evasion % 8 2000 6 1500 4 1000 2 500 0 0 2007

262 views • 13 slides
Modular Applications, Loose Coupling, and the NetBeans Lookup API The Need for Modular

Modular Applications, Loose Coupling, and the NetBeans Lookup API The Need for Modular

Modular Applications, Loose Coupling, and the NetBeans Lookup API The Need for Modular Applications Certified Engineer Course The Need for Modular Applications Certified Engineer Course The Need for Modular Applications Applications get

649 views • 36 slides
Workshop: Simulation Assistant Simulation Assistant: Workshop Content Java macros: simple

Workshop: Simulation Assistant Simulation Assistant: Workshop Content Java macros: simple

Workshop: Simulation Assistant Simulation Assistant: Workshop Content Java macros: simple demonstration Wizards: high-end Java Simulation Assistants as an end user: two examples Internal Flow Muffler aero-acoustics

417 views • 31 slides
Electric Commander Roumpelaki Anna AUEB Supervisor: Axel Naumann Overview Tools New

Electric Commander Roumpelaki Anna AUEB Supervisor: Axel Naumann Overview Tools New

Electric Commander Roumpelaki Anna AUEB Supervisor: Axel Naumann Overview Tools New Electric Commander To do Tools The developer creates components in Java. The plugin JAR file may contain the definition of the project, web

538 views • 6 slides
NLE Math Olympiads Information Night NLE PICOs Kareena Nair, Ritu Walia August 28, 2019

NLE Math Olympiads Information Night NLE PICOs Kareena Nair, Ritu Walia August 28, 2019

NLE Math Olympiads Information Night NLE PICOs Kareena Nair, Ritu Walia August 28, 2019 Math Olympiads (MOEMs) Math Olympiads for Elementary and Middle Schools (MOEMs) is a large and popular mathematics competition for students in

649 views • 12 slides
T14 Class 11/12/2009 2:45:00 PM "Agile Architecture: Patterns and Technology" Presented

T14 Class 11/12/2009 2:45:00 PM "Agile Architecture: Patterns and Technology" Presented

T14 Class 11/12/2009 2:45:00 PM "Agile Architecture: Patterns and Technology" Presented by: Kirk Knoernschild Burton Group Presented at: Agile Development Practices Conference & EXPO 2009 November 9 13, 2009 Orlando, Florida 330

1.02k views • 72 slides
MicroLog Darius Katz Johan Karlsson Background Johan K. noticed the lack of a good logger for

MicroLog Darius Katz Johan Karlsson Background Johan K. noticed the lack of a good logger for

MicroLog Darius Katz Johan Karlsson Background Johan K. noticed the lack of a good logger for the Java ME environment. So he simply sat down and coded the first version of MicroLog and put it on SourceForge. The rest is history... Features

1.13k views • 24 slides
Polish Academy of Science the organizer of International Conference on Dynamical Processes in

Polish Academy of Science the organizer of International Conference on Dynamical Processes in

Presentation of Wrocaw, Poland Institute of Low Temperature and Structure Research, Polish Academy of Science the organizer of International Conference on Dynamical Processes in Excited States of Solids DPC 2022 Conference Chair: Prof. dr

660 views • 22 slides
The Free Javaws Implementation in IcedTea Omair Majid Associate Software Engineer Red Hat

The Free Javaws Implementation in IcedTea Omair Majid Associate Software Engineer Red Hat

The Free Javaws Implementation in IcedTea Omair Majid Associate Software Engineer Red Hat 2011-02-05 1 Overview of the Talk Background about JNLP Netx's Architecture Recent developments in Netx Future 2 Background 3 What's

707 views • 49 slides

More recommend