p3c plug-in, how do you check out your shit mountain code?

Author: Xiao Fu Ge
Blog: https://bugstack.cn
Original: https://mp.weixin.qq.com/s/RwzprbY2AhdgslY8tbVL-A

I. Introduction

Are you curious about all the techniques you use?

Although we are all called coders and we are all writing codes, because of the different requirements of the scenes, all kinds of coders also do different things.

Some people unify the specifications, some develop components, some write businesses, and some others do verification, but the more simple code farmers like CRUD, the more they use good things provided by others. One will install a plug-in, one will introduce a Jar package, and another will adjust other people's interfaces, and his own work is like an assembler, pieced together, and finished the product requirements.

It's broken, it may take a few years to do so, and there will be no technological breakthroughs. Because you are not curious about the technologies that are used, and don't want to know how they are implemented. Just like Ali's P3C plug-in, how did I check the code and analyze the crotch that I wrote?

Second, what is the P3C plug-in

P3C is the name of the plug-in project of the Alibaba Java Development Manual as the standard. It is an IDEA/Eclipse plug-in used to monitor code quality.

• Source code: https://github.com/alibaba/p3c

After the plug-in is installed, you can statically analyze the code appearing in the code in accordance with the programming protocol: naming style, constant definition, collection processing, concurrent processing, OOP, control statements, comments, exceptions and other potential risks. At the same time, some potential risks will be given. Optimize operations and examples.

• In the case of abiding by the development manual standards and checking them in accordance with the plug-in, it is still possible to unify the coding standards and styles very well, and it can also eliminate some potential risks.
• If you are a novice programming user or want to write standard code, it is highly recommended that you follow this plug-in to assist yourself in code development. Of course, if your company also has the corresponding standard manuals and plug-ins, you can also follow the stipulations.

Three, P3C plug-in source code

When I first used this kind of code checking plug-in, I was very curious about how it found my shit mountain code. What kind of technical principles are used? If I can analyze whether it can also be used as a technical means Used elsewhere.

Before analyzing such a code checking plug-in, first think about checking the source code of IDEA plug-in to see what logic it is, and then analyze how to use it. In fact, this is similar to some other framework-based source code learning. Get the official website documents and the source code corresponding to GitHub, and follow the steps to build, deploy, test, debug, and analyze, and then find the core principles.

P3C takes IDEA plug-in development as an example. It mainly involves the plug-in part and the protocol part. Because it combines the ability of protocol checking with the plug-in technology, it will involve some IDEA-developed technologies. In addition, the P3C plug-in involves not only Java, but also a part of kotlin, which is a statically typed programming language that runs on the Java virtual machine.

• Plug-in source code: https://github.com/alibaba/p3c/blob/master/idea-plugin
• Protocol source code: https://github.com/alibaba/p3c/tree/master/p3c-pmd

1. Plug-in configuration p3c.xml

<action class="com.alibaba.p3c.idea.action.AliInspectionAction" id="AliP3CInspectionAction"
        popup="true" text="编码规约扫描" icon="P3cIcons.ANALYSIS_ACTION">
    <keyboard-shortcut keymap="$default"
                       first-keystroke="shift ctrl alt J"/>
    <add-to-group group-id="MainToolBar" anchor="last"/>
    <add-to-group group-id="ProjectViewPopupMenu" anchor="last"/>
    <add-to-group group-id="ChangesViewPopupMenu" anchor="last"/>
    <add-to-group group-id="EditorPopupMenu" anchor="last"/>
</action>

• The most important thing to look at the source code is to find the entry. This entry is usually the most direct entry when you use plug-ins, programs, interfaces, etc.
• Then when we use the P3C plug-in, the most obvious thing is that the encoding protocol scans through the source code to find this keyword, and see which category it involves is configured.
• Action is the place in the IDEA plug-in for configuring the entry of form events, as well as which button and corresponding shortcut key to configure this operation to.

2. Code Scanning (AliInspectionAction)

class AliInspectionAction : AnAction() {

    override fun actionPerformed(e: AnActionEvent) {
        val project = e.project ?: return
        val analysisUIOptions = ServiceManager.getService(project, AnalysisUIOptions::class.java)!!
        analysisUIOptions.GROUP_BY_SEVERITY = true

        val managerEx = InspectionManager.getInstance(project) as InspectionManagerEx
        val toolWrappers = Inspections.aliInspections(project) {
            it.tool is AliBaseInspection
        }
        val psiElement = e.getData<PsiElement>(CommonDataKeys.PSI_ELEMENT)
        val psiFile = e.getData<PsiFile>(CommonDataKeys.PSI_FILE)
        val virtualFile = e.getData<VirtualFile>(CommonDataKeys.VIRTUAL_FILE)
        
        ...
        
        createContext(
        toolWrappers, managerEx, element,
        projectDir, analysisScope
        ).doInspections(analysisScope)
}        

• This is a plug-in code logic developed based on the Kotlin language. It obtains project information, class information, etc. through the actionPerformed method, and then you can execute the code to check doInspections

3. Protocol p3c-pmd

When we looked down and read, we saw something about pmd. PMD is a static code checking tool for Java programs released under the BSD protocol. When using PMD rules to analyze Java source code, PMD first uses JavaCC and EBNF grammars to generate a syntax analyzer to analyze Java code in the form of ordinary text. It conforms to the grammar of the specific grammatical structure, and at the same time adds the concept of semantics, namely JJTree, on the basis of JavaCC. Through a conversion of JJTree, the Java code is converted into an AST, which is the semantic layer above the Java symbol stream. PMD treats AST as a symbol table. Then write PMD rules, a PMD rule can be regarded as a Visitor, by traversing the AST to find a specific pattern between multiple objects, that is, the problem of the code. This software has powerful functions and high scanning efficiency. It is a good helper for Java programmers to debug.

So what is p3c-pmd?

ViolationUtils.addViolationWithPrecisePosition(this, node, data,
    I18nResources.getMessage("java.naming.ClassNamingShouldBeCamelRule.violation.msg",
        node.getImage()));

• The p3c-pmd plug-in is implemented based on PMD, more specifically based on pmd-java, because PMD not only supports Java code analysis, but also supports multiple other languages.
• The specific way of customizing rules is realized by customizing Java classes and XPATH rules.

4. Protocol monitoring case

To be reasonable, say a thousand words and ten thousand, and you have to take out the code and run it to know what PMD looks like.

1. Test Engineering

guide-pmd
└── src
    ├── main
    │   ├── java
    │   │   └── cn.itedus.guide.pmd.rule
    │   │       ├── naming
    │   │       │   ├── ClassNamingShouldBeCamelRule.java
    │   │       │   ├── ConstantFieldShouldBeUpperCaseRule.java
    │   │       │   └── LowerCamelCaseVariableNamingRule.java
    │   │       ├── utils
    │   │       │   ├── StringAndCharConstants.java
    │   │       │   └── ViolationUtils.java    
    │   │       └── I18nResources
    │   └── resources
    │       ├── rule 
    │       │   └── ali-naming.xml  
    │       ├── messages.xml   
    │       └── namelist.properties  
    └── test
        └── java
            └── cn.itedus.demo.test
                ├── ApiTest.java
                └── TErrDto.java

• Source code : https://github.com/fuzhengwei/guide-pmd

This is a test project similar to p3c-pmd. It handles its own code review standard processing by extending and rewriting the code monitoring protocol by itself.

• The classes under naming are used to process some rules related to names, such as class names, attribute names, method names, etc.
• ali-naming.xml under resources is the configuration file of the protocol

2. Camel case naming convention

public class ClassNamingShouldBeCamelRule extends AbstractJavaRule {

    private static final Pattern PATTERN
            = Pattern.compile("^I?([A-Z][a-z0-9]+)+(([A-Z])|(DO|DTO|VO|DAO|BO|DAOImpl|YunOS|AO|PO))?$");

    @Override
    public Object visit(ASTClassOrInterfaceDeclaration node, Object data) {
        if (PATTERN.matcher(node.getImage()).matches()) {
            return super.visit(node, data);
        }
        
        ViolationUtils.addViolationWithPrecisePosition(this, node, data,
                I18nResources.getMessage("java.naming.ClassNamingShouldBeCamelRule.violation.msg",
                        node.getImage()));

        return super.visit(node, data);
    }
}

• By inheriting the AbstractJavaRule abstract class provided by PMD, the visit method is rewritten, and the verification is performed in a regular manner.
• The visit method has a lot of parameter types, which are used to process the monitoring and processing of various content such as classes, interfaces, methods, codes, etc. As long as you rewrite the required methods, you can do all of them in it.
• ClassNamingShouldBeCamelRule, ConstantFieldShouldBeUpperCaseRule, LowerCamelCaseVariableNamingRule have similar functions, so I will not show them one by one here, you can directly refer to the source code.

3. Ali-naming.xml configuration

<rule name="ClassNamingShouldBeCamelRule"
      language="java"
      since="1.6"
      message="java.naming.ClassNamingShouldBeCamelRule.rule.msg"
      class="cn.itedus.guide.pmd.rule.naming.ClassNamingShouldBeCamelRule">
    <priority>3</priority>
</rule>

• In ali-naming.xml, it is used to configure the protocol processing class, priority level, and message reminder text.
• At the same time, you can also configure the code example, use the <example> label, and write the standard code in it.

4. Test Verification Protocol

Problem class example

public class TErrDto {

    public static final Long max = 50000L;

    public void QueryUserInfo(){
        boolean baz = true;
        while (baz)
            baz = false;
    }

}

unit test

@Test
public void test_naming(){
    String[] str = {
            "-d",
            "E:\\itstack\\git\\github.com\\guide-pmd\\src\\test\\java\\cn\\itedus\\demo\\test\\TErrDto.java",
            "-f",
            "text",
            "-R",
            "E:\\itstack\\git\\github.com\\guide-pmd\\src\\main\\resources\\rule\\ali-naming.xml"
            // "category/java/codestyle.xml"
    };
    PMD.main(str);
}

• The test verification of the protocol can directly use the PMD.main method, and provide a string array in the method as a parameter. The code monitoring address and protocol configuration here need to be absolute paths.

test result

TErrDto.java:3:    【TErrDto】不符合UpperCamelCase命名风格
TErrDto.java:5:    常量【max】命名应全部大写并以下划线分隔
TErrDto.java:7:    方法名【QueryUserInfo】不符合lowerCamelCase命名风格

Process finished with exit code 4

• From the test results, we can see that the three code specifications we wrote separately monitored the code naming style, constant capitalization, and method names that did not conform to the camel case mark.
• At the same time, you can also test category/java/codestyle.xml which is a good protocol monitoring provided by PMD itself.

Five, expand understanding of Sonar

In fact, with the PMD static code inspection protocol, there are many things that can be done. Not only the code being written is inspected, but also the code at different stages can be analyzed and risk reminders, such as: preparation for the test phase, has been online completed, Corresponding monitoring and processing can be done.

And Sonar is one such tool. It is a web system that can display the results of static code scanning, and the results can be customized. The principle of supporting multiple languages is its extensibility. https://www.sonarqube.org/

• Not following code standards: Sonar can use PMD, CheckStyle, Findbugs and other code rule detection tools to standardize code writing.
• Potential defects: Sonar can detect potential defects through code rule detection tools such as PMD, CheckStyle, Findbugs, etc.
• Poor complexity distribution: files, classes, methods, etc., if the complexity is too high, it will be difficult to change, which will make it difficult for developers to understand them, and without automated unit testing, changes to any component in the program will be possible Lead to the need for comprehensive regression testing.
• Repetition: Obviously the code that contains a lot of copy and paste in the program is of low quality, sonar can show the serious repetition in the source code.
• Insufficient or excessive comments: No comments will make the code less readable, especially when personnel changes are inevitable, the readability of the program will be greatly reduced, and too many comments will make developers too much energy It also goes against the original intention to spend time on reading notes.
• Lack of unit testing: Sonar can easily count and display unit test coverage.
• Bad design: through sonar, loops can be found, the interdependence between packages and packages, classes and classes can be displayed, customized architecture rules can be detected, and third-party jar packages can be managed through sonar, and single task rules can be detected by using LCOM4 The application situation, detection coupling.
• Improve code quality: understand the mistakes you have made in the coding process, and make your code more readable and maintainable.

Six, summary

• PMD is a code inspection tool that uses the BSD protocol. You can extend the implementation to your own standards and specifications, as well as complete individual reminder and repair operations.
• In addition, based on IDEA plug-in implementation of code inspection or processing with audit requirements, you can also do more extensions based on IDEA plug-in, such as reminding repairs, providing repair operations, and checking your own business logic. For example, an IDEA static code security audit and vulnerability one-click repair plug-in under the momo open source library https://github.com/momosecurity/momo-code-sec-inspector-java
• Here is a point to add that the Kotlin language can be converted to Java language in IDEA, so that when you are reading code like this, if you don't understand it, you can convert it and read it. In addition, IDEA plug-in development needs to be created based on Gradle or the templates provided by itself. If you are interested, you can also read the IDEA plug-in development article I wrote.

Seven, series recommendation

• Based on IDEA plug-in development and bytecode instrumentation technology, automatic analysis of R&D delivery quality is realized
• technical research, how to develop IDEA plug-in "scaffolding, low-code visual orchestration, interface generation test"?
• "SpringBoot Middleware Design and Development"
• Note finishing: technical architecture covers the content and evolution process summary
• Add some practice to learning and develop a distributed IM (Instant Messaging) system! %E7%B3%BB%E7%BB%9F.html)